Pinned Posts
Forum Widgets
Latest Discussions
Unable to use MS Graph DLP Api's to use with my Entra Registered App
In purview, I have set of policies in DLP, where I have registered to block the US SSN in the text contents and I have created different policies in all of them I have selected the available locations: Exchange email - All accounts SharePoint sites OneDrive accounts - All accounts Teams chat and channel messages - All accounts Devices - All accounts Microsoft Defender for Cloud Apps On-premises repositories And selected action as block all, in all of them for the rule and enabled the rule (not in simulation mode) Now, I have the app registered in Entra and I try to use the following API's https://learn.microsoft.com/en-us/graph/api/userprotectionscopecontainer-compute?view=graph-rest-1.0 https://learn.microsoft.com/en-us/graph/api/userdatasecurityandgovernance-processcontent?view=graph-rest-1.0&tabs=http But whenever I use the compute api I can see i'm only getting curl -X POST https://graph.microsoft.com/v1.0/users/5fd51e08-c5f1-4298-b79b-a357eaa414ff/dataSecurityAndGovernance/protectionScopes/compute\ -H 'Authorization: Bearer <ACCESS_TOKEN>'\ -H 'Content-Type: application/json' -d '{ "activities": "uploadText,downloadText" }' { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.policyUserScope)", "value": [ { "activities": "uploadText,downloadText", "executionMode": "evaluateOffline", "locations": [ { "@odata.type": "#microsoft.graph.policyLocationApplication", "value": "b48106d9-1cdb-4d90-9485-fe2b6ee78acf" } ], "policyActions": [] } ] } My sample App's Id is showing up but always with `evaluateOffline` I don't know why it always gives 'evaluteOffline' and policyActions is always empty array Also, I can see my Entra registered app is showing up here in the value of the locations And when I use the processContent api , I always get modified in the response and nothing else like below: curl -XPOST https://graph.microsoft.com/v1.0/users/5fd51e08-c5f1-4298-b79b-a357eaa414ff/dataSecurityAndGovernance/processContent \ -H 'Authorization: <ACCESS TOKEN>'\ -H 'Content-Type: application/json' -d '{ "contentToProcess": { "contentEntries": [ { "@odata.type": "microsoft.graph.processConversationMetadata", "identifier": "07785517-9081-4fe7-a9dc-85bcdf5e9075", "content": { "@odata.type": "microsoft.graph.textContent", "data": "Please process this application for John VSmith, his SSN is 121-98-1437 and credit card number is 4532667785213500" }, "name": "Postman message", "correlationId": "d63eafd2-e3a9-4c1a-b726-a2e9b9d9580d", "sequenceNumber": 0, "isTruncated": false, "createdDateTime": "2026-04-06T00:23:20", "modifiedDateTime": "2026-04-06T00:23:20" } ], "activityMetadata": { "activity": "uploadText" }, "deviceMetadata": { "operatingSystemSpecifications": { "operatingSystemPlatform": "Windows 11", "operatingSystemVersion": "10.0.26100.0" }, "ipAddress": "127.0.0.1" }, "protectedAppMetadata": { "name": "Postman", "version": "1.0", "applicationLocation": { "@odata.type": "microsoft.graph.policyLocationApplication", "value": "b48106d9-1cdb-4d90-9485-fe2b6ee78acf" } }, "integratedAppMetadata": { "name": "Postman", "version": "1.0" } } }' In the above request I have mentioned some sample US Security SSN, but the response I get is { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.processContentResponse", "protectionScopeState": "notModified", "policyActions": [], "processingErrors": [] } But Ideally I want to see whether I can get the content is valid or not, for example in the above request, it has SSN, so ideally I should get restrictAction or something right? Or is that evaluateInline is not available or something? Note that I have purchased E5 and assigned to the user who is trying this Also, whenever I choose to create a Policy in DLP , I got two options And Lets say I choose "Enterprise applications & devices", what happens is in the Locations, I'm seeing only these as the options: And If I choose the "Inline Traffic", i'm seeing only these options In Unmanaged, I'm seeing the following And in the Enforcement Options, I have the following : And in the "Advanced DLP rules" I'm seeing only these So, can you tell me the exact steps in the Purview suite, I couldn't where to mention the Entra registered App, I searched and I couldn't find one But in the compute endpoint, https://learn.microsoft.com/en-us/graph/api/userprotectionscopecontainer-compute?view=graph-rest-1.0 I'm getting my app but only with "evaluateOffline" and with that ETag, If I use the processContent Api, its not giving anything except as I mentioned above in the post
Leveraging Microsoft Graph to Automate Compliance Workflows MS Purview
