Forum Widgets
Latest Discussions
File Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?chagedorn49Feb 05, 2025Copper Contributor77Views1like3CommentsFile plan reference Id
How do I reuse a file plan reference Id in Records Management? I have created a file plan reference Id but want to use it with a different label so I have removed it from the original label. All the fields on the Editing File plan descriptors screen are dropdown fields with values but the Reference Id is just a dropdown with the only option as "Add a new file plan descriptor reference Id." It doesn't allow me to enter anything in the field and if I try to add a new one that is the same as the one I created it gives me an error and says it already exists. Shouldn't the ones I have created and not used be in the dropdown? See attached for details.Kevin_HoytFeb 04, 2025Iron Contributor1.1KViews1like1CommentAll the locations where you can find Sensitivity labels
Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) (the bottom left will show the label applied to the document) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries Windows File Explorer: Sensitivity labels can be extended to Windows File Explorer, allowing users to apply and view labels directly from their file management interface. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.vicwingsingFeb 04, 2025Brass Contributor2KViews0likes4CommentsIntroducing Microsoft Security Fun Fridays! This week's game- Word Search.
Hey Tech Community! I want to introduce to you a fun new initiative I am starting on the Microsoft Security Community: The first to complete and post a screenshot in the comments of today's Security-themed Word Search will earn our brand new exclusive "Microsoft Security Star" Badge to add to their profile! This badge will only be given out during these fun game posts or by being an outstanding member of the community (more details to come). Also, if you have any ideas of other fun games that you would like to see, please comment below. Good luck and happy hunting!Trevor_RusherFeb 03, 2025Community Manager104Views3likes6CommentsQuarantine Administrator - more rights needed?
Hi everyone, i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins. After mail enabling the user object in Exchange on prem (which is needed btw) the user can access the quarantine without error message. But no mail is shown. Logging in as a global admin (myself) i can see many mails. I followed this doc: https://docs.microsoft.com/de-de/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files Can anyone please advise. ThanksSolvedStephan GFeb 03, 2025Brass Contributor37KViews0likes5CommentsIs it possible to use Azure AD without internet
Hello Experts Mine is more of a business user kind of question and not from a technical question. We want to use some Access and Identity management system for our company (about 50 users and using mostly windows 10). Recently we were audited for some compliance and the auditor recommended a Active Directory services where we could control the users (active/inactive) and have info on what softwares have been installed on that machine. They also recommended we can use Azure AD. We tried with the Free version and it works when the PC/laptop is connected to internet. When its not connected, the users are not able to logon. Before investing or investigating further I want to check if it is possible to have Azure AD work without internet, ie can the users login to their machines even if it not connected to internet. Any help is appreciated.Solvedanand_sJan 31, 2025Copper Contributor49KViews1like8CommentsAuthenticator not displaying numbers on MacOS
I'm have an issue with MFA on a Mac (all the latest versions). We have conditional access policies in place, so once a day I'm prompted for MFA (I work off-site) and the Office app (e.g. Outlook, Teams) will create the pop-up window that 'should' display a number that I then match on my phone. My phone see's the push notification, but the Mac never creates the numbers in the first place. The pop-up is there, just no number. The workaround is: Answer 'its not me' on the phone On the Mac, select 'I can't use Authenticator right now' Tell the Mac to send a new request This time it creates the number and I can authenticate on the phone. It only appears to happen for the installed Office applications i.e. if I'm accessing applications/admin-centre via the browser, then the pop-up is within the browser and everything works first time. Is this a known issue?Scott2000Jan 28, 2025Copper Contributor134Views1like2CommentsIngesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available: The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hub but this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs: Microsoft Graph Security API Add-On for Splunk | Splunkbase As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.KashifKloudyJan 27, 2025Copper Contributor5.5KViews1like5CommentsExtremely Slow Performance Since Defender Was Pushed on Us
Compliance, Security, Protection, and Defender are all extremely slow, with responses from screen to screen ranging from 30 seconds to multiple minutes between clicking items and waiting for Microsoft cloud to return results. I have a GB link and speed test well over 600 Mbps so it's not on my end. It appears the cutover in late January to this new "Defender" platform has been extremely detrimental to the Office portal response times in these portals. What is being done to resolve this?VNJoeJan 26, 2025Iron Contributor19KViews1like12CommentsCompliance Center DLP Policy Tips
Greetings! We are in the middle of implementing the Compliance Center DLP solution using a variety of the advanced rules. We really love the idea of Policy Tips providing guidance to users on what they should do with their sensitive data. Our model is that we are allowed to send sensitive data to intended and verified recipients as long as it is encrypted. So we have some rules that look for HIPAA and PII and inform the user that they should encrypt before sending. The selling point for us was the ability to provide users an override to the policy in cases where encryption wasn't necessary. It is less common, but makes up about 10% of our use-case. Minus the normal bumps and issues, we are mostly happy with the way the system works! Users can override, encrypt, and we get good visibility on why users are sending data unencrypted if they do, so we can retrain or tune the system. Our issue is, of course, the wonkyness of the PolicyTips and how it checks for certain conditions and may or may not clear when a condition is met/not-met. Issue: A user composes an email headed out of our company that contains sensitive data. The system catches this and throws a Policy Tip requiring they encrypt or override. They say, "oh ya! Thanks for reminding me" and hit that encrypt button. This doesn't clear the Policy Tip or the block condition and they cannot send the email, even though it is encrypted. What I've Tried: I added the exception onto the rules to exempt if the Message Type is: Permission Controlled. I tried Message Type: Encrypted, but it doesn't work correctly at all. With this setup, everything works except the Policy Tip, which get stuck. Example: blue box is original PolicyTip. Red box is button encryption. Current Work-Around: The users hate it, because the button is way easier than the subject tags. Our current work-around is to "Clear the Policy Tip" by 1) Remove encryption by clicking link in PolicyTip, 2) Remove Recipient using same method inside Policy Tip. This resets the Policy Tip, so then the user can push the Encrypt button first, then add recipients, without redrafting the whole email. Help!! What sort of logic do I need to make the Encrypt button clear out the Policy Tips? Or is this just it? Workaround city! Thanks for reading and I'd love any help or guidance. Trust me, I've read every docs.microsoft article I can find about Policy Tips and DLP. But I'll take some more if you have them if they are relevant.jjboffyJan 24, 2025Copper Contributor1.1KViews1like1Comment
Resources
Tags
- cloud security981 Topics
- security759 Topics
- microsoft information protection516 Topics
- azure496 Topics
- information protection and governance481 Topics
- microsoft 365413 Topics
- compliance389 Topics
- microsoft sentinel335 Topics
- azure active directory240 Topics
- data loss prevention211 Topics