data loss prevention
421 TopicsWelcome to the Microsoft Security Community!
Protect it all with Microsoft Security Eliminate gaps and get the simplified, comprehensive protection, expertise, and AI-powered solutions you need to innovate and grow in a changing world. The Microsoft Security Community is your gateway to connect, learn, and collaborate with peers, experts, and product teams. Gain access to technical discussions, webinars, and help shape Microsoft’s security products. Get there fast To stay up to date on upcoming opportunities and the latest Microsoft Security Community news, make sure to subscribe to our email list. Find the latest skilling content and on-demand videos – subscribe to the Microsoft Security Community YouTube channel. Catch the latest announcements and connect with us on LinkedIn – Microsoft Security Community and Microsoft Entra Community. Index Community Calls: January 2026 | February 2026 | March 2026 Upcoming Community Calls February 2026 Feb. 23 | 8:00am | Microsoft Defender for Identity | Identity Control Plane Under Attack: Consent Abuse and Hybrid Sync Risks A new wave of identity attacks abuses legitimate authentication flows, allowing attackers to gain access without stealing passwords or breaking MFA. In this session, we’ll break down how attackers trick users into approving malicious apps, how this leads to silent account takeover, and why traditional phishing defenses often miss it. We’ll also dive into the identity sync layer at the heart of hybrid environments. You’ll learn how Entra Connect Sync and Cloud Sync are protected as Tier-0 assets, how Microsoft Defender for Identity secures synchronization flows, and how the new application-based authentication model strengthens Entra Connect Sync against modern threats. RESCHEDULED FROM FEB 10 | Feb. 25 | 8:00am | Microsoft Security Store | From Alert to Resolution: Using Security Agents to Power Real‑World SOC Workflows In this webinar, we’ll show how SOC analysts can harness security agents from Microsoft Security Store to strengthen every stage of the incident lifecycle. Through realistic SOC workflows based on everyday analyst tasks, we will follow each scenario end to end, beginning with the initial alert and moving through triage, investigation, and remediation. Along the way, we’ll demonstrate how agents in Security Store streamline signal correlation, reduce manual investigation steps, and accelerate decision‑making when dealing with three of the most common incident types: phishing attacks, credential compromise, and business email compromise (BEC), helping analysts work faster and more confidently by automating key tasks, surfacing relevant insights, and improving consistency in response actions. Feb. 26 | 9:00am | Azure Network Security | Azure Firewall Integration with Microsoft Sentinel Learn how Azure Firewall integrates with Microsoft Sentinel to enhance threat visibility and streamline security investigations. This webinar will demonstrate how firewall logs and insights can be ingested into Sentinel to correlate network activity with broader security signals, enabling faster detection, deeper context, and more effective incident response. March 2026 Mar. 4 | 8:00am | Microsoft Security Store | A Day in the Life of an Identity Security Manager Powered by Security Agents In this session, you’ll see how security agents from the Microsoft Security Store help security teams amplify capacity, accelerate detection‑to‑remediation, and strengthen identity security posture. Co‑presented with identity security experts from the Microsoft Most Valuable Professionals (MVPs) community, we’ll walk through a day‑in‑the‑life of an identity protection manager—covering scenarios like password spray attacks, privileged account compromise, and dormant account exploitation. You’ll then see how security agents can take on the heavy lifting, while you remain firmly in control. Mar. 5 | 8:00am | Security Copilot Skilling Series | Conditional Access Optimization Agent: What It Is & Why It Matters Get a clear, practical look at the Conditional Access Optimization Agent—how it automates policy upkeep, simplifies operations, and uses new post‑Ignite updates like Agent Identity and dashboards to deliver smarter, standards‑aligned recommendations. Mar. 11 | 8:00am | Microsoft Security Store | A Day in the Life of an Identity Governance Manager Powered by Security Agents In this session, you’ll see how agents from the Microsoft Security Store help governance teams streamline reviews, reduce standing privilege, and close lifecycle gaps. Co‑presented with identity governance experts from the Microsoft MVP community, we’ll walk through a day‑in‑the‑life of an identity governance