Recent Blogs
As of December 1 st , 2025, the Microsoft Purview eDiscovery Graph API Standard hit General Availability (GA). It provides a programmatic way to manage eDiscovery cases, searches, holds, and exports ...
Feb 05, 2026
At Microsoft Ignite, we announced the public preview of Purview integration with the Agent Framework SDK—making it easier to build AI agents that are secure, compliant, and enterprise‑ready from ...
Feb 05, 2026
Introduction
Zero Trust has emerged as the defining security ethos of the modern enterprise. It is guided by a simple but powerful principle: “Never trust, always verify.” This principle is more re...
Feb 04, 2026
We are happy to announce a new data connector that is available to the public: the Microsoft Copilot data connector for Microsoft Sentinel. The new Microsoft Copilot data connector will allow for aud...
Feb 03, 2026Recent Discussions
Is a Digipass Go 6 compatible with MS MFA
I'm trying to setup a bunch of Digipass go 6's that my company has for some users. https://www.onespan.com/sites/default/files/2019-08/Digipass-GO6_tcm42-47370.pdf These are Duo branded hardware tokens. Is it possible to set them up with MS MFA instead of Duo https://duo.com/docs/administration-devices#managing-otp-hardware-tokens https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-oath-tokens The part I have yet to find is the base-32 secret.
Issue wiht the downgraing label
Hello, We are experiencing an issue with sensitivity labels configured for SharePoint using Confidential – Encrypted. When User A uploads a file with this label applied automatically rom the SharePoint library , User B is unable to downgrade the label to a different one and receives an error message. We have confirmed that both User A and User B have the same permissions (Co-author access) to the file and location. Could you please advise what might be causing this or what additional permissions or configuration may be required? Any help would be much appreciated.
[HELP] "Action required for browser protections" alert
Hello! I have an Endpoint DLP policy with Device location. After several scoping changes (device groups, inclusions/exclusions) to narrow it to a specific target group, the orange alert appeared: Action required for browser protections. One or more policies were not applied in Edge for Business. This could be due to a policy sync issue, lack of required permissions, or an issue with the server. Either resync these policies or contact an admin with the required permissions to resync. After resyncing, you might still see this message for up to 1 day while the system completes the sync and activates protections. The policies were working before. Clicked Resync multiple times, only for the error to return. Please help![HELP]"Action required for browser protections" alert
Hello! I have an Endpoint DLP policy with the Devices location. After multiple scoping changes (device groups, inclusions/exclusions) to narrow it to a specific target group, the alert appeared: Action required for browser protections. One or more policies were not applied in Edge for Business. This could be due to a policy sync issue, lack of required permissions, or an issue with the server. Either resync these policies or contact an admin with the required permissions to resync. After resyncing, you might still see this message for up to 1 day while the system completes the sync and activates protections. The policies were working before. Clicked Resync multiple times, banner disappears briefly, only to return. Please help!How do you investigate network anomaly related alerts?
Hello everyone. Using some of the built-in analytical rules such as "Anomaly was observed with IPv6-ICMP Traffic", when you go into the incident event details, its just some numbers of the expected baseline vs actual value. What do you do with this? Similar case with following rules: Anomaly found in Network Session Traffic (ASIM Network Session schema) Anomaly was observed with ESP Traffic Anomaly was observed with Outbound Traffic Anomaly was observed with Unassigned Traffic
Purview Data Map scanning Microsoft Fabric and no classifications applied or scan rule sets
Microsoft Purview cannot currently apply built-in or custom classifications (including sensitive information types) to metadata discovered from Microsoft Fabric workspace scans. While Purview can register Fabric workspaces and extract structural metadata (workspaces, Lakehouses, Warehouses, tables, columns, and limited lineage), classification rules are not executed against Fabric assets in the same way they are for supported sources such as Azure SQL, ADLS Gen2, or on-prem databases. This results in classification gaps across a core enterprise analytics platform. Why This Is a Significant Service Omission 1. Breaks the Core Value Proposition of Purview 2. Undermines Regulatory and Risk Management Controls 3. Creates an Inconsistent Governance Experience 4. Blocks Downstream Purview Capabilities 5. Forces Anti-Patterns and Workarounds The lack of automated classification support for Microsoft Fabric workspace data represents a material service omission in Microsoft Purview, significantly limiting its effectiveness as a unified data governance platform and introducing avoidable compliance, operational, and assurance risks—particularly in regulated environments. Are there plans to improve this and if so what are the timescales?
