Yesterday, I was asked about the eDiscovery process for Private Channels in Teams.
It’s a little bit hairy at the moment, so I’ve included some scripting and examples to help you out with it.
[shameless plug] I’ve adapted some of this content from one of my books, Deploying Microsoft 365 Teamwork: Exam MS-300 Guide.[/shameless plug]
Background
eDiscovery for Microsoft Teams (like other Office 365-based content) is done using the Security & Compliance center. The Security & Compliance center allows you to conduct content searches both within the boundary of an eDiscovery case as well as standalone content searches.
Unless you’ve been living under a rock, you probably know that a Microsoft Teams’ team is based on an Office 365 group (meaning it has a group mailbox and a SharePoint site, among other things). When performing searches for conversation data located in Microsoft Teams, you can normally just select the appropriate object in the Security & Compliance center search interface.
However, if you’re searching for SharePoint content, you’ll need to select the team’s SharePoint site as well.
About Private Channels
And then, there’s the whole thing about private channels. Private channels have their own SharePoint site for file content, and messages posted in the General/Conversation channel gets stored in individual user mailboxes of the private channel members.
When searching for content that may be present in private channels, you’ll have to select both the private channel SharePoint URLs as well as the mailboxes of the private channel members.
Guest chats: To index and store the chats of guests, the Office 365 service provisions a phantom or shadow mailbox for external recipients. Conversation content for guests is stored in those mailboxes.
Locating the associated private channels for a Team will take a bit of PowerShell scripting—you’ll need both the Microsoft Teams and SharePoint Online PowerShell cmdlets.
In our example, we have created a Team called Project Rover and have created a private channel called Rover Private Channel, as shown here:
To locate the team members whose mailboxes we’ll need to include in eDiscovery or content search as well as the URL of the private channel, we’ll need to run several PowerShell commands.
Getting Started
As mentioned earlier, you’ll need both the Microsoft Teams PowerShell module and the SharePoint Online PowerShell module. To install the Microsoft Teams PowerShell module, run Install-Module MicrosoftTeams
from an elevated PowerShell prompt.
To install the SharePoint Online Management Shell, download and install it from https://www.microsoft.com/en-us/download/details.aspx?id=35588.
Once you have those modules installed, you’ll have to connect to Teams and SharePoint Online to get the information you need. I know this goes without saying for most folks, but use your own tenant name where tenant
is present. Replace Team Name
with the team name that you are trying to locate private channels for.
Connecting to PowerShell Interfaces
To connect to Microsoft Teams, use the following command from a PowerShell console:
Connect-MicrosoftTeams
To connect to SharePoint Online, use the following command from a PowerShell console:
Connect-SPOService -Url https://<tenant>-admin.sharepoint.com
Finding the Things You Need
Now that you’re connected to both Microsoft Teams PowerShell and SharePoint Online, you’ll need to find multiple things:
- Private Channels for the Team in question
- Members of each of the Private Channels
- The associated SharePoint Online site for each of the Private Channels
Identifying Private Channel Users
To locate all of the private channel users whose mailboxes you would need to include in a content search or eDiscovery, follow these steps:
- Connect to Microsoft Teams using the
Connect-MicrosoftTeams
cmdlet (above). - Locate the Team group object ID using the following command:
$Team = Get-Team -DisplayName "Team Name"
- Locate the Team’s private channels using the following command:
$Channels = Get-TeamChannel -GroupId $Team.GroupId | ? {$_.MembershipType -eq "Private"}
- Locate the Team’s private channel users with the following command:
$Users = ($Channels | %{ Get-TeamChannelUser -GroupId $Team.GroupId -DisplayName $_.DisplayName}).User | Sort -Unique
The list of users whose mailboxes you need to search will be saved in the $Users variable. You can list them by just typing $Users
at the PowerShell prompt:
Next, you need to find the locate the SharePoint Online Sites associated with a Team. You’ll also need to
use the SharePoint Online PowerShell:
- Connect to SharePoint Online using the
Connect-SpoService
cmdlet. The syntax is (replacing<tenant>
with your tenant name:Connect-SPOService -Url https://<tenant>-admin.sharepoint.com
- Locate all of the site collections that were using the private channel template using the following command:
$Sites = Get-SPOSite -Template "TEAMCHANNEL#0" -Limit All
Note: This returns all of the sites in the entire tenant using that template. You can only retrieve the necessary properties using the -Limit All parameter (using any -Filter parameters will cause the required properties to not be captured).
- Loop through all of the returned sites to match the
RelatedGroupId
property to the TeamGroupId
with this snazzy bit of PowerShell:[array]$PrivateChannelSites = @() Foreach ($Site in $Sites) { $Temp = Get-SPOSite -Identity $Site.Url -Detailed If ($Temp.RelatedGroupId -eq $Team.GroupId) { $PrivateChannelSites += $Temp } } $PrivateChannelSites | Select Url
After running the above code, the console will display the SharePoint Online site URLs for the private channels associated with the sites, as shown here: Once you have located both the additional user mailboxes and SharePoint Sites associated with any private channels for a Team, you can add them to your eDiscovery or Content Search like you would any mailbox or specific SharePoint site URL.
Hopefully you can do what U2 couldn’t and find what you’re looking for.
How do i subscribe for RSS feeds on this site?
You can subscribe via by adding https://bhr.62e.myftpupload.com/feed/rss to your RSS reader.