manager—covering scenarios like excessive access accumulation, offboarding gaps, and privileged role sprawl. You’ll see how agents can automate governance workflows while keeping you in control. Mar. 11 | 8:00am | Microsoft Entra | QR code authentication: Fast, simple sign‑in designed for Frontline Workers Frontline teams often work on shared mobile devices where typing long usernames and passwords slows everyone down. In this session, we’ll introduce the QR code authentication method in Microsoft Entra ID—a streamlined way for workers to sign in by scanning their unique QR code and entering a PIN on shared iOS/iPadOS or Android devices. No personal phones or complex credentials required. We’ll walk through the end‑to‑end experience, from enabling the method in your tenant and issuing codes to workers (via the Entra admin center or My Staff), to the on‑device sign‑in flow that gets your teams productive quickly. We’ll also cover best‑practice controls—like using Conditional Access and Shared device mode—to help you deploy with confidence. Bring your questions—we’ll host Q&A and collect product feedback to help prioritize upcoming investments. Mar. 11 | 5:00pm | Microsoft Entra | Building MCP on Entra: Design Choices for Enterprise Agents Explore approaches for integrating MCP with Microsoft Entra Agent ID. We’ll outline key considerations for identity, consent, and authorization, discuss patterns for scalable and auditable agent architectures, and share insights on interoperability. Expect practical guidance, common pitfalls, and an open forum for questions and feedback. Mar. 12 | 12:00pm (BRT) | Microsoft Intune | Novidades do Microsoft Intune - Últimos lançamentos Junte-se a nós para explorar as novidades do Microsoft Intune, incluindo os lançamentos mais recentes anunciados no Microsoft Ignite e a integração do Microsoft Security Copilot no Intune. A sessão contará com demonstrações ao vivo e um espaço interativo de perguntas e respostas, onde você poderá tirar suas dúvidas com especialistas. Mar. 18 | 1:00pm (AEDT) | Microsoft Entra | From Lockouts to Logins: Modern Account Recovery and Passkeys Lost phone, no backup? In a passwordless world, users can face total lockouts and risky helpdesk recovery. This session shows how Entra ID Account Recovery uses strong identity verification and passkey profiles to help users safely regain access. Mar. 19 | 8:00am | Microsoft Purview | Insider Risk Data Risk Graph We’re excited to share a new capability that brings Microsoft Purview Insider Risk Management (IRM) together with Microsoft Sentinel through the data risk graph (public preview) What it is: The data risk graph gives you an interactive, visual map of user activity, data movement, and risk signals—all in one place. Why it matters: Quickly investigate insider risk alerts with clear context, understand the impact of risky activities on sensitive data, accelerate response with intuitive, graph-based insights Getting started: Requires onboarding to the Sentinel data lake & graph. Needs appropriate admin/security roles and at least one IRM policy configured This session will provide practical guidance on onboarding, setup requirements, and best practices for data risk graph. Mar. 26 | 8:00am | Azure Network Security | What's New in Azure Web Application Firewall Azure Web Application Firewall (WAF) continues to evolve to help you protect your web applications against ever-changing threats. In this session, we’ll explore the latest enhancements across Azure WAF, including improvements in ruleset accuracy, threat detection, and configuration flexibility. Whether you use Application Gateway WAF or Azure Front Door WAF, this session will help you understand what’s new, what’s improved, and how to get the most from your WAF deployments. Looking for more? Join the Security Advisors! As a Security Advisor, you’ll gain early visibility into product roadmaps, participate in focus groups, and access private preview features before public release. You’ll have a direct channel to share feedback with engineering teams, influencing the direction of Microsoft Security products. The program also offers opportunities to collaborate and network with fellow end users and Microsoft product teams. Join the Security Advisors program that best fits your interests: www.aka.ms/joincommunity. Additional resources Microsoft Security Hub on Tech Community Virtual Ninja Training Courses Microsoft Security Documentation Azure Network Security GitHub Microsoft Defender for Cloud GitHub Microsoft Sentinel GitHub Microsoft Defender XDR GitHub Microsoft Defender for Cloud Apps GitHub Microsoft Defender for Identity GitHub Microsoft Purview GitHub28KViews6likes8CommentsIntroducing Security Dashboard for AI (Now in Public Preview)
