Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add Graph API Support for EDiscovery Role Detection #217

Open
jonnybottles opened this issue Jan 7, 2025 · 0 comments
Open

Feature: Add Graph API Support for EDiscovery Role Detection #217

jonnybottles opened this issue Jan 7, 2025 · 0 comments
Labels
status/backlog In backlog / validated type/feature New feature or request
Milestone
Phase 4: Non Caps...

Comments

@jonnybottles
Copy link
Collaborator

jonnybottles commented Jan 7, 2025
edited
Loading

What is this feature about?

This feature aims to expand the capabilities of the existing Get-HawkTenantEDiscoveryConfiguration function to detect modern eDiscovery roles assigned through the Microsoft 365 Security & Compliance Center (via Microsoft Graph API). Currently, the script only detects eDiscovery roles through Exchange Online cmdlets and custom role assignments, missing newer roles such as eDiscovery Manager and eDiscovery Administrator.

Why is it needed?

  • Modern Role Visibility: The existing method does not capture roles assigned directly within Microsoft 365 Security & Compliance center, resulting in incomplete eDiscovery permissions reporting.
  • Security Auditing: Organizations need to ensure comprehensive oversight of eDiscovery-related permissions to prevent unauthorized data access.
  • Compliance Requirements: Many compliance frameworks require detailed audits of who can access, search, and hold organizational data. Missing modern role assignments can lead to compliance gaps.

2. Problem Statement

Currently, Get-HawkTenantEDiscoveryConfiguration provides eDiscovery permissions data based on:

  1. Exchange Online Role Groups (e.g., Discovery Management)
  2. Custom Management Role Entries that include eDiscovery cmdlets (e.g., New-MailboxSearch, Search-Mailbox)

However, many organizations now use the Microsoft 365 Security & Compliance Center to assign eDiscovery roles, specifically eDiscovery Manager and eDiscovery Administrator. These roles:

  • Are not visible through Exchange Online management tools.
  • Are best queried through the Microsoft Graph API.

As a result, current reporting does not capture these modern role assignments, leaving a significant visibility gap in eDiscovery permissions and potentially impacting compliance efforts.

3. Proposed Solution

Augment Get-HawkTenantEDiscoveryConfiguration by integrating Microsoft Graph API calls to detect modern eDiscovery role assignments. This should:

  1. Detect Microsoft 365 eDiscovery Manager roles
  2. Detect Microsoft 365 eDiscovery Administrator roles
  3. Include both direct user assignments and group-based memberships
  4. Maintain backward compatibility with current Exchange Online detection
  5. Provide consistent output formatting for both modern and legacy roles
@jonnybottles jonnybottles added type/feature New feature or request status/backlog In backlog / validated labels Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/backlog In backlog / validated type/feature New feature or request
Projects
None yet
Milestone
Phase 4: Non Capstone Project Feature...
Development

No branches or pull requests
1 participant
@jonnybottles