OTP Code via SMS from non microsoft number
Hi Microsoft Team, Good day! For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the SMS doesn't use an official Microsoft phone number and "Microsoft" is not displayed as the sender. I would like to request assistance on how to verify that these numbers are legitimately from Microsoft. 41 79 998 76 61 and 4915758307532. Many thanks for your help. Kind regards, Rosine
AADSTS50105 error message is unreadable for end users — UX improvement suggestion
1. What’s wrong with the current error message a. It’s written for administrators, not users The message exposes: Internal system names (AADSTS50105) GUIDs (aaaabbbb-cccc-dddd-eeee-ffff01234567) Identity provider jargon (“direct member of a group with access”) None of this helps the person who sees the error decide what to do next. b. The actual problem is buried in a wall of text The real issue is simply: You don’t have permission to access this app. Instead, the message forces users to: Read a long paragraph Decode domain-specific language Guess which part matters Cognitively, this is high effort for low payoff. c. “Contact your administrator” is vague and unhelpful Users ask: Which administrator? IT? Security? App owner? Their manager? What should they say? Without context, users either: Ignore the error Forward screenshots randomly Open the wrong support ticket d. Error codes without guidance increase support load AADSTS50105 may be meaningful internally, but: Users don’t know whether to Google it Support teams receive unclear tickets (“it doesn’t work”) This paradoxically raises support cost instead of lowering it. 2. What a better error message should do A good error message answers four questions in order: What happened? Why did it happen (in plain language)? What can the user do next? Who specifically can help? And it does so in under 30 seconds of reading time. 3. Example of a much better error message You don’t have access to [APPLICATION] Your account (email address removed for privacy reasons) isn’t currently authorized to use [APPLICATION]. This usually means: You haven’t been added to the required security group, or Access hasn’t been requested or approved yet. What to do next If you believe you should have access, contact IT Service Desk or your [APPLICATION] owner and request access. Helpful details to include in your request Application name: [APPLICATION] Your email: email address removed for privacy reasons Error reference: Access not assigned (Error ID: AADSTS50105 — for IT use) 4. Optional but high-impact improvement: Add a “Request Access” button or link One-click takes users to: ServiceNow / Jira / internal form Auto-populates app name and user email Administrators configure support link when configuring the application
Encryption disappears in Outlook - Sensitivity Label not working
Hello everyone, we implemented Sensitivity Labels at our client and have iconsistent and unexpected behavior, we cannot explain. Maybe some of you can help or have ideas on whats going on: Scenario / Use Case A customer is using Sensitivity Labels to encrypt emails in Exchange Online. Label configuration: The sensitivity label applies encryption The label is scoped (published) to a Microsoft 365 group User A and User B are members of this Microsoft 365 group and therefore can apply the label User are licensed with M365 Business Premium The label is published and available to User A and User B (member of above M365 group) User C is an external recipient and not included in the label’s publishing scope Observed Behaviors Scenario 1 – Encryption Lost When Forwarded Externally User A (internal) sends an email to User B (internal) using a sensitivity label that applies encryption. User B receives the email correctly: The lock icon in Outlook is displayed, the message is encrypted as expected User B forwards the email to User C (external) User C receives the forwarded email unencrypted: No lock icon is shown, User C can read the entire conversation history, including content that was previously encrypted Scenario 2 – Encryption Disappears Within an Internal Email Conversation In addition to the external forwarding scenario, we are also observing the following behavior within an internal email thread: User A sends an encrypted email to User B using the sensitivity label. User B replies to User A: The reply remains encrypted User A replies again within the same conversation Suddenly, the encryption disappears: The lock icon is no longer shown The message and the full conversation history is no longer protected This happens without any user action to remove or change the sensitivity label. Key Observation Both scenarios occur intermittently: Sometimes encryption behaves as expected Sometimes encryption disappears “out of nowhere” The behavior is not reliably reproducible, which makes troubleshooting very difficult. Any help is appreciated!Device Migration from On-prem AD to Azure AD
Hello All, We want to migrate our On-Prem AD devices to Azure AD and enroll into intune. We have Azure AD sync and all but needs to convert machine to Azure AD join only not Hybrid AD. So we would like to create new user profile on machine. We have used two methods so far. 1) Reset the machine and use join to Azure AD from OOBE. ( Issue - This will make user a Administrator for that machine and we dont want that ) 2) Unbind from on-prem AD, join to Azure AD manually but the same issue like number 1. 3) Using Hardware Hash, register devices to Autopilot and then reset all the machines. ( Issue - This will take too long to migrate 250 machines and helping remote workers are quite difficult ) Has anyone tried any different method or is there any expert suggestion ? Thanks!
