DLP Exception for "Permission Controlled" Not Working (Microsoft Purview | RMS Template | Encrypt)
Hello, We are in the process of moving some of our mail-flow / transport rules over to Microsoft Purview. We don't want the DLP policy to apply when people click their "Encrypt" or "Do not Forward" buttons (RMS templates; OME encryption.) Putting "Permission Controlled" in the exceptions group should theoretically let the emails go through. The exception we have for when people put "Encrypt" in the subject line works (we have a mail-flow rule that encrypts those emails.) But actually clicking "Options" > "Set permissions on this item" > "Encrypt" doesn't remove the policy tip on an email draft, and people are unable to send the emails. Can someone verify that this rule is constructed properly? If so, we may have to reach out to Microsoft Support. Thank you so much for your time and help!
Disable OneDrive Retention Policy for One User Account
We have one OneDrive default retention policy for all staff in M365. We have one user, because of the work they do, has one file that is rewritten many times during the day which creates an incredibly huge version history. I can't delete the version history because of the retention policy. I don't need more than a day or two retention. It looks like I can create an exclusion by going to Admin portal --> Compliance --> Data Lifecycle Mgmt --> Microsoft 365 --> Retention Polices --> I keep clicking Next till I get to "Choose Where to Apply This Policy" then I select OneDrive accounts. Under Included we have "All user accounts". Under Excluded we currently have "None". In order to exclude someone I need "remove all the included ones". In order to include someone it looks like I have to remove all the excluded ones. Clearly I am either misreading this or just not understanding. I need to exclude this one user or be able to delete the many 100's of versions of this one file. Your help is appreciated.passcode expiry on personal devices
My work has enabled enforcement of minimum password security requirements for personal mobile devices accessing work email. Unfortunately, this imposes a requirement to frequently change the device pin code which is annoying everyone. Our IT admin wants to remove this requirement while still enforcing a minimum requirement that devices must have a pin code but doesn't know where to find the relevant setting in Azure AD. We don't have any devices enrolled in Intune as that requires a P2 licence which we don't have. Any guidance that I could pass on would be appreciated.
Data Retention, Compliance, and Litigation Holds
We recently revamped our data retention policies and now I need to set up everything in M365. In the past, we would enable litigation hold under the user's account. Since that only does email, that is not enough. We are now drastically shortening our retention policy and it's critical that all data for a user is accessible if they were brought into a litigation issue. So if we were subpoenaed, I would "freeze" the users data and then it would be possible to search if we were required 1/2/3 months down the road. Is the best way to do this by starting an eDiscovery search and placing everything on hold but not searching for anything? Then, if we were required to search the account, I would edit that eDiscovery hold to include specific queries? Or maybe I would create a "Litigation Hold" retention policy outside of the new default one that would hold their data indefinitely? That seems like a pain to exclude the user and then add them to the other and probably not efficient. Looking for advice from anyone who does this a lot as Microsoft gives a ton of options.. which is great, but it makes it difficult to know the best way when handling critical data.
Microsoft Data Retention and Destruction
Our compliance team has requested we shorten our retention policy on data. From the numerous sys admin jobs I have had, I have never had to deal with this because we typically had a 10+ year retention policy. So all of this new to me and I wanted to ask for some best practices and advice. We are to set up yearly purging of emails from the previous year and to wipe all Teams' chats past 30 days. We are setting up exclusions for certain people. To those who have experience, what is the best way to set this up in the Microsoft Environment? We are not an E3 or E5 customer so the Purview options I see are not an option. Thanks
DLP policy US credit card
Hi I created the custom policy below. How do I view if the policy picked up anything? I don't see the policy in content explorer. Status Test without notifications Description Create a custom policy from scratch. You will choose the type of content to protect and how you want to protect it. Admin units None Locations Exchange email - All accounts SharePoint sites OneDrive accounts - All accounts Teams chat and channel messages - All accounts Policy settings USA credit card number and social security
