Pinned Posts
Forum Widgets
Latest Discussions
How to apply sensitivity labels to external emails received in my Outlook?
I have created a sensitivity label and an auto-labeling policy that applies the label when an email contains sensitive information. When an internal user sends the email, the label is applied correctly. But when I receive an email with sensitive information from an external user, the label is not applied. How can I apply the sensitivity label to emails that come from external users?
Customized Oversharing Dialog not working for Exchange DLP
Hi Team, When I'm enabling policy tip as a dialog for custom content. This is not working. I'm testing this option on new outlook. and this is my JSON file { "LocalizationData": [ { "Language": "en-us", "Title": "Add a title", "Body": "Add the body", "Options": [ "I have a business justification", "This message doesn't contain sensitive information", "Business justification" ] } ], "HasFreeTextOption": "true", "DefaultLanguage": "en-us" } For old outlook it's not working there too. No policy tips, no override option My old outlook version
Cross-Tenant Purview Scan of Fabric Lakehouse fails to ingest Sub-items (Delta Tables)
Environment: Tenant 1 (Consumer): Azure Purview (Microsoft Purview Data Map). Tenant 2 (Provider): Microsoft Fabric (Capacity + Workspaces). Architecture: Purview in Tenant 1 is scanning Fabric in Tenant 2 via the "Fabric" Data Source using Azure Auto-Resolve Integration Runtime. The Issue: I can successfully scan and see Item-level metadata (e.g., Workspace Name, Lakehouse Name). However, I am getting Zero sub-item visibility. No Delta Tables, no Columns, and no sub-item lineage are being ingested into Purview. Configuration Verified: Service Principal (SPN): Created an App Registration in Tenant 2 (Fabric Tenant). Permissions: The SPN is a Member (and I tested Admin) of the target Fabric Workspace. Fabric Admin Settings (Tenant 2): Allow service principals to use read-only admin APIs: Enabled for the SPN's Security Group. Enhance admin APIs responses with detailed metadata: Enabled. Enhance admin APIs responses with DAX and mashup expressions: Enabled. My Specific Questions for the Product Team / MVPs/Members: Authentication Flow: For sub-item ingestion (Delta Tables) to work cross-tenant, is it sufficient for the SPN to be a standard App Registration in Tenant 2 (Provider), or does Fabric require the "Cross-Tenant Access" (Guest User) flow where a shadow SPN is created via the specific trusted external tenants configuration? API Limitation: Is the "Enhanced Metadata" API payload (metadata/subartifacts) restricted to Same-Tenant calls only during the current Preview? I suspect the API is returning a standard payload instead of the enhanced one due to the cross-tenant boundary. Workaround: Has anyone successfully forced ingestion of Delta Tables cross-tenant by using the Apache Atlas REST API to manually inject the schema entities, or is there a specific hidden toggle in the Fabric Admin Portal (perhaps specifically for "External Principals") that I am missing?
Purview Unified Catalogue Gov Domains Numeric Prefixing
Has Anyone Tried Numeric Prefixing for Governance Domains in Purview? Context: We introduced a structured numeric prefixing system for governance domains in Microsoft Purview to make hierarchical sorting more intuitive. What we did: Parent domains use a base prefix ending in .00 (e.g., 02.00 Group). Child domains are numbered sequentially (e.g., 02.01 Directorate, 02.01.01 Team). Why: Purview sorts domains alphabetically, which caused child domains (e.g., 02.01) to appear above their parent (02 Group). Adding .00 ensures parents always sort before children, creating a clear hierarchy. How it works: All already have 01.00- Top-level groups: 02.00 Directorates: 02.01, 02.02 Teams/Units: 02.01.01 This approach guarantees correct sorting, clear hierarchy, and scalability for future additions? Question for the community: Has anyone else implemented a similar numeric prefixing approach in Purview? Do you think this is a good idea for maintaining clarity and scalability? Any alternative strategies you’ve found effective?
Application filter in the activity explorer no longer populated correctly?
To distinguish between discovery findings in a setup that has both endpoint DLP and the Information Protection Scanner deployed, typically the "Application" filter in the activity explorer is used: It seems that recently the filter behavior changed and the list of applications the filter can use is built incorrectly. 'Microsoft Purview Information Protection Scanner' is no longer listed although documents with that property are present: The filter options are typically populated by the properties from documents within range and I have verified documents discovered by the MIP scanner exist: I am wondering if more people are seeing this and if a possible workaround is available.Microsoft Purview Roles for Data Consumers in a Data Mesh & Data Democratisation Environment
Reformatted Discussion for Community Feedback Recommended Microsoft Purview Roles for Data Consumers in a Data Mesh & Data Democratisation Environment I’m seeking guidance on whether the following set of Microsoft Purview roles is appropriate for typical data consumers within a Data Mesh-aligned organisation. The approach aims to support data democratisation while maintaining least-privilege access. Data consumers (All users) would be placed into a dedicated security group assigned to these roles, ensuring they have the best possible search experience across the Microsoft Purview Unified Catalogue, Data Map, and Data Health features. Unified Catalog Settings Global Catalog Reader Provides read-only visibility of all catalogued assets across the organisation. This role supports governance, compliance, and data discovery without granting modification rights. Using Global Catalog Reader simplifies onboarding and improves usability by giving users a consistent view of published business concepts and data products across all governance domains. Without it, visibility must be managed domain by domain through roles such as Governance Domain Reader or Local Catalog Reader, which increases administrative effort and limits discoverability. Sensitive domains can still apply additional scoped roles where required. Data Health Reader Allows users to view data health metrics such as completeness, freshness, and anomaly indicators. This supports data stewards, quality teams, and analysts in monitoring reliability without the ability to change data or rules. Unified Catalog Governance Domain Roles Data Quality Reader Provides insight into data quality rules and results within a governance domain. Useful for users who need to understand quality issues or compliance status without editing capabilities. Data Profile Reader (Conditional) Enables access to profiling information such as distributions, null counts, and detected patterns. However, profiling data may reveal sensitive information, so this role is best reserved for trusted analysts or stewards rather than being broadly granted to all data consumers. Data Map Role Assignments Data Reader Grants read-only access to metadata and lineage across the data map. This transparency is important for impact assessments, understanding dependencies, and supporting governance processes. Insights Reader Provides access to Purview Insights dashboards, including usage statistics, scanning activity, and classification trends. This role is typically valuable for managers or governance leads monitoring adoption and compliance. Summary Together, these roles aim to give data consumers the access they need for discovery, quality awareness, and understanding lineage; without exposing sensitive data or granting any capability to modify assets. The intention is to follow least-privilege practice while enabling meaningful self-service analytics.
Auto-Label Simulation does not simulate your rules exactly
When you’re building an auto-labeling rule and run a simulation, don’t expect it to fully follow your rule. Let me explain. It doesn’t evaluate everything. For example, if your rule says a document must match at least four regex patterns to count as a positive find, the simulation might treat a single match as a positive. Yeah, that’s frustrating. Here’s what works better: Build your Sensitive Information Type (SIT) and test it against individual documents first. Then create a policy that targets a small subset of data. Run the simulation, then turn on the policy. Check the results in Activity Explorer, which shows real production activity. Why can’t the simulation just run the full rule? Good question—we all wish it did.