AI proliferation in the enterprise, combined with the emergence of AI governance committees and evolving AI regulations, leaves CISOs and AI risk leaders needing a clear view of their AI risks, such as data leaks, model vulnerabilities, misconfigurations, and unethical agent actions across their entire AI estate, spanning AI platforms, apps, and agents. 53% of security professionals say their current AI risk management needs improvement, presenting an opportunity to better identify, assess and manage risk effectively. 1 At the same time, 86% of leaders prefer integrated platforms over fragmented tools, citing better visibility, fewer alerts and improved efficiency. 2 To address these needs, we are excited to announce the Security Dashboard for AI, previously announced at Microsoft Ignite, is available in public preview. This unified dashboard aggregates posture and real-time risk signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview - enabling users to see left-to-right across purpose-built security tools from within a single pane of glass. The dashboard equips CISOs and AI risk leaders with a governance tool to discover agents and AI apps, track AI posture and drift, and correlate risk signals to investigate and act across their entire AI ecosystem. Security teams can continue using the tools they trust while empowering security leaders to govern and collaborate effectively. Gain Unified AI Risk Visibility Consolidating risk signals from across purpose-built tools can simplify AI asset visibility and oversight, increase security teams’ efficiency, and reduce the opportunity for human error. The Security Dashboard for AI provides leaders with unified AI risk visibility by aggregating security, identity, and data risk across Defender, Entra, Purview into a single interactive dashboard experience. The Overview tab of the dashboard provides users with an AI risk scorecard, providing immediate visibility to where there may be risks for security teams to address. It also assesses an organization's implementation of Microsoft security for AI capabilities and provides recommendations for improving AI security posture. The dashboard also features an AI inventory with comprehensive views to support AI assets discovery, risk assessments, and remediation actions for broad coverage of AI agents, models, MCP servers, and applications. The dashboard provides coverage for all Microsoft AI solutions supported by Entra, Defender and Purview—including Microsoft 365 Copilot, Microsoft Copilot Studio agents, and Microsoft Foundry applications and agents—as well as third-party AI models, applications, and agents, such as Google Gemini, OpenAI ChatGPT, and MCP servers. This supports comprehensive visibility and control, regardless of where applications and agents are built. Prioritize Critical Risk with Security Copilots AI-Powered Insights Risk leaders must do more than just recognize existing risks—they also need to determine which ones pose the greatest threat to their business. The dashboard provides a consolidated view of AI-related security risks and leverages Security Copilot’s AI-powered insights to help find the most critical risks within an environment. For example, Security Copilot natural language interaction improves agent discovery and categorization, helping leaders identify unmanaged and shadow AI agents to enhance security posture. Furthermore, Security Copilot allows leaders to investigate AI risks and agent activities through prompt-based exploration, putting them in the driver’s seat for additional risk investigation. Drive Risk Mitigation By streamlining risk mitigation recommendations and automated task delegation, organizations can significantly improve the efficiency of their AI risk management processes. This approach can reduce the potential hidden AI risk and accelerate compliance efforts, helping to ensure that risk mitigation is timely and accurate. To address this, the Security Dashboard for AI evaluates how organizations put Microsoft’s AI security features into practice and offers tailored suggestions to strengthen AI security posture. It leverages Microsoft’s productivity tools for immediate action within the practitioner portal, making it easy for administrators to delegate recommendation tasks to designated users. With the Security Dashboard for AI, CISOs and risk leaders gain a clear, consolidated view of AI risks across agents, apps, and platforms—eliminating fragmented visibility, disconnected posture insights, and governance gaps as AI adoption scales. Best of all, the Security Dashboard for AI is included with eligible Microsoft security products customers already use. If an organization is already using Microsoft security products to secure AI, they are already a Security Dashboard for AI customer. Getting Started Existing Microsoft Security customers can start using Security Dashboard for AI today. It is included when a customer has the Microsoft Security products—Defender, Entra and Purview—with no additional licensing required. To begin using the Security Dashboard for AI, visit http://ai.security.microsoft.com or access the dashboard from the Defender, Entra or Purview portals. Learn more about the Security Dashboard for AI at Microsoft Security MS Learn. 