Inbound Screening & PCI-DSS
PCI-DSS frowns on having credit card numbers and related information in systems not otherwise in scope. Yet we sometimes have law enforcement asking for us for researching by these very terms; they send these sometimes via E-mail. I wonder therefore whether Exchange can screen using DLP policies, with the intent of adding controls, such as masking or adding "no forwarding, no printing," and so on. Possible? Advisable?
AADSTS50020: protected PDF issue for external users
I have been recently (don't know when it was started) observed getting error from protected PDF (sensitivity label with user defined permission) file while trying to open that pdf via AIP viewer mobile app (Android/iOS) AS external user (who has permission to open/view). No issue with Office file types protected. external (not internal, not guest) user (currently testing with gmail.com account, other O365 tenant user) getting error as attached from AIP view mobile app. We do have AIP excluded at conditional access policy which helped so far to avoid this problem for external users. Is there been any recent change in behavior around user defined protected PDF? Since user having problem is external, have no clue where to look for log and start investigation. Error code: AADSTS50020Sharing: PDF readers that support Purview labels
As I was researching on Adobe Acrobat reader and Sensitivity labels, I decided to check if the common alternative PDF readers out there are able to support Purview MIP Sensitivity labels. There is already a published documentation on this for SharePoint-Compatible PDF readers that supports Microsoft IRM: https://learn.microsoft.com/en-us/purview/sp-compatible-pdf-readers-for-irm (last updated Nov-2023) but I wanted to see if these same PDF readers supports the ability for end-users to use/ select labels similar to that of Adobe Acrobat As of 11-June-2025; atleast one of them clearly do: Nitro PDF: Yes. Documentation shows that users can see and use the sensitivity labels. PDF -X.change Editor: Yes. Documentation show that users can see and use the sensitivity labels. (check the official website, I can't hyperlink it because the site is blocked. FOX PDF editor: No. Documentation only states RMS and not clear if it show Purview labels. This is for F.O.X.I.T editor (spelled without the ".") but for some reason there is a community ban on that word and it won't allow me to post the full name PDFescape: No. Sumatra PDF: No Okular: No If there are other PDF readers that I've missed, I encourage you list it down in the comment below. Would love to grow this list.
Journaling and AIP- emails in cryoserver landed not encrypted
We used AIP in our org and want to encrypt emails. We used build in - encrypt-only and some custom labels in Outlook. Emails are fully encrypted based on the labels but copies of this emails kept (forwarded by dedicated connector) in cryoserver (journaling) are not encrypted. Is any AIP option to fix it?Export MDCA policy matches information via web console or API
Hi Everyone, This is my maiden post and thought this community to be able to give me guidance and help on my situation. I have created a policy to detect file violations using defender for cloud apps (previously MCAS), and the total count has reached approx. 1.2 million for specific Azure Info Protection (AIP) labels that matches the files stored on OneDrive and SharePoint Online. I'd like to export the records in an efficient manner, and I've explored: 1) via website, which limits to 5,000 records onto csv file 2) via Graph API which limits to 100 records every 2-seconds based on API calls limit imposed system wide Both are not working out, as (1) I can't live with 5,000 records, and the work around would be to implement an RPA via say PowerAutomate desktop or UI Path to do some form of web-scraping to download records and changing the advanced filters to a modified date range... even then, I am not quite sure how to do this yet, and if someone out there knows it, do let me know so that I can attempt to figure out via self-learning. Option (2) which is the method I've attempted, is futile as the process is inconsistent and I am continuously facing errors every time I execute scripts to download the records and export them onto the csv file. I'd like to know if anyone in the community has a better way/approach for me to deal with this situation. I tried to segregate my policy by the year of detection (2020, 2021 and 2022), and I am seeing 500k records for 2022, and 300k records for 2021, likely another 400k records for 2020 and before. I am quite stuck at the moment and would appreciate if anyone have any ideas on how to deal with exporting the information captured in the policy which I've created to detect file violations on the tenant. Caroline_Lee GershonLevitz-MSFT for visibility and recommendations.. 🙂
Trouble in Opening MIP Files (Azure information Protected Files)
The latest Microsoft Edge stable version 109 for Windows and Mac has issues opening MIP files. We receive a message stating "Something went Wrong" When we downgraded Edge to the Version 108 we are able to open the MIP files in Windows and Mac Is anyone else having the same issue?
Azure Information Protection unified label
Hi Azure Information Protection (AIP) reached end-of-life April 1, 2021. I need to modify the existing labels and labeling policies in the MS 365 Compliance center since it's not available in Azure anymore. I have already activated Unified labeling, but when I do update on the labels and policies in o365 and publish it nothing changed in the labels for the clients. here is the page that I can see in Azure AIP page: any idea? Thanks in advance.
