The following options for capturing and configuring Microsoft Teams Chat communications capture are now deprecated. While the Manual Export is still recommended for bulk archive initialization, the powershell script methods are here for existing customers only. Please see Microsoft Teams Chat for updated instructions on capturing Teams Chat communications.
Below are the two methods that can be used to produce Teams data that is digestible by the Fairwords/MCO Teams parser. Method one is manually extracting the data via the M365 Compliance Center. Method two uses a PowerShell script Fairwords has developed to automatically perform this action for the users using remote PowerShell. Method two is currently in a beta phase and is subject to be tweaked depending on the needs (specifically infosec & IT security) of the customer’s enterprise environment.
Manual Export using Microsoft Purview eDiscovery
MCO eComms Microsoft Teams Chat parser works with the Content Search export of messages using specific export options described below.
Requirements for Running the Export
Access to Microsoft Purview: With necessary permissions to perform searches and exports as an eDiscovery Manager or Administrator.
Knowledge of Specific Users/Groups/Teams: For accurate targeting during the search.
Familiarity with eDiscovery Tools: To efficiently navigate and utilize the search and export functionalities.
Details on Exporting Teams Data via UI
Create a New Case
Login to Microsoft Purview.
Navigate to the the eDiscovery Solution Cases page.
Click on Create a new case.
Name and Description are up to your discretion, but ensure they clearly describe the purpose of this case.
Create a New Search
Click the Create a search button.
Name the search and add a relevant description to keep track of the search parameters.
Set Search Criteria using the Condition Builder
Define the criteria for the Date range of the messages to be pulled.
Add Message kind as Contains any of > Microsoft team
Add Data Sources
Before exporting, you need to define data sources.
Click the Add sources button.
In the Locations to include section, choose Mailboxes only to focus the search on Teams related data.
Export the Data
Once the data sources are added, click the Export button to initiate the export process.
Ensure that the Export format is set to Create .msg files for messages.
Uncheck the Give each item a friendly name option to prevent automatic renaming of items.
Monitor the Export Process
Use Microsoft's Process Manager to monitor processing progress.
Once completed, you can access the exported data files.
Download Exported Files
Select both the data file (larger zip file) and the metadata file (smaller zip file)
Click Download to download these files to the local file system.
Rename Exported Files and Zip together for File Transfer
Rename the downloaded files to ensure correct processing as follows.
The larger ZIP file: meeting-messages.zip
The smaller ZIP file: meeting-metadata.zip
Compress both files into single ZIP file for Transfer. We recommend a date stamp naming convention (e.g. Teams-Chat_YYYY-MM-DD.zip).
Securely Upload via SFTP
Upload the newly created ZIP file to the designated SFTP server for secure delivery to your archive.
Microsoft Teams Chat Export using Unattended Powershell
The below process describes setting up and running a Microsoft PowerShell script to automatically export MS Teams messages using eDiscovery tools in the M365 Compliance Center. The script requires a user with Compliance Center manager rights and securely stores login information in the Windows Credential Manager.
The steps involve creating a distribution group, setting up an eDiscovery case, providing necessary information in the script, and adding user credentials to the Windows Credential Manager. After configuration, the script can be run, and it will generate a .zip file containing the exported Teams messages at the specified location. This script is currently considered to be in a “beta” phase due to its flexibility requirements depending on IT security requirements for a users enterprise environment.
Requirements for Running and Editing the Script:
Windows PowerShell v7.3.2+ installed on the system.
User Credentials with Access to M365 Compliance Center with Compliance Center manager rights.
Windows Credential Manager: For securely storing user login information.
Internet Connectivity: To access the M365 Compliance Center and download/upload necessary files.
Basic Knowledge of PowerShell Scripting: For editing and understanding the script.
Windows Server (AWS or Enterprise) or Approved Windows Computer: Where the script will be placed and run.
Administrative Privileges: To create and manage distribution groups and eDiscovery cases.
Details on running the Teams Auto Export Script
Our MS Teams Auto Exporting Script is based on Windows PowerShell v7.3.2+. This can be placed and run on an AWS Windows Server or on an approved enterprise computer.
The script uses Microsoft PowerShell to call the M365 compliance center and using Remote Powershell pulls a specified case name using e-discovery tools.
Importantly, it requires a user that has compliance center manager rights. (This can be a dedicated account or an existing one with the correct rights) The login information for the user account to be used is securely stored in Windows Credentials Manager in Windows.
