Pinned Posts
Forum Widgets
Latest Discussions
Purview Message Encryption - Broken Icon
The lock image url referenced in the "has sent you a protected message" email is invalid. Image source: https://outlook.office365.com/Encryption/lock.png I can confirm this was last working on 2/12/2025. Messages sent on 2/12 and today 3/6 reference the same url. This is not a case of the image being blocked by the mail client. Thank you, Matt
Purview DLP: Paste to supported browsers
I've enabled a policy that audits "Paste to Supported Browsers." The policy applies if the file has a specific sensitivity label assigned. When I copy content from the file to an unallowed domain e.g. gmail.com I'm not seeing the activity recorded in the log. I'm reading the Microsoft endpoint data loss prevention page definition for "paste to supported browser" and it appears to only apply if the content copied itself is sensitive e.g. a social security number pattern. So I'm guessing there's no way to prevent users from copying content from a sensitive file and pasting to an unallowed domain. Is that right? "Detects when a user attempts to paste content to a restricted service domain. Evaluation is performed on the content that is being pasted. This evaluation is independent of how the source item that the content came from is classified." https://learn.microsoft.com/en-us/purview/endpoint-dlp-learn-aboutForced to new purview portal nothing works or is too slow
so what we feared has occured; forced to the new portal and nothing works. cannot change roles we have roles as they worked in the old portal but new portal doesn't seem to accept the custom roles. cannot implement content search across SPO anyone else having issues?
Auto label based on content matching by Information protection scanner
I have on premises repository in TBs. I have already configured information protection scanner and added repository where files are placed and my scanner is scanning the files also. I want to auto label them based on content matching. for example: Auto label files as "Confidential" when there is a match of world "budget" Auto label files as "Internal use only" when there is a match of word "leave request form" I know auto labeling is available for M365 for example exchange, ondrive and sharepoint. but How can I achieve above using information protection scanner. Please help. ThanksOnboard devices in Purview is grayed out
I’m getting started with Microsoft Purview and running into issues onboarding devices. In the Purview portal, no devices appear, and the “Onboard devices” option is grayed out. I have EMS E5 licenses assigned to all users, and I’m signed in as a Global Admin with Purview Administrator and Security Administrator roles. All devices are managed by Intune and run Windows 11 Enterprise with the latest updates. They are Microsoft Entra joined (AAD joined), show up correctly in Defender, and their Defender onboarding status is active and onboarded. What piece am I missing that would prevent these devices from showing in Purview and keep the onboarding option disabled? Any guidance would be appreciated.
DLP Policy - DSPM Block sensitive info from AI sites
Having issues with this DLP policy not being triggered to block specific SITs from being pasted into ChatGPT, Google Gemine, etc. Spent several hours troubleshooting this issue on Windows 11 VM running in Parallels Desktop. Testing was done in Edge. Troubleshooting\testing done: Built Endpoint DLP policy scoped to Devices and confirmed device is onboarded/visible in Activity Explorer. Created/edited DLP rule to remove sensitivity label dependency and use SIT-based conditions (Credit Card, ABA, SSN, etc.). Set Paste to supported browsers = Block and Upload to restricted cloud service domains = Block in the same rule. Configured Sensitive service domain restrictions and tested priority/order (moved policy/rule to top). Created Sensitive service domain group for AI sites; corrected entries to hostname + prefix wildcard a format (e.g., chatgpt.com + *.chatgpt.com) after wildcard/URL-format constraints were discovered. Validated Target domain = chatgpt.com in Activity Explorer for paste events. Tested multiple SIT payloads (credit card numbers with/without context) and confirmed detection occurs. Confirmed paste events consistently show: Policy = Default Policy, Rule = JIT Fallback Allow Rule, Other matches = 0, Enforcement = Allow (meaning configured rules are not matching the PastedToBrowser activity). Verified Upload enforcement works: “DLP rule matched” events show Block for file upload to ChatGPT/LLM site group—proves domain scoping and endpoint enforcement works for upload. Disabled JIT and retested; paste events still fall back to JIT Fallback Allow Rule with JIT triggered = false. Verified Defender platform prerequisites: AMServiceVersion (Antimalware Client) = 4.18.26020.6 (meets/exceeds requirements).
