This week my customer and a peer both asked for a sample PowerShell script to automate the creation of an Office 365 Security and Compliance Center eDisovery case, hold, and content search. This post will share out that script and a few things to be aware of (ex. deprecating basic authentication) that are important.
The below script accomplishes the following tasks:
- Create a Security and Compliance Center eDiscovery case
- Place an in-place hold on multiple users’ Exchange Online mailboxes
- Create a content search within eDiscovery case for any folders named “Legal Hold” and the child folders under them
As of the publish date (Mar 4th, 2020) the Security and Compliance Center remote PowerShell module relies on basic authentication. The Exchange team has publicly shared that basic authentication for Exchange Online will be deprecated by Oct 2020. As such that means the below script may not be usable in its current form in ~6 months. When a replacement or update is available I will attempt to update this sample to reflect that.
Exchange Online deprecating Basic Authentication
In terms of the Exchange Online remote PowerShell module there is a v2 module being developed (active development, not ready for production) which you can find on the PowerShell Gallery. This new module support OAuth authentication which resolves the issue of deprecated basic authentication.
ExchangeOnlineManagement module on PSGallery
Before running this script, ensure that the account you log in with has the appropriate permissions to both Exchange Online as well as Security and Compliance Center. My sample uses a single admin account but you may adapt the script to use separate accounts if needed. See the following articles for more details.
Connect to Office 365 Security & Compliance Center PowerShell
Note: If you do not see the below Gist please refer to code at this location: EXO_New-SCCeDiscoveryCaseAndHold.ps1
In this post I shared a sample script for automating the creation of an Office 365 Security and Compliance Center eDiscovery case, hold, and folder scoped content search. The folder scoping was an interesting detour as I had to track down the way to gather folder IDs from a product group engineer sample (linked in the above sample). I hope you find this useful and good luck scripting.