Skip to main content
All CollectionsCommunications Sources
Implementing Microsoft Teams Chat (Legacy)
Implementing Microsoft Teams Chat (Legacy)

Steps to enable Microsoft Team Chat capture

Updated over 3 months ago

The following options for capturing and configuring Microsoft Teams Chat communications capture are now deprecated. While the Manual Export is still recommended for bulk archive initialization, the powershell script methods are here for existing customers only. Please see Microsoft Teams Chat for updated instructions on capturing Teams Chat communications.

Below are the two methods that can be used to produce Teams data that is digestible by the Fairwords/MCO Teams parser. Method one is manually extracting the data via the M365 Compliance Center. Method two uses a PowerShell script Fairwords has developed to automatically perform this action for the users using remote PowerShell. Method two is currently in a beta phase and is subject to be tweaked depending on the needs (specifically infosec & IT security) of the customer’s enterprise environment.

Manual Export

Microsoft Teams Automatic Export via Powershell

Microsoft Teams Chat Interactive Extracts

Mapping Users to Microsoft Team Chat identities

Manual Export

Requirements for Running the Export

  • Microsoft Edge Browser: For optimal performance and necessary for downloading export results.

  • Access to Microsoft Purview: With necessary permissions to perform searches and exports as an eDiscovery Manager or Administrator.

  • Knowledge of Specific Users/Groups/Teams: For accurate targeting during the search.

  • Familiarity with eDiscovery Tools: To efficiently navigate and utilize the search and export functionalities.

Details on Exporting Teams Data via UI

We advise using Microftsoft Edge for this whole process. While it is only required for step 6, it is faster to just start with Edge.

The MCO parser works with the standard content search export of individual messages. The following steps should be performed to get the required data:

  1. Log in to your Microsoft Security and Compliance Center:

    1. Navigate to the Purview Classic eDiscovery.

  2. Initiate a New Search:

    1. Select the Search tab.

    2. Click Start a Search.

    3. Note: For your first search, make sure to select Start a New Search.

  3. Specify Locations for Search:

    1. On the next page, click Choose users, groups, or teams next to the Exchange Email row.

    2. Search for and select the appropriate user, group, or team from the results.

  4. Add Search Conditions:

    1. Click + Add Conditions.

    2. Add the following conditions:

      1. Date Range: Use the calendar feature to specify the required date range.

      2. Message Kind: Select Equals Any of, and type microsoftteams into the box.

      3. Type: Select Instant Messages.

  5. Save and Run the Search:

    1. Once you've set the conditions, click Save & Run.

    2. Name your search, then click Save.

  6. Export the Search Results:

    1. After the search completes:

      1. Go back to Saved Searches.

      2. Double-click the saved search you just created.

      3. In the pop-up window, click Export Results.

  7. Configure Export Options:

    1. Under Output options, select All items, excluding duplicates.

    2. For Export Exchange content as, choose Individual messages.

    3. Click Export to initiate the export process.

  8. Download the Exported Results:

    1. Navigate to the Exports tab.

    2. If needed, refresh the page to see the latest export results.

    3. Select the export you wish to download.

    4. In the pop-up on the right, click Copy export key to clipboard.

    5. Click Download results at the top right of the screen.

    6. Paste the copied export key in the prompt, choose the download location, and click Start Export.

    7. Note: Use Microsoft Edge on Windows to download, as this is the recommended browser for this step. The download time may vary depending on the size of the export.

  9. Upload the Exported File:

    1. After downloading the export (which will be in .zip format), upload it to the shared SFTP provided by your customer support agent.

    2. Place the file in the /teamsH folder on the SFTP. This ensures that the automatic parser can retrieve the necessary data.

Microsoft Teams Automatic Export via Powershell

The below process describes setting up and running a Microsoft PowerShell script to automatically export MS Teams messages using eDiscovery tools in the M365 Compliance Center. The script requires a user with Compliance Center manager rights and securely stores login information in the Windows Credential Manager.

The steps involve creating a distribution group, setting up an eDiscovery case, providing necessary information in the script, and adding user credentials to the Windows Credential Manager. After configuration, the script can be run, and it will generate a .zip file containing the exported Teams messages at the specified location. This script is currently considered to be in a “beta” phase due to its flexibility requirements depending on IT security requirements for a users enterprise environment.

Requirements for Running and Editing the Script:

  • Windows PowerShell v7.3.2+ installed on the system.

  • User Credentials with Access to M365 Compliance Center with Compliance Center manager rights.

  • Windows Credential Manager: For securely storing user login information.

  • Internet Connectivity: To access the M365 Compliance Center and download/upload necessary files.

  • Basic Knowledge of PowerShell Scripting: For editing and understanding the script.

  • Windows Server (AWS or Enterprise) or Approved Windows Computer: Where the script will be placed and run.

  • Administrative Privileges: To create and manage distribution groups and eDiscovery cases.

Details on running the Teams Auto Export Script

Our MS Teams Auto Exporting Script is based on Windows PowerShell v7.3.2+. This can be placed and run on an AWS Windows Server or on an approved enterprise computer.