1AuditBoard & Ascend2 Research. The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience. AuditBoard, October 2024. 2Microsoft. 2026 Data Security Index: Unifying Data Protection and AI Innovation. Microsoft Security, 2026Primer: How to Use RBAC for Applications to Control App Use of the Mail.Send Permission
The temptation to use the Mail.Send application permission in scripts can lead PowerShell developers into trouble because the permission allows access to all mailboxes, including sensitive executive and financial mailboxes. Fortunately, RBAC for Applications allows tenants to control the access that apps have to mailboxes and other Exchange content. All explained here with an example script to test RBAC of Applications. https://office365itpros.com/2026/02/17/mail-send-rbac-for-applications/47Views2likes4CommentsNew Outlook Gets Smarter DLP
The news that the new Outlook client will support custom oversharing dialogs for DLP policies might not seem very interesting, but it provoked me into looking more closely into how to build and deploy custom oversharing dialogs. All it takes is some well-structured JSON and an update to DLP rules, and the classic and Monarch Outlook clients should display custom tenant instructions to anyone who violates DLP rules. https://office365itpros.com/2026/02/12/custom-oversharing-dialog-dlp/57Views0likes0CommentsPurview DLP Policy Scope - Shared Mailbox
I have created a block policy in Purview DLP and scoped to a security group. The policy triggers when a scoped user sends email that matches the policy criteria but doesnt detect when the user sends the same email from a shared mailbox. Is that a feature of Purview DLP? I had expected the policy to still trigger as email is sent by the scoped user 'on behalf of' the shared mailbox, and the outbound email appears in Exchange Admin as coming from the scoped user.675Views0likes1CommentQuestion behavior same malware
Two malware with the same detection name but on different PCs and files, do they behave differently or the same? Example: Two detections of Trojan:Win32/Wacatac.C!ml 1) It remains latent in standby mode, awaiting commands. 2) It modifies, deletes, or corrupts files.402Views0likes5CommentsBuilding Secure, Enterprise Ready AI Agents with Purview SDK and Agent Framework
At Microsoft Ignite, we announced the public preview of Purview integration with the Agent Framework SDK—making it easier to build AI agents that are secure, compliant, and enterprise‑ready from day one. AI agents are quickly moving from demos to production. They reason over enterprise data, collaborate with other agents, and take real actions. As that happens, one thing becomes non‑negotiable: Governance has to be built in. That’s where Purview SDK comes in. Agentic AI Changes the Security Model Traditional apps expose risks at the UI or API layer. AI agents are different. Agents can: Process sensitive enterprise data in prompts and responses Collaborate with other agents across workflows Act autonomously on behalf of users Without built‑in controls, even a well‑designed agent can create compliance gaps. Purview SDK brings Microsoft’s enterprise data security and compliance directly into the agent runtime, so governance travels with the agent—not after it. What You Get with Purview SDK + Agent Framework This integration delivers a few key things developers and enterprises care about most: Inline Data Protection Evaluate prompts and responses against Data Loss Prevention (DLP) policies in real time. Content can be allowed or blocked automatically. Built‑In Governance Send AI interactions to Purview for audit, eDiscovery, communication compliance, and lifecycle management—without custom plumbing. Enterprise‑Ready by Design Ship agents that meet enterprise security expectations from the start, not as a follow‑up project. All of this is done natively through Agent Framework middleware, so governance feels like part of the platform—not an add‑on. How Enforcement Works (Quickly) When an agent runs: Prompts and responses flow through the Agent Framework pipeline Purview SDK evaluates content against configured policies A