Forum Widgets
Latest Discussions
Welcome, Purview Lighting Talks audience!
Please log in and then post any of your Risk and Compliance spillover Purview Lightning Talks questions in the thread below. You can tag them using these hyperlinked handles: The Day Offboarding Exposed Infinite Retention - Nikki Chapple nikkichapple Length: 10 minutes | Topic: Data Lifecycle Management A routine Purview request led to an unexpected discovery: more than 9,000 orphaned OneDrives and thousands of inactive mailboxes still storing content long after employees had left. This talk explains how a retain-only policy created hidden retention debt and how Adaptive Scopes can help organisations separate active users from leavers to avoid similar pitfalls. What's In My Compliance Manager Toolbox: A Cloud Security Architect's Perspective - Jerrad Dahlager j-dahl7 Length: 8 minutes | Topic: Compliance Manager A practical walkthrough of how I use Compliance Manager across real client engagements to map controls, track improvement actions, and simplify multi-framework compliance. No theory, just what works in the field. Does M365 Support eDiscovery? - Julian Kusenberg - Leprechaun91 Length: 11 minutes | Topic: eDiscovery A myth-busting session that separates perception from reality when it comes to Microsoft 365 eDiscovery capabilities. Also, you can come here at any time and click "Start a Discussion" to post a topic or question to your Purview Community! Purview Lightning Talks takes place April 30th at 8am pacific: Webinar DetailsRenWoodsApr 29, 2026Microsoft64Views1like0CommentsOrganisational vs model-level AI governance — where's the real gap?
Most AI governance conversations I'm seeing focus on model-level controls, like bias testing and prompt injection defence. These matter enormously for individual AI systems. But I'd argue the bigger gap is one level up: the organisational governance layer. Having the policies, accountability structures, risk frameworks, and oversight mechanisms to govern AI use at enterprise scale. Who is accountable for AI-related decisions? Where is sensitive data being processed? What AI tools are actually being used across the business? Forrester research indicates 60% of organisations still lack a formal AI governance framework. Meanwhile, the EU AI Act reaches full compliance obligations in August 2026, and ISO/IEC 42001 is gaining traction as the certifiable benchmark for AI management systems. Microsoft is building strong technical solutions for the model-level challenge, Purview for data governance, Entra Agent ID, Defender for threat protection, Compliance Manager for regulatory mapping. But in my experience, organisations that jump straight to configuring technical controls without first understanding their organisational maturity end up with tools deployed but governance gaps unchanged. Are we solving the right problem first?MarcusHallMar 28, 2026Copper Contributor113Views1like1CommentDeep Dive: Insider Risk Management in Microsoft Purview
Hi everyone I recently explored the Insider Risk Management (IRM) workflow in Microsoft Purview and how it connects across governance, compliance, and security. This end-to-end process helps organizations detect risky activities, triage alerts, investigate incidents, and take corrective action. Key Phases in the IRM Workflow: Policy: Define rules to detect both accidental (data spillage) and malicious risks (IP theft, fraud, insider trading). Alerts: Generate alerts when policies are violated. Triage: Prioritize and classify alerts by severity. Investigate: Use dashboards, Content Explorer, and Activity Explorer to dig into context. Action: Take remediation steps such as user training, legal escalation, or SIEM integration. Key takeaways from my lab: Transparency is essential (balancing privacy vs. protection). Integration across Microsoft 365 apps makes IRM policies actionable. Defender + Purview together unify detection + governance for insider risk. This was part of my ongoing security lab series. Curious to hear from the community — how are you applying Insider Risk Management in your environments or labs?Perparim_AbdullahuAug 25, 2025Tin Contributor1.8KViews1like2CommentseDiscovery is NOT working correctly with KeyQL Sensitive Type
Hello team, I am running in eDiscovery using KeyQL or Query builder data at REST in EXO (Stale emails) that contain sensitive Info like: Canada Social Insurance number. The query run correctly, however, the output statistics pull out other type of sensitive Info, this means that the eDiscovery is not discovering what is was requested in the KeyQL query. Canada Social Insurance Number a2f29c85-ecb8-4514-a610-364790c0773e KeyQL Query: (SensitiveType:a2f29c85-ecb8-4514-a610-364790c0773e|1..|85..100) AND Date>2025-01-01 Please see the output of the Query: In addition with this problem, Why we can't delete the stale emails using as condition the "Sensitive info", so, If I need to delete the emails before 2020 with "Canada Social Insurance number", how can I do it? It will be almost impossible if the cybersecurity team needs to do with the end-user email by email? Best regards,389Views1like3Comments
Tags
- ediscovery2 Topics
- eDiscovery Premium2 Topics
- purview1 Topic
- ediscovery search1 Topic
- microsoft defender1 Topic
- insider risk management1 Topic
- microsoft purview1 Topic
- security & compliance1 Topic
- Sensitivity Labels1 Topic