Forum Widgets
Latest Discussions
Purview -> DLP -> Settings -> Endpoint DLP Settings
I have configured Browser and Domain Restrictions to sensitive data, with a condition as a sensitivity label. I used the Allow for a whitelist for sites, and all others should be blocked. I created and assigned a DLP. I assigned the DLP to sharepoint/Onedrive/devices, allsites/all users&groups/all users&groups. The sensitivity label is published\assigned. But it is not blocking the web sites. What am I missing? My understanding is that DLP policies should inherit the DLP settings by default. I cannot seem to 'on-board' devices in Purview. As it is greyed out. I have MS Business Premium, which includes MS Defender for Business, MS InTune.
DLP Policy Rule "U.S. Physical Address" exclusion
We have the built in Sensitive Info Type "U.S. Physical Address" in our Default HR & Privacy Info Protection Policy in simulation. This is set to the location of just Exchange Email only. Everyone in the company has our physical address in their email signature. This combination keeps triggering alerts even if I set the instance count to something like 3. I've asked Co-Pilot for instructions to create an exclusion where I can enter our physical address to be ignored but the instructions always mention options that don't exist in the rule edit screen. I see online people asking for signatures to be ignored but the response is they can't be. Am I doomed to ask all staff to remove their signature, remove this SIT altogether, or just let the Action of "encrypt email messages" proceed and have our organization look the fool for encrypting every email sent outside the organization? Anyone know how to tell Purview to ignore your own physical address?Securing Data with Microsoft Purview IRM + Defender: A Hands-On Lab
Hi everyone I recently explored how Microsoft Purview Insider Risk Management (IRM) integrates with Microsoft Defender to secure sensitive data. This lab demonstrates how these tools work together to identify, investigate, and mitigate insider risks. What I covered in this lab: Set up Insider Risk Management policies in Microsoft Purview Connected Microsoft Defender to monitor risky activities Walkthrough of alerts triggered → triaged → escalated into cases Key governance and compliance insights Key learnings from the lab: Purview IRM policies detect both accidental risks (like data spillage) and malicious ones (IP theft, fraud, insider trading) IRM principles include transparency (balancing privacy vs. protection), configurable policies, integrations across Microsoft 365 apps, and actionable alerts IRM workflow follows: Define policies → Trigger alerts → Triage by severity → Investigate cases (dashboards, Content Explorer, Activity Explorer) → Take action (training, legal escalation, or SIEM integration) Defender + Purview together provide unified coverage: Defender detects and responds to threats, while Purview governs compliance and insider risk This was part of my ongoing series of security labs. Curious to hear from others — how are you approaching Insider Risk Management in your organizations or labs?
Suppress Alerting to Endpoint DLP Printing on "Print to PDF".
Is there a way to configure an Endpoint DLP policy for Printing to NOT alert on "Print to File" events primarily Print to PDf's. For example print events where the target name are "Microsoft Print to PDF" or "Adobe PDF"? I understand you can create Printer groups, but there is no way to use as a condition when creating DLP rule.Data discovery | Starting Purview journey
An organization is beginning its Microsoft Purview data security journey, with sensitivity labels already published. As they prepare to implement Data Loss Prevention (DLP) and Insider Risk Management (IRM), the initial focus is on data discovery and identifying relevant use cases for policy creation. From a technical standpoint, beyond using Data Explorer and Activity Explorer, what other tools or methods can support this discovery process? How should one approach such a greenfield environment to effectively perform a Data Assessment, identify and prioritize policy use cases?
AADSTS50020: protected PDF issue for external users
I have been recently (don't know when it was started) observed getting error from protected PDF (sensitivity label with user defined permission) file while trying to open that pdf via AIP viewer mobile app (Android/iOS) AS external user (who has permission to open/view). No issue with Office file types protected. external (not internal, not guest) user (currently testing with gmail.com account, other O365 tenant user) getting error as attached from AIP view mobile app. We do have AIP excluded at conditional access policy which helped so far to avoid this problem for external users. Is there been any recent change in behavior around user defined protected PDF? Since user having problem is external, have no clue where to look for log and start investigation. Error code: AADSTS50020MS Purview InformationProtectionPolicy - Extract Sensitivity Labels - Permissions Granted
Hello community, I'm currently facing an issue trying to extract sensitivity labels from our Microsoft 365 tenant and could use some assistance. I have already ensured that the necessary permissions and application are in place. I initially attempted to retrieve the labels via the Microsoft Graph Explorer (graph-explorer) using the endpoint: https://graph.microsoft.com/beta/security/informationProtection/sensitivityLabels. As you can see in the attached image, I encountered a "Forbidden - 403" error, suggesting a problem with permissions or consent, even though InformationProtectionPolicy.Read is listed under the "Modify permissions" tab as "Unconsent". The only way that I found to solve it was using "https://graph.microsoft.com/beta/me/security/informationProtection/sensitivityLabels" but I need to use it in Python Code, without a user validation of credential. Next, I tried to achieve the same using Python and the Microsoft Graph API directly. I obtained an access token using a Client ID and Secret, authenticating against https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token. The application associated with this Client ID and Secret has been granted the InformationProtectionPolicy.Read permission. However, when making a GET request to https://graph.microsoft.com/beta/security/informationProtection/sensitivityLabels in Python, I receive the following error: I have already granted what I believe are the relevant permissions, including InformationProtectionPolicy.Read.All, InformationProtectionPolicy.Read, Application.Read.All, and User.Read. Has anyone successfully retrieved sensitivity labels using the Microsoft Graph API? If so, could you please share any insights or potential solutions? I'm wondering if there are other specific permissions required or if there's a particular nuance I might be missing. Any help would be greatly appreciated! Thank you in advance. Leonardo Canal
How do I exclude certain part of email from being scanned?
Hi there, I have enabled client-side auto Sensitivity labelling for emails in a tenant for PII detection using pre-built SIT & Trainable Classifiers. However, the issue is that the Email signature automatically makes the check true and applies the label automatically, which I want to avoid. Is there a way for me to exclude the signature part of the email from being excluded?
