I have an issue with e-discovery project. A customer insistats to use their O365 SEcurity & Complaince environment to do the search.
At the same time they want me to run a search including recipients grouped under a particular external domain. I was hoping that I can simply use
to*@domain.com
but it looks I'm not allowed to use wildcards in email addresses at all.
I hoped it's related to this limitation outlined in the documentation
You can use only prefix wildcard searches; for example, cat* or set*. Suffix searches (*cat), infix searches (c*t), and substring searches (*cat*) are not supported.
but apparently in email addresses I cannot use wildcard at any position. It looks I need to supply a full email address only otherwise it won't work.
Am I correct here? Is there a way to overcome this limitation and search through all possible users in a given domain using O365 ediscovery module?
I have an issue with e-discovery project. A customer insistats to use their O365 SEcurity & Complaince environment to do the search.
At the same time they want me to run a search including recipients grouped under a particular external domain. I was hoping that I can simply use
to*@domain.com
but it looks I'm not allowed to use wildcards in email addresses at all.I hoped it's related to this limitation outlined in the documentation
You can use only prefix wildcard searches; for example, cat* or set*. Suffix searches (*cat), infix searches (c*t), and substring searches (*cat*) are not supported.
but apparently in email addresses I cannot use wildcard at any position. It looks I need to supply a full email address only otherwise it won't work.Am I correct here? Is there a way to overcome this limitation and search through all possible users in a given domain using O365 ediscovery module?
Can you dump (CSV output) all the users in the O365 Global Address List (GAL) to find more email addresses and the email groups to which they belong instead of whittling down to *@domain.com?
The problem is that the domain in question is the external domain, not our corporate domain.
I've got an advice on the MS forums to use the "participants" property for this purpose. It makes sense, but I guess I would then need also some operator that would stand for "contains", and all I can see in the documentation is a colon, and for me it stands only for "equals"…
The problem is that the domain in question is the external domain, not our corporate domain.
I've got an advice on the MS forums to use the "participants" property for this purpose. It makes sense, but I guess I would then need also some operator that would stand for "contains", and all I can see in the documentation is a colon, and for me it stands only for "equals"…
Does your Project prevent you from using Red Team pen tester tactics?
Well, they do. They have a in-house forensic/compliance guy who steers the project. I'm only his hands…
Well, they do. They have a in-house forensic/compliance guy who steers the project. I'm only his hands…
Maybe have a look at
https://
or
https://
Can you not just use todomain.xyz?
(This implies you can - https://
Indeed, looks like "participants@domain.com" does the job! )