Datascan not picking up the schema of .parquet files ParquetFormat JavaInvocationException happened
Since about a week we have a problem with our datascan on ADLS not picking up the schema of .parquet files. It does pick up on the asset but not on the schema of said asset. The parquet files are perfectly readable and writeable with Fabric/spark. Purview had no issue picking them up before last week, but it seems that something has changed on the Microsoft side? Anyone else facing these issues recently? 2026-02-02T06:21:47.116Z,SystemError,ReadData,https://xxx.dfs.core.windows.net/landingzone/masterdata/someotherfile.parquet,ParquetFormat JavaInvocationException happened,ScanErr0000Shutdown impossible, How to cancel a Norton subscription fan running Update KB5073455
Hi! I'm running Windows 11 Enterprise, OS Version Dial 87.7.41934 . 68. BIOS version: LENOVO R2SET29W (1.05 ). System model 21S7S0ER00. Intel processor Family 6 Model 181. After the latest update KB5073455 I'm experiencing inability to shutdown the computer. Also, a very annoying problem since the latest update is that the computer fan is constantly on since startup. Closing the lid of the laptop will not turn the fan off and will continue until the battery runs out. Because of the corporate environment, I am unable to advancedly control the fans, or for example uninstall the latest update until a fixed one is provided. Do you know when can we expect a fix to be released? Thank you already in advance! Best regards, dhirajHow to cancel a Norton subscription Allow Uniqueness of Glossary Terms across Governance Domains
When glossary terms are created and published, there is no check for the same term name in another governance domain. Some organizations do want to enforce term uniqueness across all domains. Would it be feasible to provide an optional switch in Unified Catalog settings to turn this on?Scaling Data Governance- Does a Purview in a Day Framework Exist?
Hello Purview Community, I’ve been exploring the available acceleration resources for Microsoft Purview, and one thing I noticed is a potential gap in the "In a Day" workshop series. While we have excellent programs like Power BI in a Day or Fabric in a Day, I haven't yet seen a formalized Purview in a Day framework designed to help organizations jumpstart their governance journey in a single, cohesive session. I am reaching out because my team is currently preparing something in this area that we believe will be very useful to the community and Microsoft in the future. Rather than working in isolation, we want to ensure we are aligned with the official roadmap. I wanted to reach out to the community and the Microsoft product team to ask: Is there an official "In a Day" initiative for Purview currently in the works? If not, who would be the best point of contact to discuss alignment? Looking forward to hearing your thoughts and seeing if we can build something impactful together!Unexpected Service Principal Additions After Purview Label Schema Migration
Hi everyone, I recently migrated our Microsoft Purview label schema in our tenant and noticed some interesting audit log entries right after the migration. Specifically, Entra ID recorded Add service principal actions for: Microsoft Edge management service Purview Ecosystem (https://api.purview.microsoft.com) Both events were logged under my admin account, with the User-Agent showing kiota-dotnet/1.16.4, which suggests an automated process or Microsoft Graph SDK interaction. Here are some details: Operation: Add service principal Result: Success Tags: disableLegacyUserImpersonationClient, disableLegacyUserImpersonationResource, and for Purview: GitCreatedApp Triggered at: The exact time I completed the label schema migration. My question: Is this expected behavior when migrating Purview label schemas? Are these service principals required for Purview and Edge management integration? Any best practices to confirm these additions are legitimate and secure? Thanks in advance for your insights! Best regards StephanAllow Uniqueness of Glossary Terms across Governance Domains
When glossary terms are created and published, there is no check for the same term name in another governance domain. Some organizations do want to enforce term uniqueness across all domains. Would it be feasible to provide an optional switch in Unified Catalog settings to turn this on?
Cross workspace lineage for Fabric Lakehouse tables in Purview
I’m currently exploring lineage capture in Microsoft Purview for Fabric Lakehouse tables that are spread across multiple workspaces, following medallion architecture (Bronze, Silver, Gold in separate Fabric workspaces). While reviewing the documentation, I noticed the stated limitation around cross-workspace lineage for non-power BI assets, as mentioned here: https://learn.microsoft.com/en-us/purview/data-map-lineage-fabric Is there any update or workaround planned to support cross-workspace Fabric lineage in Purview? Is this limitation on the product roadmap or actively being worked on? Until native support is available, are there any recommended design patterns to handle lineage in this scenario?How to offboarding endpoint from Purview
Hi I'm a fresh user of Purview and after creating policies linked to Exchange, I've enabled the onboarding of computer. Unfortunately, all Defender endpoints have been onboarded, and I've not be able to define which one was concerned. Now, I would like to offboard all those devices from purview and only keep them in Defender without any DLP protection. I tried to remove them with the onboarding script, but my endpoints are still present in Purview. How can I completely remove them? Thanks for your help Yohann
Events
In her 2026 identity priorities blog, Joy Chik outlines the Access Fabric as the future of access security, but how do organizations get there? Find out why establishing a strong access foundation is...
Online
As AI becomes embedded in everyday work, traditional data security models break down. Copilots and agents can search, summarize, and recombine information at machine speed, creating new exposure path...
Online