My goal from a high level:
I would like automatically copy all emails in a conversation from the various mailboxes where they reside to a single mailbox to act as an archive. This would basically happen one at a time. So in practice, an admin/analyst receives an email thats part of a conversation that they deem necessary to archive and they execute a process that gathers all of those emails and copies them to a separate mailbox.
My idea so far:
Im thinking that the best way to do this is:
- Create a mailbox that only a group of analysts can send emails to
- When analysts receive a candidate email, they forward this to the mailbox mentioned in #1
- Whenever an email arrives in this mailbox, automation executes to copy the conversation history of the email chain from all source mailboxes.
My question:
I'm most uncertain about #3. I know there are several ways I can do this but don't know which approach may yield the best results:
- Use Exchange Web Services? This seems to be a well established approach over the years but my understanding is that Microsoft wants people to stop using EWS and move on to Microsoft Graph.
- Microsoft Graph? This seems to be what Microsoft recommends but is Microsoft Graph established enough to do what I want to do?
- Azure runbook? If this approach reasonable mainly for a PowerShell based solution? If so, it seems I would be stuck with using Compliance Center commandlets. Ive used those quite a bit and have frequently run up against limitations especially in regards to copying emails(it seems this can only be done by exporting PSTs).
Im basically just looking for someone to steer me in the right direction. Someone who's done something similar with Graph, EWS or Azure automation. I haven't used Graph or EWS extensively to know which would make more sense. I would like to avoid going too far down one option only to hit a brick wall limitation like I did with Compliance Center commandlets.
EDIT: Some more explanation on the trouble I had with Compliance Center commmandlets:
- copying emails is a problem. You can export results, but it's to a PST and I didn't see a way to do this via script, only via the web interface. Search-Mailbox works ok in this regard, but it has it's own problems(the commandlet is getting retired in another couple months)
- Searching by Conversation ID doesn't seem be possible in Content Search KQL. Which leaves me with setting up complex custom searches in every situation to find all emails.(unless you know an easier way to find all emails in a conversation?)
- Ill think of some more reasons if necessary.
Not familiar with Microsoft Graph and Azure runbook. For Exchange build-in feature, you could use search-mailbox to get these message in multiple mailboxes.
https://social.technet.microsoft.com/Forums/office/en-US/b1bf9519-a187-48db-bb30-05d666fb6937/how-do-you-search-mailboxes-and-export-to-a-pst-file?forum=exchangesvrgeneral
Or eDiscovery under Office 365 Security & Compliance. After creating an eDiscovery case and choosing who has access to it, use the case to search for email, documents, Skype for Business conversations, Teams data, and other content in your organization. You can then preserve the content and export the search results for further analysis.
For incoming message, you could create a transport rule to redirect it to an specific mailbox.