Microsoft Information Protection
516 TopicsAuto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! KevSharing: All Built-in SIT categorised
So, Microsoft Purview gives you 313 built-in Sensitive Information Types (SITs)—yes, I counted! When I worked with an Cyber Risk auditor, one of their ask was categorizing all the items that we decided for it to be deployed. This was a bit of a nightmare, so I took one for the team and grouped them into three neat categories: PII, Financial, and Medical. Now, I’m sharing it with you so that my struggle can save you the headache. You’re welcome! Download the excel spreadsheet here:All SIT list and their categories.xlsxAIP scanner job error: Policy is missing
We deployed AIP scanner couple of weeks ago and completed a scan and got the scan report. This week edited the scan job to automatically label the documents with a default label. Now we noticed that scan job is failing to run and in the "Scanner Nodes" we see "Policy is missing" error under "Content Scan job status" We know our configuration is good, because it finished the scan once 2 weeks ago and then only change we did this week is to modify scan job. Any suggestions?1.2KViews0likes2CommentsPurview Information Protection for internal and external emails
I'm working with an organisation that is starting to use sensitivity labels. They have Office 365 E3 licenses. The current plan is to set up a default label for documents and emails called "Internal Only". This label will encrypt contents and grant co-author permissions to all staff. The challenge will be when emails include external recipients. Ideally, the user will change from the default label to one that grants access to any recipients. However, I can imagine that there will be many cases where they forget to do this. If we had Office 365 E5 licenses, we would have the option to create a DLP policy to show a policy tip. I I would expect this would reduce the incidents of mislabeling. I have seen recommendations to avoid encrypting by default and only use it where needed. However this client is keen to use encryption to protect as much content as possible. One suggestion could be to change the default email label to only grant access to the sender and recipients, regardless of whether they are internal or external. I'm interested in any real-world feedback on how others have tackled this issue.Sensitivity column in Windows Explorer populated
Hi Does anybody know when the sensitivity column in Windows explorer will be populated? Currently the only way I see which label is applied to a file is either through AIP unified labeling client, sharepoint document libraries or open a file. Thanks for a feedback. Best regards PhilippSolved15KViews5likes26CommentsAIP: Rights Management template can't be found
Hi All, I got the below error message (screenshot) while trying to apply the confidential label i have created. I have set my Confidential label permissions: Protection: Azure (cloud key) Set permissions Users: all members Permission: either of these preset permission: Co-Owner, Co-Author, Reviewer, Viewer and Custom not working when applying this Confidential level to client ms word, excel, etc. I have attached the screenshot of the error i encounter on client side. Newbie question here, do i need to create a label template in Rights Management? I thought this right management is already the AIP? Thanks in advance!Whenever login into the office applications different OTP needs to be applied Outlook and teams
When signing into Office applications, adifferent OTP is required for both Outlook and Teams. To address this issue, there is any resolution this issue supports or a supporting document as proof to confirm that this is a standard procedure.Inactivating some of the builtin Microsoft Sensitive Information Types / SITs?
In Purview's CONTENT EXPLORER we see all 300+ built-in Microsoft SITs being discovered - about 2/3 of which aren't relevant to my org (i.e. identification numbers, social welfare numbers, passport numbers, revenue numbers, etc. from other countries - PNG attached with a few of them highlighted). Is there any way to inactivate or NOT search for/identify these irrelevant SITs?Old Tenant Name visible in Outlook Desktop Client under Protect button
Hello I have a two accounts (two is a minimum to see Tenant Name in front of your email address) added to Outlook Dekstop client. When i create new email and try to Encrypt email using Options > Encrypt button i can see Old tanant name in front of my email address. Organization Settings in admin portal were changed, change is visible in azure portal as well but old tenant name is still visible in outlook. I've found PS command Get-AipServiceKeys which showed me AipServiceKey where old tenant name is visible. Contoso is an OldTenantName Tried to userSet-AipServiceKeyProperties with-RefreshSlcName switch on this key but even command completed succesfully, there is still old name visible underFriendlyName property when i runGet-AipServiceKeys Do you know how to generete new key with correctFriendlyName or how to refresh name in current AipServiceKey? Thanks for your help PS. Microsoft is trying to find answer for my issue since december and there is no any valuable feedback from them.AIP - running Execute-AzureAdLabelSync appeared to do nothing
Hello I have Azure P1 licensing and M365 Business Premium. I would like to use Purview/AIP for Teams/Sharepoint. The "groups and sites" checkbox is not enabled when creating a new sensitivity label. I followed the steps, connecting with Powershell 7, WinRM as basic, connected to exchange poweshell, etc. I ran "Execute-AzureAdLabelSync" several times. It did not error and returned to the prompt with no feedback. It took maybe 4/10th or a second to run, so long enough to have done something, but no error and no confirmation of success. I am usually good at getting powershell errors, so I know one when I see it. I am running these commands as global admin. This page implies I have the correct licensehttps://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance. Any ideas as to what I am doing wrong? thx