The script uses Microsoft PowerShell to call the M365 compliance center and using Remote Powershell pulls a specified case name using e-discovery tools.

Importantly, it requires a user that has compliance center manager rights. (This can be a dedicated account or an existing one with the correct rights) The login information for the user account to be used is securely stored in Windows Credentials Manager in Windows.

To run the script for testing, you will first need to fill out some important details within the PowerShell script. We recommend doing a test run of the script to make sure it is functioning properly. This can consist of just a couple of users at first which we detail below.

  1. Create a distribution group (list)

    1. Go to the admin center at https://admin.microsoft.com

    2. In the left-hand panel, select Teams & Groups > Active teams and groups.

    3. Click on “Add a group”.

    4. Select Distribution as your group type.

    5. Give the group a name, we recommend “Fairwords Teams Export”.

      • You can also add a description to this group.

    6. Select an owner for this distro.

      • You must select at least one.

    7. Add users to this distro.

      • The users who are part of this distro will have their Teams messages exported as part of the script.

    8. Set an email address for the team.

      • This will need to be provided in the script for the export to work.

    9. After all the details have been entered, click on “Create Group”.

  2. Create an eDiscovery Case.

    1. Go to compliance portal.

    2. In the left navigation pane of the compliance portal, click “Show All”, and then click eDiscovery > Standard.

    3. Click on “Create a Case”.

    4. On the New case flyout page, give the case a name (required) and then type an optional description.

      1. The case name must be unique in your organization.

    5. Click “Save” to create the case.

    6. The new case is created and displayed on the eDiscovery (Standard) page. (You may have to click “Refresh” to display the new case.)

    7. You will have to provide the script with the Case name.

  3. Editing the script on your machine.

    1. Locate the script in Windows File Explorer after downloading, right-click, and edit the script.

      1. You will see a couple of End User Properties that need to be filled out in the top part of the script. You will see the bolded below in the script, below we have broken down explanations of which properties is

        1. # End User Properties

        2. $daysToExport = 30

          1. Days to export (default is 30). If performing a test export, this can just be one week.

        3. $exportLocation = 'C:\Fairwords-TeamsExport'

          1. Edit the directory where the export is generated on your local computer/server (if you do not change the directory it defaults to C:\Fairwords-TeamsExport)

        4. $caseName = "Fairwords Teams Export"

          1. Remember this is the case name that is used for exporting in the compliance center.

        5. $distroName = '[email protected]'
          a. Finally, this is the distribution list name of the users you use.

  4. Adding User Credentials to Windows Credential Manager

    1. To do this, find Windows Credential Manager either via search or Control Panel > Users Accounts > Credential Manager.

    2. At the top you will see “Web Credentials” and “Windows Credentials”, click “Windows Credentials” section and then “Add a Generic Credential”.

      1. For the Internet or network address: enter "Fairwords/TeamsExport" (no quotes)

      2. For the username and password, enter the user/email address of the user account you are using to export the files and click Ok.

Once you have created the Distro list, the eDiscovery Cases, edited the PowerShell script, and entered the generic credential in Windows Credential Manager, run the newly saved script by right-clicking on it in Windows Explorer and selecting "Run with PowerShell" (make sure you are running this .ps1 with PowerShell v7.3.2+)

The script will run for a couple of minutes and once completed, should generate a .zip file for you in the location you specified. After which, you can provide the test .zip to your Fairwords CS rep. for testing. The ongoing sending process will be done via SFTP.

Microsoft Teams Chat Interactive Extracts

While the prior instructions leverage Powershell to define an automated, periodic, approach to exporting Microsoft Teams Chats, it is also possible to run powershell interactively to extract message content.

For instructions on customizing and running powershell to enable running it interactively, please see: Microsoft Teams Chat Interactive Extracts.

Mapping Users to Microsoft Team Chat identities

Mapping users to their Microsoft Teams accounts is critical so that eComms can know how to handle their communications.

Users are mapped to the primary email address in their profile by default and to additional Source Mappings configured to additional Microsoft Teams identities.

To add additional Microsoft Teams identities to a user profile.

  1. Sign in to MCO eComms as a Admin user.

  2. Navigate to Settings > Users page to locate specific users for mapping.

  3. Open a user profile by clicking edit (pencil icon).

  4. Locate the Sources section and select the Edit button. To put the section in editing mode.

  5. Select Add Source button to insert a new mapping record.

  6. Select the Teams in the Source name column and enter the email address used in Microsoft Team in the Unique Identifier field. Click the check button when done editing the row.

  7. Add additional Teams identities as required.

  8. Click Save button when done to save the mapping.

Immediately after adding this user source mapping, newly arriving Teams messages with the entered Microsoft Teams identities will be mapped to this user. Once mapped all retention and detection policies associated with this user will be applied moving forward.

Important! New source mappings will update existing messages and alerts in the account for search and display reference purposes. However, they will not retroactively apply retention and detection policies to messages already in the application.

Related Articles
Microsoft Teams Chat
Implementing Microsoft Teams Chat
Microsoft Teams Chat Interactive Extracts
Implementing Microsoft Teams Chat (R&A)
Implementing Microsoft Teams Voice & Meetings capture
Did this answer your question?