To run the script for testing, you will first need to fill out some important details within the PowerShell script. We recommend doing a test run of the script to make sure it is functioning properly. This can consist of just a couple of users at first which we detail below.
Create a distribution group (list)
Go to the admin center at https://admin.microsoft.com
In the left-hand panel, select Teams & Groups > Active teams and groups.
Click on “Add a group”.
Select Distribution as your group type.
Give the group a name, we recommend “Fairwords Teams Export”.
You can also add a description to this group.
Select an owner for this distro.
You must select at least one.
Add users to this distro.
The users who are part of this distro will have their Teams messages exported as part of the script.
Set an email address for the team.
This will need to be provided in the script for the export to work.
After all the details have been entered, click on “Create Group”.
Create an eDiscovery Case.
Go to compliance portal.
In the left navigation pane of the compliance portal, click “Show All”, and then click eDiscovery > Standard.
Click on “Create a Case”.
On the New case flyout page, give the case a name (required) and then type an optional description.
The case name must be unique in your organization.
Click “Save” to create the case.
The new case is created and displayed on the eDiscovery (Standard) page. (You may have to click “Refresh” to display the new case.)
You will have to provide the script with the Case name.
Editing the script on your machine.
Locate the script in Windows File Explorer after downloading, right-click, and edit the script.
You will see a couple of End User Properties that need to be filled out in the top part of the script. You will see the bolded below in the script, below we have broken down explanations of which properties is
# End User Properties
$daysToExport = 30
Days to export (default is 30). If performing a test export, this can just be one week.
$exportLocation = 'C:\Fairwords-TeamsExport'
Edit the directory where the export is generated on your local computer/server (if you do not change the directory it defaults to C:\Fairwords-TeamsExport)
$caseName = "Fairwords Teams Export"
Remember this is the case name that is used for exporting in the compliance center.
$distroName = '[email protected]'
a. Finally, this is the distribution list name of the users you use.
Adding User Credentials to Windows Credential Manager
To do this, find Windows Credential Manager either via search or Control Panel > Users Accounts > Credential Manager.
At the top you will see “Web Credentials” and “Windows Credentials”, click “Windows Credentials” section and then “Add a Generic Credential”.
For the Internet or network address: enter "Fairwords/TeamsExport" (no quotes)
For the username and password, enter the user/email address of the user account you are using to export the files and click Ok.
Once you have created the Distro list, the eDiscovery Cases, edited the PowerShell script, and entered the generic credential in Windows Credential Manager, run the newly saved script by right-clicking on it in Windows Explorer and selecting "Run with PowerShell" (make sure you are running this .ps1 with PowerShell v7.3.2+)
The script will run for a couple of minutes and once completed, should generate a .zip file for you in the location you specified. After which, you can provide the test .zip to your Fairwords CS rep. for testing. The ongoing sending process will be done via SFTP.
Microsoft Teams Chat Export using Interactive Powershell
While the prior instructions leverage Powershell to define an automated, periodic, approach to exporting Microsoft Teams Chats, it is also possible to run powershell interactively to extract message content.
For instructions on customizing and running powershell to enable running it interactively, please see: Microsoft Teams Chat Interactive Extracts.
Mapping Users to Microsoft Team Chat identities
Mapping users to their Microsoft Teams accounts is critical so that eComms can know how to handle their communications.
Users are mapped to the primary email address in their profile by default and to additional Source Mappings configured to additional Microsoft Teams identities.
To add additional Microsoft Teams identities to a user profile.
Sign in to MCO eComms as a Admin user.
Navigate to Settings > Users page to locate specific users for mapping.
Open a user profile by clicking edit (pencil icon).
Locate the Sources section and select the
Editbutton. To put the section in editing mode.Select Add Source button to insert a new mapping record.
Select the Teams in the Source name column and enter the email address used in Microsoft Team in the Unique Identifier field. Click the check button when done editing the row.
Add additional Teams identities as required.
Click Save button when done to save the mapping.
Immediately after adding this user source mapping, newly arriving Teams messages with the entered Microsoft Teams identities will be mapped to this user. Once mapped all retention and detection policies associated with this user will be applied moving forward.
Important! New source mappings will update existing messages and alerts in the account for search and display reference purposes. However, they will not retroactively apply retention and detection policies to messages already in the application.