decision is returned: allow, redact, or block Governance signals are logged for audit and compliance This same model works for: User‑to‑agent interactions Agent‑to‑agent communication Multi‑agent workflows Try It: Add Purview SDK in Minutes Here’s a minimal Python example using Agent Framework: That’s it! From that point on: Prompts and responses are evaluated against Purview policies setup within the enterprise tenant Sensitive data can be automatically blocked Interactions are logged for governance and audit Designed for Real Agent Systems Most production AI apps aren’t single‑agent systems. Purview SDK supports: Agent‑level enforcement for fine‑grained control Workflow‑level enforcement across orchestration steps Agent‑to‑agent governance to protect data as agents collaborate This makes it a natural fit for enterprise‑scale, multi‑agent architectures. Get Started Today You can start experimenting right away: Try the Purview SDK with Agent Framework Follow the Microsoft Learn docs to configure Purview SDK with Agent Framework. Explore the GitHub samples See examples of policy‑enforced agents in Python and .NET. Secure AI, Without Slowing It Down AI agents are quickly becoming production systems—not experiments. By integrating Purview SDK directly into the Agent Framework, Microsoft is making governance a default capability, not a deployment blocker. Build intelligent agents. Protect sensitive data. Scale with confidence.Comprehensive Guide to DLP Policy Tips
Feature Support and Compatibility Q: Which Outlook clients support DLP Policy Tips? A: DLP policy tips are supported across several Outlook clients, but the experience and capabilities vary depending on the end user’s client version and the Microsoft 365 license (E3 vs. E5). For detailed guidance on policy tip support across Microsoft apps, read more here. Below is a breakdown of policy tip support across Outlook clients: Glossary: Basic Policy Tip Support: Display of simple warnings or notifications based on DLP rules. Top 10 Predicates: Most commonly used conditions in DLP rules. Content is shared from M365 Content contains SITs Content contains sensitivity label Subject or Body contains words or phrases Sender is Sender is a member of Sender domain is Recipient is Recipient domain is Recipient is a member of Default Oversharing Dialog: A built-in popup warning users about potential data oversharing. Custom Oversharing Dialog: A tailored version of the oversharing warning. Wait on Send: A delay mechanism that gives users time to review sensitive content before sending. Out-of-box SITs: Out-of-box sensitive information types (SITs), like SSNs or credit card numbers. Custom SITs: User-defined sensitive data patterns. Exact Data Match: Used for precise detection of structured sensitive data. Important considerations: Client version matters: Even within the same client (e.g., Outlook Win32), the version must be recent enough to support the latest DLP features. Older builds may lack support for newer DLP features. Policy tip visibility: Policy tips may not appear if the DLP rule uses unsupported predicates or if the client is offline. Licensing: E5 licenses unlock advanced features like oversharing dialogs and support for custom sensitive information types (SITs). Q: Why don’t Policy tips appear for some users or rules? A: While the underlying DLP rules are always enforced, policy tips may not appear for some users due to several factors: Outlook Client Version: Policy yips are only supported in specific versions of Outlook. For example, older builds of Outlook Win32 may not support the latest DLP capabilities. To ensure the Outlook client version you’re using supports the latest capabilities, read more. Licensing: Users with E3 licenses may only see basic policy tips, and some features may not be available at all, while E5 licenses unlock advanced DLP capabilities such as the custom oversharing dialog. For more information on licensing, read more. Unsupported Conditions or Predicates: If a DLP rule uses unsupported predicates, the policy tip will not be displayed even though the rule is enforced. To ensure compatibility, refer to our documentation for a list of supported conditions by client version. Offline Mode: Policy tips rely on real-time evaluation of message content against Data Loss Prevention (DLP) rules by Microsoft 365 services. When a user is offline, their Outlook client cannot communicate with these services, which affects the visibility of policy tips. What about offline E5 users? Even if a user has an E5 license, which includes advanced DLP features, the client must be online to evaluate and display these advanced policy tips. While the message may still be blocked or logged