Background Microsoft Purview provides organizations with capabilities to discover, classify, protect, and govern sensitive information across Microsoft 365 workloads. As organizations increasingly rely on Purview for compliance operations such as auditing, investigations, and regulatory response, there is a growing need to automate these processes beyond the Microsoft Purview portal. Microsoft exposes key compliance capabilities through Microsoft Graph APIs, enabling organizations to integrate Purview operations directly into automation workflows. The Microsoft Purview APIs in Microsoft Graph allow applications to align with data governance, security, and compliance policies defined within the Purview portal, helping ensure that applications handling sensitive information respect organizational controls. Automating eDiscovery Operations with Microsoft Graph The Microsoft Purview eDiscovery APIs available through Microsoft Graph enable organizations to automate repetitive compliance tasks and integrate with existing investigation or legal workflows. These APIs are intended to support litigation, investigation, and regulatory scenarios by allowing administrators to programmatically manage key eDiscovery components such as cases, custodians, searches, review sets, and exports. This capability allows organizations to move from manual portal‑based workflows toward repeatable, policy‑aligned processes integrated into automation platforms or downstream compliance tooling. Programmatic Access to Audit Logs Microsoft Purview Audit captures thousands of operations across Microsoft 365 services and retains them in the unified audit log for security investigations and compliance obligations. Through Microsoft Graph, administrators can now programmatically search and retrieve audit logs using the Purview Audit Search API. This API enables administrators and applications to query and retrieve relevant audit activity logs across workloads such as Exchange, Entra ID, OneDrive, SharePoint, and Intune, providing visibility into user activity and administrative operations performed across the organization. This provides a programmatic alternative to legacy PowerShell‑based audit search methods, improving reliability and enabling automation of compliance monitoring workflows. Supporting Policy‑Aware Applications Applications that integrate with Microsoft Purview APIs through Microsoft Graph can interpret and enforce compliance policies such as sensitivity labels or data loss prevention (DLP) rules. Microsoft documents that apps built using these APIs can prevent data misuse by aligning with compliance and security requirements defined within the organization’s governance framework. This integration also allows enterprise applications to respect sensitivity labels and policy‑driven controls, ensuring that interactions with organizational data remain compliant with regulatory requirements and internal governance policies. Conclusion Microsoft Purview governs organizational data through classification, retention, auditing, and investigation capabilities. Microsoft Graph provides the automation layer that allows these governance controls to be accessed programmatically. By integrating Microsoft Graph with Microsoft Purview APIs, organizations can automate eDiscovery workflows, retrieve audit logs programmatically, and ensure that applications interacting with sensitive data respect compliance policies defined within their Microsoft 365 environment. Learning Resources Use the Microsoft Purview eDiscovery API in Microsoft Graph Use Microsoft Purview APIs for eDiscovery Overview of Microsoft Purview APIs in Microsoft Graph Introducing the Microsoft Purview Audit Search Graph API
Co Authoring with Sensitivity Labels
Hello, I am working with sensitivity labels with my organization. We currently have Standard, Confidential, and Highly Confidential which all are encrypted. I have Co-Authoring turned on but I have some trouble with. We a lot of documents being collaborated on. Standard: Co-Authoring functions normal and Auto-Save is toggled on. Highly Confidential: Custom Permission in Sensitivity Label (View, Edit, Reply, Forward) I asked copilot and it stated even though my permissions are selected custom I have "Edit" on their for my internal users it is reading it as Co authoring; Co-Authoring is on and functioning but internal end users Auto-Save is toggled off and they are being asked to save a copy of the document or excel sheet then upload it again to SharePoint. Why isn't "Auto-Save" toggled on for "Highly Confidential" label? Can it be adjusted so it can be on? Do I have to make adjustments to my permissions in the Sensitivity label? Any help is appreciated. Thank you!
Purview EXPORTS unreliable and missing "Top-of-information-store" folder
Has anyone noticed an issue where the exported PST files are either empty or missing folders? I don't normally check every PST file that I export, but after hearing from customers that there are either no emails or missing folders, I started to check after each export. I am noticing that the Seach and Export process seems to be fine and the Downloaded PST file show the correct size, but when i open the PST files, I'm seeing that they contain no emails OR they are missing folders - including the "Top-of-information-store" folder. When i look at the Properties > Folder Size settings, i can see that the PST file thinks that all the folders are there. This is incredibly tough to work with since I am now checking each PST file and then having to rerun the search/export/download all over again. It's been like this for about 3 weeks.
