Microsoft Purview | Microsoft Community Hub

Pinned Posts

Purview Webinars
Feb 12, 2025
RenWoods

Forum Widgets

Latest Discussions

Microsoft 365 DLP Tutorial: Stop Sharing Sensitive Data in Teams, Outlook & SharePoint
🚨 Stop Credit Card Data Leaks in Microsoft 365! Are you sure your organization isn’t accidentally sharing sensitive financial data in Teams, Outlook, or SharePoint? In my latest YouTube tutorial, I show you how to create Microsoft Purview DLP policies to block credit card numbers and keep your data secure. ✅ Step-by-step demo ✅ Best practices for compliance ✅ Coverage for Teams, Outlook & SharePoint 🎥 Watch the full video here: https://youtu.be/medYrVuXMI0 #Microsoft365 #Security #Compliance #DLP #DataProtection #Teams #Outlook #SharePoint
GiulianoDeLuca
MVP
Sep 17, 2025
DLP Policy tips
27Views
1like
0Comments
Auto labelling Policy on Fabric Data assets using Data Map Scan
Hi Everyone, Can you please confirm does the Purview Data Map scan automatically tag sensitivity label to Fabric data assets (Lakehouse delta tables) using auto labelling policy?
BanuMurali
Copper Contributor
Sep 17, 2025
data map
fabric
Information Protection
Lakehouse
microsoft purview
7Views
0likes
0Comments
Apply Sensitivity label on SharePoint or Teams site to block offeline sync
Hi All, I was wondering is there any way if we apply a label toa SharePoint or Teams site (backed by SharePoint), we can enforce restrictions such as "Don't allow offline sync". Thanks in advance, Dilan
Solved
dilanmic
Iron Contributor
Sep 16, 2025
Information Protection
onedrive
purview
Sensitivity
sharepoint
55Views
1like
2Comments
Linking Data Fields to Glossary
A glossary has been uploaded into Purview which we can see under the unified catalogue. However, in the data map when we view/edit data assets - we would like to link glossary terms to some of the fields. However, the glossary column seems to linking to the old glossary list and not the new glossary which we see under unified catalogue... Has anyone else experienced this? And if so, is there a way around it (apart from loading the glossary in two different places and having to maintain two versions of the glossary on the same platform - which doesn't seem optimal). Thanks
Solved
Gaz31
Copper Contributor
Sep 15, 2025
144Views
1like
3Comments
Accessing Content explorer data via SPN
Hi all, I am trying to get all the data from Content explorer for SITs matched files using https://learn.microsoft.com/en-us/powershell/module/exchange/export-contentexplorerdata?view=exchange-ps. I can run the command(Export-ContentExplorerData) when using User-Principle login but having issues while running it on SPN. For SPN Permissions, we followed the steps here https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps assigned all the permissions on the page but still having issues when running the script. One of the permission for SPN that seems mandatory is Content Explorer Content viewer. Now in purview portal, we are not able to assign this permissions to SPN as it throws an errror "Adding SPN to purview role groups is not supported" Can we run this command(Export-ContentExplorerData) based on SPN(using application permission)? if yes what are the permission we need to assign to that SPN. Thanks in advance
Solved
mrityunjay6492
Copper Contributor
Sep 12, 2025
Content explorer
powershell
Sensitive Info Type
161Views
0likes
3Comments
Copilot DLP Policy Licensing
Hi everyone We are currently preparing our tenant for a broader Microsoft 365 Copilot rollout and in preparation to that we were in the progress of hardening our SharePoint files to ensure that sensitive information stays protected. Our original idea was to launch sensitivity labels together with a Purview data loss prevention policy that excludes Copilot from accessing and using files that have confidential sensitivity labels. Some weeks ago when I did an initial setup, everything worked just fine and I was able to create the before mentioned custom DLP policy. However, when I checked the previously created DLP policy a few days back, the action to block Copilot was gone and the button to add a new action in the custom policy is greyed out. I assume that in between the initial setup and me checking the policy, Microsoft must have moved the feature out of our licensing plan (Microsoft 365 E3 & Copilot). Now my question is what the best licensing options would be on top of our existing E3 licences. For cost reasons, a switch to Microsoft 365 E5 is not an option as we have the E3 licences through benefits. Thanks!
Solved
Stefan19x9a
Copper Contributor
Sep 10, 2025
copilot