according to the DLP rule, the user won’t see any tip or warning until they reconnect. Q: Are trainable classifiers supported in policy tips? A: Yes, but with specific limitations. Trainable classifiers are supported in DLP policy tips, but only under specific conditions related to licensing, client version, and connectivity: Licensing: The user must have a Microsoft 365 E5 license. Trainable classifiers are part of Microsoft Purview’s advanced classification capabilities, which are only available with E5 or equivalent add-ons. Client Support: Only certain Outlook clients support policy tips triggered by trainable classifiers. These include: Outlook Classic (Win32) New Outlook for Windows (Monarch) Other clients (such as Outlook Web App (OWA), Outlook for Mac, and Outlook Mobile) do not currently support this feature. Connectivity: The Outlook client must be online. Trainable classifiers rely on the Microsoft 365 Data Classification Service (DCS), which performs real-time content evaluation in the cloud. If the client is offline, policy tips based on trainable classifiers will not appear, even though the DLP rule may still be enforced when the message is sent. Q: Is OCR supported in Policy Tips? A: No, there is currently no support for OCR in policy tips. However, our goal is to support OCR in policy tips in the future. Setup & Configuration Q: What are the prerequisites for enabling DLP policy tips? A: DLP policy tips notify users in real time when their actions may violate data protection policies. To enable and use them effectively, the following prerequisites must be met: Licensing Considerations Microsoft 365 E5 is required for full feature access, including real-time policy tips, trainable classifiers, and connected experiences. Connected Experiences must be enabled in the tenant for real-time tips to appear. License Requirement Microsoft 365 E5 Required for full feature support including trainable classifiers, advanced predicates, and connected experiences. Microsoft 365 E3 Limited support, some advanced features may not be available. Client Compatibility: DLP policy tips are supported across several Outlook clients, but the experience and capabilities vary depending on the client version, licensing, and configuration. Refer to the comprehensive compatibility matrix (provided at the beginning of this guide) to learn about policy tip support across Outlook clients. Permissions To configure and manage DLP policy tips in Microsoft Purview, specific roles and permissions are required. These permissions ensure that only authorized personnel can create, deploy, and monitor DLP policies and their associated tips. Required Roles: Role Group Capabilities Compliance Administrator Full access to create, configure, and deploy DLP policies and tips. Compliance Data Administrator Manage DLP policies and view alerts. Information Protection Admin Configure sensitivity labels and integrate with DLP. Security Administrator View and investigate DLP alerts and incidents. Q: How do I configure a custom policy tip message using JSON? A: You can configure a custom policy tip dialog in DLP policies using a JSON file. This allows you to tailor the message shown to users when a policy is triggered, such as for oversharing or sensitive content detection. JSON must follow the schema outlined in Microsoft’s documentation and internal engineering guidance. Applies to: Microsoft 365 online E5 users with connected experience enabled. This feature is supported in Outlook Classic (Win32) and Monarch. JSON-based dialogs are not supported in Outlook on the Web (OWA), Mac, or Mobile clients. Q: Can I localize policy tips for different languages? A: Localization of DLP policy tips allows users to see messages in their preferred language, improving clarity and compliance across global teams. Microsoft Purview supports localization through JSON-based configuration, but support varies by client. Supported clients: Outlook Classic (Win32) How to configure: Use the LocalizationData block in your custom Policy Tip JSON. Example: LocalizationData block in your custom Policy Tip JSON Upload this JSON using PowerShell with the NotifyPolicyTipCustomDialog parameter. Q: What roles and permissions are required to manage DLP policy tips? A: To manage Data Loss Prevention (DLP) policies and policy tips in Microsoft Purview, you only need to be assigned one of the following roles. Each role provides different levels of access depending on your responsibilities. Role Group Capabilities Compliance Administrator Full access to create, configure, and deploy DLP policies and Policy Tips. Compliance Data Administrator Manage DLP policies and access compliance data. Information Protection Admin Configure