[HELP] "Action required for browser protections" alert
Hello! I have an Endpoint DLP policy with Device location. After several scoping changes (device groups, inclusions/exclusions) to narrow it to a specific target group, the orange alert appeared: Action required for browser protections. One or more policies were not applied in Edge for Business. This could be due to a policy sync issue, lack of required permissions, or an issue with the server. Either resync these policies or contact an admin with the required permissions to resync. After resyncing, you might still see this message for up to 1 day while the system completes the sync and activates protections. The policies were working before. Clicked Resync multiple times, only for the error to return. Please help!Guidance: Sensitivity Labels during Mergers & Acquisitions (separate tenants, non-M365, etc.)
We’re building an internal playbook for how to handle Microsoft Purview sensitivity labels during mergers and acquisitions, and I’d really appreciate any lessons learned or best practices. Specifically, I’m interested in how others have handled: Acquired organizations on a separate Microsoft 365/O365 tenant for an extended period (pre- and post-close): How did you handle “Internal Only” content when the two tenants couldn’t fully trust each other yet? Any tips to reduce friction for collaboration between tenants during the transition? Existing label structures, such as: We use labels like “All Internal Only” and labels with user-defined permissions — has anyone found good patterns for mapping or reconciling these with another company’s labels? What if the acquired company is already using sensitivity labels with a different taxonomy? How did you rationalize or migrate them? Acquisitions where the target does not use Microsoft 365 (for example, Google Workspace, on-prem, or other platforms): Any strategies for protecting imported content with labels during or after migration? Gotchas around legacy permissions versus label-based protections? General pitfalls or watch-outs between deal close and full migration: Anything you wish you had known before your first M&A with Purview labels in play? Policies or configurations you’d recommend setting (or avoiding) during the interim period? Any examples, war stories, or template approaches you’re willing to share would be incredibly helpful as we shape our playbook. Thanks in advance for any insights!
Microsoft Purview - Endpoint Data Discovery
Hi all, I wanted to understand Microsoft Purview’s capabilities around data discovery on Windows endpoints, specifically in a legacy data scenario. Use case: We have data residing on Windows machines/endpoints that is: Legacy in nature Not being actively moved, migrated, or modified Sitting at rest on local disks (user endpoints) Questions: Can Microsoft Purview perform data discovery or classification on such endpoint‑resident data? Does Purview support scanning or discovering data on Windows endpoints at rest, without requiring the data to be uploaded, migrated, or modified? If not directly, are there any supported approaches or workarounds (e.g., via integrations with Microsoft Defender for Endpoint, Information Protection scanners, or other Purview components) to achieve this? What are the current limitations of Purview when it comes to endpoint-based data discovery?How to remove/modify a sensitivity label for many SharePoint documents?
We would like to implement Purview sensitivity labels for our SharePoint sites. We would like to use auto labeling. Before we start the implementation, we would like to test some rollback scenario. How to remove/modify a sensitivity label for many SharePoint documents?
Unified Catalog activity / usage reporting
Hi, We are building out our data products and glossary terms in Purivews Data Governance Unified catalog. I’d like to get some metrics on data consumer activity/usage. Metrics like how many users running searches for terms or data products. How many people navigating into data assets to discover data, etc. I haven’t found any reports like this. Is there any audit logs specific to data governance I can query? I’m trying to gauge user adoption. thanksSensitivity Label Permissions
Hello, I have set up sensitivity labels within my company. I have Public, Standard, Confidential and Highly Confidential. When testing with my external email (e.g. Gmail and Yahoo) I am prompted to enter the one-time passcode when opening an email from my test account. But then I tested with an external user who has an Outlook email and he was not prompted to enter the one-time passcode. "Authenticated Users" is included in Standard, Confidential and Highly Confidential permission control when setting up the labels. Is this the normal behavior for the one-time passcode only being prompted for Non-Microsoft emails? Can the one-time passcode be prompted for Microsoft (Outlook) domains? Also how can I have multi-factor authenticator apply to my labels for external clients/users? Any help would be much appreciated. Thank you!