data loss prevention
dlp
purview
127Views
0likes
2Comments
AI Activity Explorer Not Showing Content
I am getting an error indicating "Additional permissions required. Your role can't view AI Visits or user risk levels. For permission, ask an administrator to change your role." I am currently an Entra Global Admin, Entra Compliance Admin, and Purview Compliance Admin, and have other roles. I do see based on the dashboard graph I should bee seeing data. What other roles may be necessary or what other configurations may be missing?
MarcRohde
Iron Contributor
Sep 09, 2025
514Views
2likes
3Comments
DLP Policy Blocking Invoices Containing Sensitive Info – Exception Not Working
Hello, I have implemented Microsoft Purview DLP policies in my organization to protect sensitive information such as Aadhaar Card, PAN Card, Driving License, and Credit Card numbers. The policies are working fine and successfully blocking sensitive data. However, I am facing an issue with invoices. When sending invoices internally or to clients, emails are getting blocked because they contain sensitive details like PAN or Aadhaar numbers. I tried adding an exception rule for invoices using the following regex in a Sensitive Info Type (SIT), and included this SIT in the NOT condition of the DLP policy: (?i)(invoice|bill|tax\s*invoice|gst\s*invoice|receipt)\s*(\b[0-9]{12}\b|[A-Z]{5}[0-9]{4}[A-Z]|[A-Z]{2}[0-9]{13}|\d{13,16}) Despite this, invoices are still getting blocked. Has anyone encountered this issue? What is the correct way to configure exceptions in DLP so that sensitive information detection continues to work but invoices containing sensitive info can still be sent? Any guidance or best practices would be greatly appreciated. Thanks in advance! DLP Policy configuration Screenshots.
shreyabhurkuse
Copper Contributor
Sep 08, 2025
62Views
1like
1Comment
Purview - Default Labelling Issue
There is a proposition to simplify the current sensitivity labelling architecture since we had too many labels that basically is going out of hand. We basically simplified by choosing the most used labels and copying them as new using the same set of permissions and encryption policies applied. We duplicated instead of using the existing one's since we do not want to use sub categories and simplified by just have a drop down list. Everything is looking fine during the test phase but the issue is that the default label is still pointing out to the old label instead of the new one for random users on the office client apps. And some users doesn't have any issue at all. For instance - I have no issues on my Office client apps or OWA on my laptop where as on the CPC, the default label is still pointing to the old label on Office client apps and not being applied at all on OWA. I have set the highest priority to the new labels and all that. Issue still persists. Any advice / help would be greatly appreciated.
Solved
B2B
Copper Contributor
Sep 07, 2025
accessibility
380Views
0likes
3Comments
Deletion of an SharePoint website with an adaptive scope
We are using a retention label "Keep forever" which we have published via a retention policy. In this policy, we have established an adaptive scope based on a KQL query which selects a large part (but not all) SharePoint websites in our tenant. Since there are several new sites created every day in our tenant automatically, adding sites manually to a static scope doesn’t make practical sense. This has worked well. Now we ran into the usecase that we would like to delete a number of (old and not used anymore) SharePoint websites. My first idea was to change the KQL statement and add a NOT Operator inside of the statement. This was fine. However, from studying the material on MS learn, this will trigger a 30 Grace Period for these sites that have been removed from the adaptive scope, although they are not part of retention policy anymore (visible by the policy lock up function). I read that there is a way to EXCLUDE sites from a retention policy (which doesn’t trigger the 30 Grace Period), however this option seems only to be available when using static scopes and not adaptive scopes. Does anyone know a way to retain the flexibility provided by the adaptive scope and not be affected by the Grace Period?
SimonL2250
Copper Contributor
Sep 02, 2025
Adaptive Scope
retension policy
Retention Label
80Views
0likes
3Comments

Resources

Tags

purview101 Topics
microsoft purview49 Topics
Sensitivity Labels13 Topics
ediscovery12 Topics
Azure Purview11 Topics
Retention Policy11 Topics
Information Protection9 Topics
Retention Labels8 Topics
endpoint dlp8 Topics
labels7 Topics