Forum Widgets
Latest Discussions
Let users assign permissions and keep tenant-wide access
In our organization, we have configured all documents to be labeled and encrypted as "Internal" by default. Our idea is the following: When a user wants to share a document externally, they must manually change the label to "Restricted". The restricted label is set to "let users assign permissions when they apply the label". To enable this, I created a Sensitivity Label with the option "Let users assign permissions". However, when users apply this label, all default tenant permissions are removed, meaning they have to manually assign access again. I’m looking for a solution that allows users to share a document with a specific person while ensuring that only that person gains access and no one else can access it. 🔍 Has anyone successfully implemented this? Any best practices or workarounds?Sophie_BruehlFeb 17, 2025Iron Contributor34Views0likes1Commentnew purview pas-as-you-go cost
Dear community, Can someone help me understand the new pay-as-you-go base cost for purview please? There is no scheduled job and no activity in purview (search). There are some sources registered (remaining from a poc), but the assets dropped. This is an enterprise version. Is the minimum cost, or have I missed something? what should I check to get more detailed information about the cost? The cost breakdown is the following. thanksZoltan_CsonkaFeb 17, 2025Copper Contributor45Views0likes1CommentMPIP labels odd behavior with meetings
We are seeing the following:- When a user selects "Accept - Edit response before sending" in outlook, they can see the label name in the bar above "To" button but no Sensitivity label icon to access the drop down for changing the label in the reply. When user right clicks the meeting invite and selects "Forward", they can see the label name in the bar above "To" button but no Sensitivity label icon to access the drop down for changing the label in the reply. Is this expected behavior.m_c_7Feb 17, 2025Copper Contributor19Views0likes1CommentScanning Salesforce with Purview / Connector Exception: Can not retrieve access token.
Hello everyone, I am trying to scan a demo Salesforce system that is publicly available over the internet (so no SHIR needed as I see it). Nevertheless even when trying out the SHIR as well as AIR to run a scan after registering the Salesforce with the URL, i get the error message: "Failed to testConnection: Exception when processing request: Connector Exception: Can not retrieve access token. Make sure you specify proper parameters." I know it has to do with the User Name & Password and Connected App Consumer Key & Consumer Secret combination. I created a key vault that is connected, the MI of Purview has sufficient read rights (Key Vault Secrets Officer as well as Key Vault Secrets User) on that key vault and I created 4 secrets. the concatted api user password & security token just the API User Password just the Consumer Secret of the Connected App and finally just the security token I tried every possible combination maybe I did overlook something here? From the Connect to and manage Salesforce in Microsoft Purview documentation: Select Consumer key while creating a credential. (Automatically checked) Provide the username of the user that the connected app is imitating in the User name input field. (I am using an integration user with permission set for this) Store the password of the user that the connected app is imitating in an Azure Key Vault secret. If your self-hosted integration runtime machine's IP is within the trusted IP ranges for your organization set on Salesforce, provide just the password of the user. Otherwise, concatenate the password and security token as the value of the secret. The security token is an automatically generated key that must be added to the end of the password when logging in to Salesforce from an untrusted network. Learn more about how to get or reset a security token. (not applicable but I also tried through an SHIR with the concatenated password and security key) Provide the consumer key from the connected app definition. You can find it on the connected app's Manage Connected Apps page or from the connected app's definition. (took this exactly) Stored the consumer secret from the connected app definition in an Azure Key Vault secret. You can find it along with consumer key. (took this exactly and stored in key vault) I found an older post where some people seem to have made it work: Trying to connect purview to salesforce ... - Microsoft Q&A So I think you always need to concatenate the user password and securtiy token when using AIR too no? I'd really appreciate any input or ideas! Best regards and a nice day to you all, Matthias84Views0likes1CommentInbound Sensitive Information
Hello All, We currently have some DLP policies to restrict Financial Data, HIPPA, and PII data from leaving our org. However, is there a way to restrict this type of sensitive data from being sent into the org? For example, an external address sends some sensitive data to a specific mailbox. Can a DLP policy be created to block that data from reaching a specific mailbox and reply back the email was blocked due to the content? Thanks for any info!SolvedIanG562Feb 15, 2025Brass Contributor217Views0likes4Commentsdistribution list members unable to read encrypted emails
One of our tenants has Business Premium licenses. We have a mailbox called "statements" that has forwarding enabled to a mail-enabled security group (Statement1). When someone within the organization sends an email to an individual and keeps the "statements" mailbox in CC, and the email is encrypted, members of the Statement1 security group are unable to read the encrypted email. We’ve created a mail rule for the Statement1 security group, but members are still unable to read the encrypted email. The error message they receive is: "You don't have sufficient permission to open this email." output of Get-IRMConfiguration InternalLicensingEnabled : True ExternalLicensingEnabled : True AzureRMSLicensingEnabled : True Biz Pre License is assigned to all the members of the security group Statement1. Please help in fixing this issue.arunkrFeb 15, 2025Copper Contributor17Views0likes2CommentsMIP On-Prem Scanners Migration
Hi, We have around 33 On-prem scanners in clustered mode along with SQL DB clustering in on-premise environment deployed across multiple regions i.e. APAC, North America & Europe. We need to migrate these on-prem scanners to other data centers as part of data center decomissioning effort. Is there any documentation or migration approach available on this effort? Kindly advise. Regards, RajatrajatwadhwaFeb 14, 2025Copper Contributor38Views0likes3CommentsUnable to test policy to auto-apply retention label.
I am unable to test a labelling policy to auto-apply a retention label, the option is greyed out. The policy is configured to auto-apply a retention label to content identified using a trainable classifier. I am a Global Admin, and have tried in three tenants, all with E5 licences. Any advice out there?EN-NCCFeb 14, 2025Copper Contributor17Views0likes2CommentsPurview DLP: Paste to supported browsers
I've enabled a policy that audits "Paste to Supported Browsers." The policy applies if the file has a specific sensitivity label assigned. When I copy content from the file to an unallowed domain e.g. gmail.com I'm not seeing the activity recorded in the log. I'm reading the Microsoft endpoint data loss prevention page definition for "paste to supported browser" and it appears to only apply if the content copied itself is sensitive e.g. a social security number pattern. So I'm guessing there's no way to prevent users from copying content from a sensitive file and pasting to an unallowed domain. Is that right? "Detects when a user attempts to paste content to a restricted service domain. Evaluation is performed on the content that is being pasted. This evaluation is independent of how the source item that the content came from is classified." Learn about Endpoint data loss prevention | Microsoft LearnMX_ITFeb 13, 2025Copper Contributor793Views0likes1Comment
Resources
Tags
- purview58 Topics
- microsoft purview37 Topics
- dlp23 Topics
- Azure Purview10 Topics
- Retention Labels8 Topics
- Retention Policy8 Topics
- endpoint dlp8 Topics
- sharepoint7 Topics
- Sensitivity Labels7 Topics
- eDiscovery6 Topics