sensitivity labels and integrate with DLP policies. Security Administrator View and investigate DLP alerts and incidents. Note: Microsoft recommends assigning the least privileged role necessary to perform the required tasks to enhance security. These roles are assigned in the Microsoft Purview portal under Roles and Scopes. Administrative Unit–scoped roles are also supported for organizations that segment access by department or geography. Troubleshooting & Known Issues Q: Why are policy tips delayed or not appearing at all? A: If you’re not seeing policy tips, follow this checklist to find out why: Outlook Client Compatibility and Licensing Check if your Outlook client supports policy tips. Policy tips are not supported on all Outlook clients. Refer to Q: Which Outlook clients support DLP Policy Tips? Confirm your license. Advanced policy tips (e.g., those using trainable classifiers or oversharing dialogs) require a Microsoft 365 E5 license. Refer to Q: What are the prerequisites for enabling DLP Policy Tips? Policy Configuration Issues Review your DLP policy configuration and check for unsupported conditions. Refer to Q: What predicates are supported across different Outlook clients? Watch for message size limits Only the first 4 MB of the email body and subject, and 2 MB per attachment, are scanned for real-time tips. Use Microsoft’s diagnostic tool Run a built-in diagnostic to test your DLP policy setup. Run the diagnostic. Q: What logs or data should I collect for support escalation? A: To ensure a smooth and complete escalation to Microsoft support or engineering, collect the following logs and metadata depending on the client type. This helps accelerate triage and resolution. Fiddler trace Must include: Timestamp of issue Correlation ID (found as updateGuid in the DLP response) Tenant ID User ID / SMTP address Tenant DLP Policies and Rules Expected rule match conditions and Rule IDs (Optional): Draft email or data input (sender, recipient, subject, message body) ETL logs from %temp%\Outlook Logging PNR logs (Problem Steps Recorder or screenshots) Tenant ID Tenant DLP Policies and Rules Expected rule match conditions and Rule IDs Q: Are there known limitations with policy tips? Unable to detect sensitivity labels in compressed files. Unable to detect CCSI (SITs/Trainable SITs) in encrypted files. Q: What are the limitations of the custom dialog? The title and the body and override justifications options can be customized using the JSON file. Basic text formatting is allowed: bold, underline, italic and line break. Justification options can be up to 3 plus an option for free-text input. The text for false positive and acknowledgment is not customizable. Below is the required structure of the JSON files that admins will create to customize the dialog for matched rules. The keys are all case-sensitive. Formatting and dynamic tokens for matched conditions can only be used in the Body key. Keys Mandatory? Rules/Notes {} Y Container LocalizationData Y Array that contains all the language options. Language Y Specify language code: "en", "es", "fr", "de". Title Y Specify the title for the dialog. Limited to 80 characters. Body Y Specify the body for the dialog. Limited to 1000 characters. Dynamic tokens for matched conditions can be added in the body. Options N Up to three options can be included. One more can be added by setting HasFreeTextOption = true. HasFreeTextOption N This can be true or false, true will display a text box below the last option added to the JSON file. DefaultLanguage Y Must be one of the languages defined within the LocalizationData key. The user must include at least one.Test DLP Policy: On-Prem
We have DLP policies based on SIT and it is working well for various locations such as Sharepoint, Exchange and Endpoint devices. But the DLP policy for On-Prem Nas shares is not matching when used with Microsoft Information Protection Scanner. DLP Rule: Conditions Content contains any of these sensitive info types: Credit Card Number U.S. Bank Account Number U.S. Driver's License Number U.S. Individual Taxpayer Identification Number (ITIN) U.S. Social Security Number (SSN) The policy is visible to the Scanner and it is being logged as being executed MSIP.Lib MSIP.Scanner (30548) Executing policy: Data Discovery On-Prem, policyId: 85........................ and the MIP reports are listing files with these SITs The results Information Type Name - Credit Card Number U.S. Social Security Number (SSN) U.S. Bank Account Number Action - Classified Dlp Mode -- Test Dlp Status -- Skipped Dlp Comment -- No match There is no other information in logs. Why is the DLP policy not matching and how can I test the policy ? thanks108Views1like2Comments