Pinned Posts
Forum Widgets
Latest Discussions
AI Activity Explorer Not Showing Content
I am getting an error indicating "Additional permissions required. Your role can't view AI Visits or user risk levels. For permission, ask an administrator to change your role." I am currently an Entra Global Admin, Entra Compliance Admin, and Purview Compliance Admin, and have other roles. I do see based on the dashboard graph I should bee seeing data. What other roles may be necessary or what other configurations may be missing?
DLP Policy Blocking Invoices Containing Sensitive Info – Exception Not Working
Hello, I have implemented Microsoft Purview DLP policies in my organization to protect sensitive information such as Aadhaar Card, PAN Card, Driving License, and Credit Card numbers. The policies are working fine and successfully blocking sensitive data. However, I am facing an issue with invoices. When sending invoices internally or to clients, emails are getting blocked because they contain sensitive details like PAN or Aadhaar numbers. I tried adding an exception rule for invoices using the following regex in a Sensitive Info Type (SIT), and included this SIT in the NOT condition of the DLP policy: (?i)(invoice|bill|tax\s*invoice|gst\s*invoice|receipt)\s*(\b[0-9]{12}\b|[A-Z]{5}[0-9]{4}[A-Z]|[A-Z]{2}[0-9]{13}|\d{13,16}) Despite this, invoices are still getting blocked. Has anyone encountered this issue? What is the correct way to configure exceptions in DLP so that sensitive information detection continues to work but invoices containing sensitive info can still be sent? Any guidance or best practices would be greatly appreciated. Thanks in advance! DLP Policy configuration Screenshots.
Deletion of an SharePoint website with an adaptive scope
We are using a retention label "Keep forever" which we have published via a retention policy. In this policy, we have established an adaptive scope based on a KQL query which selects a large part (but not all) SharePoint websites in our tenant. Since there are several new sites created every day in our tenant automatically, adding sites manually to a static scope doesn’t make practical sense. This has worked well. Now we ran into the usecase that we would like to delete a number of (old and not used anymore) SharePoint websites. My first idea was to change the KQL statement and add a NOT Operator inside of the statement. This was fine. However, from studying the material on MS learn, this will trigger a 30 Grace Period for these sites that have been removed from the adaptive scope, although they are not part of retention policy anymore (visible by the policy lock up function). I read that there is a way to EXCLUDE sites from a retention policy (which doesn’t trigger the 30 Grace Period), however this option seems only to be available when using static scopes and not adaptive scopes. Does anyone know a way to retain the flexibility provided by the adaptive scope and not be affected by the Grace Period?Bring back old DLP actions
We're working to ensure best practice across clients and protect sensitive information from being shared in unencrypted messages, but rather than having to trust that users will remember to encrypt all of their emails that may contain sensitive data it would be nice to be able to set up a DLP policy to auto encrypt messages that breach DLP. We used to be able to, and it guaranteed moderate protection with minimal impact. Why was this option removed from DLP? Now the only action that we can take is to completely block the messages from being sent. How does that make sense? Many agencies have to communicate sensitive information back and forth, and it should be encrypted. The only current work around I see is to set up a mail flow rule to encrypt all messages, which would cause a larger potential impact on end users outside of the organization, leading to complaints to the company and potential loss of clients and/or profits. Which is not ideal. Microsoft, please stop rolling out half finished platforms and retiring in place and perfectly functional ones before you have a fully working replacement!Purview Scanning on Oracle Databases not classifying data assets
We are scanning an Oracle database from our Purview account, and during the scan, approximately 60% of the identified assets are being classified as "Classified Assets." However, when we navigate to Data Estate Insights, each of these assets is displaying "No Match Found" under the Classification section. This seems contradictory and is causing concerns about the accuracy of our data classification. We have thoroughly reviewed and verified our classification rules within Purview, ensuring they are aligned with the data patterns in our Oracle database. The rules have been executed successfully, We have data reader rules on the Oracle database and tables so, we can view the tables too and the schemas generated from the scanned assets are also 100% correct. Please helppppppp. Ashishpurview PurviewFanatic Zmicrosoft azure DonNYC-Purview akamsPurviewHelp or anyone else please @
