Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Purview - DLP license question

Copper Contributor

Hi all,

 

 I’m a little confused about the difference in features between M365 E3 and M365 E5. 

If I’m on E3, and I’m looking to monitor and stop PII date such as credit card information or bank account numbers from being sent out via email, will this data need to be manually labelled? Or can i add those sensitive data types as a conditional filter in my DLP policy? 

e.g. my DLP conditions will be to check for credit card data and block the action. 

Will this work with E3? Does DLP scan for PII during transit or is that an E5 feature. 

 

Secondly, my encrypted emails ask me to download the information protection viewer. Is that all E3 feature? I’m looking to get the encryption which lets user authenticate via One time code. Is that e5? 

thanks!

1 Reply

@SSood100 

 

If I’m on E3, and I’m looking to monitor and stop PII date such as credit card information or bank account numbers from being sent out via email, will this data need to be manually labelled? Or can i add those sensitive data types as a conditional filter in my DLP policy?

 

Auto-labeling is supported by the Microsoft E5 license and works for certain regions. The information protection viewer allows you to viewer encrypted non-office files on Windows, so does not depend on your subscription, it is free.

https://www.microsoft.com/en-us/download/details.aspx?id=54536

https://learn.microsoft.com/en-us/purview/apply-sensitivity-label-automatically

 

I’m looking to get the encryption which lets user authenticate via One time code. Is that e5?

 

When you send an encrypted email to a non Microsoft mailbox, the recipient should be required to view the email after authenticating with a one-time passcode, but if the email was sent to an internal user, there is no need for OTP. However, you could apply certain permissions, when creating the label, to restrict who is able to read the emails you send, internally.

 

https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/...

 

I hope this helps.