User Profile
FahadAhmed
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
OneDrive DLP false positive issue
Hi, We are currently facing a very absurd issue, we have opened the support case with Microsoft and seems like they are unable to resolve the issue. We have a DLP policy implemented where any file shared to outside of organization through One Drive or Sharepoint will trigger the policy. Currently there are thousands of alerts in Activity explorer for policy hits. however, investigation shows that its just user files syncing to one drive and still DLP policy is being triggered. any one has experienced the same issue?862Views0likes1CommentIs there One Drive Microsoft Purview allow for some and block for all policy??
Hi all, I am trying to implement Microsoft Purview DLP policy for a User group A sharing documents with User Group B but blocking sharing to all other organization. I am not able to find a way to implement this usecase. As either I can block all internal users or allow all internal users, but not allow for some departments and block for all other departments. Can any one help? Thanks Fahad479Views0likes0CommentsError: DocumentCreatedByMemberOf' Parameter is supported only in None locations.
Hi, Currently trying to apply DLP policy to Sharepoint and One Drive and getting the below error message. "DocumentCreatedByMemberOf' Parameter is supported only in None locations. Either remove the parameter or scope policy only to None." Any thoughts why this is popping up, no Sharepoint sites or Users are selected. Thanks Fahad637Views0likes0CommentsRe: Table based transformation not working when onboarding systems through AMA agent
Thanks for the guidance bill, I have figured out the answer. Table based transformations donot apply for AMA based log ingestions, we will need DCR. Performed DCR based transformation and its working fine. Thanks574Views0likes0CommentsAllow Certain User groups in Sharepoint DLP policy
Hi, We want to allow User group A and block all other groups in a sharepoint policy. The policy is to be applied on label "Confidential". In DLP for Sharepoint Policy, I can see the option of document created by but there is no option for "Recipient is member of distribution group" so I am unable to exclude User Group A. Can anyone guide, how we can achieve the above? Thanks Fahad.455Views0likes0CommentsRemove Credit Card data before uploading to Sharepoint
Hi, We have some incoming data being store in SharePoint that contains Credit Card info, are you aware if there is a tool that can remove any Credit Card Data from these files before it is uploaded. The policy we have in place is blocking access to the files with exception of the person that uploaded. Is there is any working solution in Purview for this requirement? any thoughts are welcome. Thanks Fahad983Views0likes2CommentsRe: AIP UL Scanner database schema issue (DB pre-created)
mykhan, see if this link works https://alberthoitingh.com/2020/12/08/handeling-errors-information-protection-scanner/#:~:text=Failed%2CRepository%20configuration%20is%20incorrect.%20As%20this%20message%20indicates%2C,file%20and%20to%20match%20for%20sensitive%20information%20types.1.6KViews0likes1CommentAutomatic Guest User Enrollment in Azure AD when sending encrypted doc through Exchange
Hi, We have a scenario where we want to send out encrypted document to external user outside organization that is currently not added in our tenant as a GUEST user. From the documentation, I found a link for automatic user registration/enrollment as a Guest if document is shared through Sharepoint or OneDrive (https://learn.microsoft.com/en-us/sharepoint/sharepoint-azureb2b-integration Is there any reference documentation or assistance how we can get automatic guest enrollment if sending out encrypted document through Exchange? Any help will be appreciated. Thanks FahadSolved899Views0likes3CommentsHow to send encrypted documents outside organization without adding guest user accounts in tenant
Hi, we have a problem and would like to know the thoughts on how to address it. We want to send encrypted documents to any outside users/organizations (that are not part of our tenant and have not been added as a guest user) if I use "Let user assign permissions" in the label then the label disappears in the Ms Office (word, excel etc...) so I cant use this option If i use "Assign permissions now" and select "all authenticated users" then the label comes back, I can apply the label but since the user is outside my organization and not even registered as a guest user in the tenant then they cannot open the file. Practically there are over 5000 users in our organization and we cannot simply add all outside organizations into new M365 groups to have them added in our tenant. how can we address this issue?? I am running out of thoughts here. any help is appreciated. Thanks FahadSolved2.4KViews0likes4CommentsTable based transformation not working when onboarding systems through AMA agent
Hi, We initially had a few servers with MMA agent deployed, we performed transformation on "SecurityEvent" table to drop unwanted event IDs. Now when we are installing AMA agent on the same machines, somehow the event IDs that we excluded on Table level are appearing in the log analytical workspace, which means that table level transformation is not working. Can any one guide if this is what is supposed to happen incase of AMA? As per my understanding, DCR tells the systems to collect logs and send it to designated workspace and transformation is applied on table level. We donot want to write Xpath queries to filter those event IDs as this will be additional effort and were hoping if onboarding logs through AMA and using table level transformation could help us drop unwanted logs. any help is appreciated. Thanks Fahad692Views0likes2CommentsBest practice for enabling policies in Production
Hi, we have around 30 keywords that were used in auto labelling policies to perform simulation on MS teams, Exchange, Sharepoint and One drive. There is enormous amount of data that is visible and tagged against those keywords in Content explorer. What is the best practice to review all this content to avoid false positives, we cant go each n every document or email to see how keywords r applied. Neither we nor client can review thousands of files to identify false positives n fine tune, was wondering how others are over coming this issue? thanks in advance. FahadSolved773Views0likes2CommentsRe: DLP policy to block access to external organization however allow access for some external domains
Thank you Mike, this was exactly what I was looking for, appreciate you always sharing screenshots as they provide better understanding. A note for all, I selected Exchange, One Drive, MS Teams and Sharepoint sites in one policy which was not showing up the "NOT and Recipient Domain option", once I only selected Exchange, then I could see the Recipient Domain options. Thank you mike once again for the quick response and providing this clarity.7.7KViews0likes0CommentsRe: Endpoint Autolabel policy not working
Checked the policies are the same along with the office versions. The issue is related to my another thread where if I select "let user apply the permissions" and Auto labelling policy, if I disable the auto labelling policy then everything works fine. I saw your comment on the other thread, thanks for the help there, will work it out and update accordingly. For now, will consider this thread as resolved.424Views0likes0Comments
Recent Blog Articles
No content to show