Forum Discussion
Purview Insider Risk Management - Site Classification
Hi All,
We use Purview Insider Risk Management to monitor for data risks. Its tuned and working very well for us. I have a question around the way one of the triggers classifies the activity. I'm sure its easy to change I just cant figure it out so any help appreciated.
We trigger a number of Cumulative exfiltration activity events, with the main trigger being xxx events: Files copied to personal cloud storage: when we look at the activity explorer event we can see that its files being uploaded to either Corporate OneDrive or SharePoint.
My question is I cant find where I can re-classify our SharePoint portals as Corporate and not personal, essentially I don't care that people are uploading to our corporate portals. Its the D/Ling that's important.
Its driving me nuts trying to find it! Please help
1 Reply
- I turned off the indicators for Corporate OneDrive in IRM and then added contoso-my.sharpeoint (onedrive base domain) to our whitelist in IRM. That seemed to reduce the activity for it.
Do you mean adding a sensitivity label to a site?
