Here’s a problem that comes up regularly when running searches in the Microsoft 365 Security and Compliance portal (As of this date, these portals are scheduled to be separated with the upcoming changes to the admin portal). When you run a search, you can’t preview or download search results. In the search preview, you get this message: “to preview search results, please ask your compliance admin to grant you preview permission.” In addition, there is no visible option for downloading anything other than an Excel based report for the search you perform.
Before you can view any search data or download results, you need to set the right permissions in the Security and Compliance Center as well as Azure AD. Global Admin rights in Microsoft 365 are not sufficient. To set permissions, perform the following steps:
- Log in at https://portal.azure.com
- Click on the Azure Active Directory app in the list of applications. The icon looks like the snip below:
- Once the Azure AD blade opens, click on Roles and Administrators
- Select Compliance Administrator
- Click on the +Add Member option at the top of the screen, then select the user or group you would like to grant access to. This user or group will have permission to export files from the Compliance and Security admin portal in Microsoft 365.
- Next, we’ll need to go to the Compliance and Security portal to set permissions there. Go to https://protection.office.com.
- Select Permissions to open the Permissions blade:
- In the list of permission roles available, select eDiscovery Manager.
- Scroll down to the eDiscovery Administrator section and click Edit.
- Click Choose eDiscovery Administrator.
- Wait a few moments for the list of users to populate in the blade that appears (or search for the user you want to add), then select the user and click Add, then Done, then Save to apply the permission change. You’ll need to log out and back in for the permissions to apply. Read the notes section below for details.
1. Be patient when performing this change. Large permission changes in Azure AD and other areas require a while to replicate throughout the Azure Active Directory environment. The replication can take up to 1 hour before being received by the back-end DCs that run your company’s tenant after being input. It’s an annoying thing to deal with, but it is necessary (for now).
2. Make certain to log out and back in *after* waiting a while. The best tactic is to make the permission change, log out, wait an hour, then log back in. Once you do this, you should have the access you’re looking for.
3. If you need to download a PST of the emails you search, visit: Step by Step: Export Office 365 Email to PST
4. If you need to download OneDrive or SharePoint data, visit: Step by Step: Export Office 365 OneDrive Data