Get-DLPDetailReport not showing SPO

%3CLINGO-SUB%20id%3D%22lingo-sub-1111213%22%20slang%3D%22en-US%22%3EGet-DLPDetailReport%20not%20showing%20SPO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1111213%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20trying%20to%20get%20the%20DLP%20logs%20from%20O365%20to%20discover%20the%20sensitive%20data%20that%20is%20in%20Office%20365%2C%20including%20Exchange%20Online%2C%20Sharepoint%20Online%20and%20OneDrive.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20that%2C%20I%20am%20connecting%20to%20Exchange%20Online%20Powershell%20using%20Connect-EXOPSession%20and%20I%20run%20the%20Get-DLPDetailReport%20cmdlet.%20Over%20the%20last%20few%20days%2C%20I%20am%20getting%20over%205000%20entries%20but%20they%20are%20all%20coming%20from%20the%20EXCH%20source%20(Exchange%20Online)%20except%203%20logs%20that%20are%20coming%20from%20ODB%20(OneDrive).%20Nothing%20from%20the%20SPO%20source%20(Sharepoint%20Online)%20which%20makes%20no%20sense%20to%20me%20since%20we%20have%20many%20files%20that%20have%20sensitivity%20information%20in%20them.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20test%2C%20we%20saved%20many%20files%20that%20have%20SIN%20numbers%2C%20credit%20car%20number%20and%20other%20sensitivity%20information%20types%20in%20them.%20To%20make%20sure%20that%20they%20would%20be%20indexed%20(since%20DLP%20logs%20seems%20to%20be%20based%20on%20the%20Sharepoint%20index)%2C%20We%20opened%20and%20edited%20these%20files%20many%20times.%20Many%20days%20have%20passed%20but%20still%2C%20I%20have%20no%20logs%20from%20SPO%20in%20the%20DLP%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20a%20Sharepoint%20expert%20and%20I%20was%20wondering%20if%20there%20could%20be%20anything%20that%20would%20cause%20this%20issue%20like%20Sharepoint%20permissions%20that%20could%20be%20to%20restrictive%20for%20the%20DLP%20to%20discover%20the%20sensitivity%20information%20in%20the%20files%20stores%20in%20SPO%3F%20Or%20maybe%20some%20SPO%20sites%20that%20would%20be%20excluded%20from%20being%20indexed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20will%20be%20more%20than%20welcome!%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3ECharles%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1111213%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EData%20Loss%20Prevention%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hello,

 

We are trying to get the DLP logs from O365 to discover the sensitive data that is in Office 365, including Exchange Online, Sharepoint Online and OneDrive.

 

For that, I am connecting to Exchange Online Powershell using Connect-EXOPSession and I run the Get-DLPDetailReport cmdlet. Over the last few days, I am getting over 5000 entries but they are all coming from the EXCH source (Exchange Online) except 3 logs that are coming from ODB (OneDrive). Nothing from the SPO source (Sharepoint Online) which makes no sense to me since we have many files that have sensitivity information in them. 

 

For the test, we saved many files that have SIN numbers, credit car number and other sensitivity information types in them. To make sure that they would be indexed (since DLP logs seems to be based on the Sharepoint index), We opened and edited these files many times. Many days have passed but still, I have no logs from SPO in the DLP logs.

 

I'm not a Sharepoint expert and I was wondering if there could be anything that would cause this issue like Sharepoint permissions that could be to restrictive for the DLP to discover the sensitivity information in the files stores in SPO? Or maybe some SPO sites that would be excluded from being indexed?

 

Any idea will be more than welcome!

Thanks!

Charles

 

0 Replies