Forum Discussion
Microsoft Purview to detect passwords
Hi All
What would you recommend for scanning and setting up scheduled scans in Microsoft Purview to detect passwords or sensitive credentials stored in SharePoint sites and OneDrive?
We would like to discover whether anyone has shared or stored passwords in SharePoint or OneDrive, as we have already had an incident because of this.
Are there any recommended Purview solutions, policies, or detection rules we should use for this? Ideally, we would like to schedule regular scans and receive alerts or reports when potential passwords, credentials, or secrets are detected.
Any advice or recommended approach would be appreciated. thanks
thanks
Miro
1 Reply
There's a built-in SIT for passwords, see https://learn.microsoft.com/en-us/purview/sit-defn-all-creds
This should cover not just user credentials, but also API keys, client secrets and so on. Just be ready to handle lots of false positives :)
