Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution to know your data, protect your data and prevent data loss across an enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more.
Microsoft’s unified analytics solution provides a simple and unified approach to protecting sensitive information from risky or inappropriate sharing, transfer or use. In this release, Analytics supports the customers with the ability to view the below activities within Microsoft 365 Activity Explorer and audit.
This public preview will showcase the below capabilities:
Office native sensitivity labeling events in the unified analytics solution
Audit log information includes label activities such as when label is applied, changed, removed and more. This is in addition to the already available logs in Activity Explorer covering Endpoint DLP, service based labeling and retention labeling activities.
Figure 1 – Activity Explorer view of label activity from office native
AIP audit events in the unified analytics solution
In Public Preview, Microsoft 365 Compliance Center’s enhanced unified labeling and analytics experience now offer support for the most awaited ‘Azure Information Protection (AIP) audit logs’ including exploration of all activities.
With this update, events reported by the AIP unified labeling client, AIP scanner, and MIP SDK can now be stored in Compliance Center and displayed along with events from Office 365 cloud labeling and DLP activities. See below representation of AIP audit events in M365 Activity explorer, you can use the application column to segment and investigate the data from AIP.
Figure 2 – Activity Explorer view of application detail from AIP
Known limitation: We had an issue of multiple "File read" ("Access") logs when a file is opened and saved with the AIP version of client lower than 2.8.85. This issue has been addressed in clients version since then and we recommend customers to upgrade to a version higher than the above so that the client sends only one "File read" ("Access") log when a user opens a labeled/protected document.
How to get started
If you have already configured your Log Analytics workspace in the AIP area of the Azure AIP portal, we have already onboarded your tenant and the audit events are now also stored also in the Compliance Center. You can start exploring them from within the Compliance Center experience in M365 Activity explorer.
If you have not configured your Log Analytics workspace in the Azure portal, and wish to explore your AIP audit events in the Compliance center, fill in this form and we will onboard your tenant.
DLP rule match events in the unified analytics solution
DLP rule matches generated in Exchange, Sharepoint, OneDrive, Teams and On-premise will be available in Activity explorer under an activity called ‘DLP rule matched’.
In addition, sensitive information type and matched text with the surrounding context (wherever available) will be available in the preview window. This capability provides DLP policy administrators with the ability to quickly assess if a detection is a true positive or not so they can initiate the appropriate remediation actions.
Figure 3 – DLP events available across locations
Clicking on the Sensitive information type opens up the panel with hit summary and contextual details:
Bhavanesh Rengarajan (Microsoft Information Protection team)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.