Pinned Posts
Forum Widgets
Latest Discussions
Microsoft Purview - Endpoint Data Discovery
Hi all, I wanted to understand Microsoft Purview’s capabilities around data discovery on Windows endpoints, specifically in a legacy data scenario. Use case: We have data residing on Windows machines/endpoints that is: Legacy in nature Not being actively moved, migrated, or modified Sitting at rest on local disks (user endpoints) Questions: Can Microsoft Purview perform data discovery or classification on such endpoint‑resident data? Does Purview support scanning or discovering data on Windows endpoints at rest, without requiring the data to be uploaded, migrated, or modified? If not directly, are there any supported approaches or workarounds (e.g., via integrations with Microsoft Defender for Endpoint, Information Protection scanners, or other Purview components) to achieve this? What are the current limitations of Purview when it comes to endpoint-based data discovery?
How to remove/modify a sensitivity label for many SharePoint documents?
We would like to implement Purview sensitivity labels for our SharePoint sites. We would like to use auto labeling. Before we start the implementation, we would like to test some rollback scenario. How to remove/modify a sensitivity label for many SharePoint documents?
Unified Catalog activity / usage reporting
Hi, We are building out our data products and glossary terms in Purivews Data Governance Unified catalog. I’d like to get some metrics on data consumer activity/usage. Metrics like how many users running searches for terms or data products. How many people navigating into data assets to discover data, etc. I haven’t found any reports like this. Is there any audit logs specific to data governance I can query? I’m trying to gauge user adoption. thanks
Sensitivity Label Permissions
Hello, I have set up sensitivity labels within my company. I have Public, Standard, Confidential and Highly Confidential. When testing with my external email (e.g. Gmail and Yahoo) I am prompted to enter the one-time passcode when opening an email from my test account. But then I tested with an external user who has an Outlook email and he was not prompted to enter the one-time passcode. "Authenticated Users" is included in Standard, Confidential and Highly Confidential permission control when setting up the labels. Is this the normal behavior for the one-time passcode only being prompted for Non-Microsoft emails? Can the one-time passcode be prompted for Microsoft (Outlook) domains? Also how can I have multi-factor authenticator apply to my labels for external clients/users? Any help would be much appreciated. Thank you!
DLP Policy exclusion if any of the recipients are internal
I am trying to add an exclusion to my DLP policies when one of the recipients of an email is from a trusted domain. To do this I Added a group to my rule and used the AND NOT Recipient domain is with a list of approved domains. the rule works for email to a single recipient but not when there are multiple recipients
How do you work around the client restrictions for opening encrypted documents?
We are wanting to roll out Purview sensitivity labels. Specifically, encrypted labels so we can implement controls such as preventing printing, copy/paste, etc. The issue we have ran into is that once an Office doc is encrypted, there appears to only be two ways to open the document: In a licensed Office desktop client Sharing a link to the document in SharePoint so it can be opened in a web browser. We share documents with a large variety of 3rd parties that do not use Office. Many are small businesses who seem to prefer Google Workspace, so no Office clients. The SharePoint web browser option also does not work for us as we require users to have an Entra ID account to access our SharePoint, and it would not be feasible to onboard the number of external users we share documents with (nor to purchase O365 licenses for all of them). We considered using both encrypted and non-encrypted labels and using encrypted only when the recipient uses office. However there is no way for our internal users to know if the person they are sending a document to is using Office. So now we are left not really knowing what to do. I would love to hear some suggestions for how other organizations handled this.
Getting sensitivity label working for specific domain
Good morning all I am trying to setup a sensitivity label to work so anyone with '@mail.com' will have access to a document that has this label. I have attempted to apply this in the control access settings with the label under 'Add specific email addresses or domains' However for the life of me, I cannot get this to work, I have tried "*@mail.com. mail.com, mail.com", nothing seems to work. I have run through the MS material on this and can't see anything specific to setting this up. Has anyone been successful in setting this up? Is there a trick I am missing? Grateful for anyone who can help on this!
