information protection and governance
479 TopicsAuto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! KevSensitivity Labels & External Sharing
Can anyone help, please? We've rolled out sensitivity labels for emails and we're experiencing an issue with external recipients accessing downloaded attachments. In particular, when an encrypted email is sent externally (using a label which allows external access and giving Owner rights on the file), recipients can view the email body and open attachments but as soon as they download the attachment the downloaded file converts into an .xml file. We don't have this issue with PDF files.Solved480Views0likes8CommentsSharing: All Built-in SIT categorised
So, Microsoft Purview gives you 313 built-in Sensitive Information Types (SITs)—yes, I counted! When I worked with an Cyber Risk auditor, one of their ask was categorizing all the items that we decided for it to be deployed. This was a bit of a nightmare, so I took one for the team and grouped them into three neat categories: PII, Financial, and Medical. Now, I’m sharing it with you so that my struggle can save you the headache. You’re welcome! Download the excel spreadsheet here:All SIT list and their categories.xlsxSensitivity Labels not working as expected
Hi experts, I've been playing with sensitivity labels recently and I'm in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I'm not sure why. Hope I can find some help here. Here is what I have configured and what is the experience during our testing Email should inherit sensitivity label form attachment I have label for documents set as required , and email is set to no default label and selected "inherit" label from attachment I have "Confidential\View Only" label that has allowed only "Viewrights / Reply / Reply all" allowed permission. Testing experience:For emails, when I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc... and the recipient can forward with no issues. Looks like inheritance of label from attachments to email is not working at all. When I (as a recipient) download the attachment, I see that the document has restricted permissions (can't print, save, etc) so it looks it is working on the document level. "Confidential\Internal" label should be blocked I can share with external users via SharePoint ...and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important - I have "MS Entra for Sharepoint enabled" DLP is configured to check Sharepoint, Emails, OneDrive for "Confidential\Internal" for "content shared outside the organization" and "sensitivity label Confidential\Internal" and BLOCK it DLP works fine for emails with attachments labelled with this label, and it is blocked as expected Confidential\Internal is blocked in the outlook when trying to send email when I am sending an attachment with Confidential\Internal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only - which is nice, but the experience I get is much better as users can correct recipients instantly (FYI - I am using NEW Outlook - need to check later this week with the testers if they are on Old or NEW one) Its a bit of text, and I apologize... Wanted to describe is as best as I can 🙂 ... and hopefully help anyone else facing the same... Would be grateful for your help.... As the testing is super time consuming due to the fact that any change I make to sensitivity label and policy, I prefer to wait recommended 24 hrs to see if it had any effect.... Update: forgot to ask, why I see some "built-in" labels when creating emails? When I go to "More Options", in new email, I can see the below: When I go through New Email > Options > Sensitivity - I can see the labels I configured1.2KViews1like9CommentsSensitivity Labels applied to email attachments versus directly on the document
I've noticed that the encryption applied to email attachments via sensitivity labels behaves differently than if the encryption is applied directly to the document. Example 1: I create an email and choose a sensitivity label that encrypts contents based on the specified users. I attach a Word document that does not have a sensitivity label applied. The email and attachment are encrypted. The email is sent to an external user Example 2:I create an email and attach a Word document that has already been assigned a sensitivity label that includes encryption.The email is sent to an external user. In Example 1, the recipient can view the attachment in Outlook Web. In Example 2, the document can't be viewed in Outlook Web. You will see a message "Sorry, Word can't open this document in a browser because it's protected by Information Rights Management". In example 1, the recipient can forward the email to someone in a separate tenant. They can also view the email and attachment. Is this expected behavior?Sensitivity column in Windows Explorer populated
Hi Does anybody know when the sensitivity column in Windows explorer will be populated? Currently the only way I see which label is applied to a file is either through AIP unified labeling client, sharepoint document libraries or open a file. Thanks for a feedback. Best regards PhilippSolved15KViews5likes26CommentsAIP: Rights Management template can't be found
Hi All, I got the below error message (screenshot) while trying to apply the confidential label i have created. I have set my Confidential label permissions: Protection: Azure (cloud key) Set permissions Users: all members Permission: either of these preset permission: Co-Owner, Co-Author, Reviewer, Viewer and Custom not working when applying this Confidential level to client ms word, excel, etc. I have attached the screenshot of the error i encounter on client side. Newbie question here, do i need to create a label template in Rights Management? I thought this right management is already the AIP? Thanks in advance!New Blog | Learn how to customize Copilot for Security with the Data Security plugin
ByJon Nordström This is a step-by-step guided walkthrough of how to use the custom Copilot for Security pack for Microsoft Data Security and how it can empower your organization to understand the cyber security risks in a context that allows them to achieve more.By focusing on the information and organizational context to reflect the real impact/value of investments and incidents in cyber. We are working to add this to our native toolset as well, we will update once ready. Prerequisites License requirements for Microsoft Purview Information Protection depend on the scenarios and features you use. To understand your licensing requirements and options for Microsoft Purview Information Protection, see theInformation Protectionsections fromMicrosoft 365 guidance for security & complianceand the relatedPDF downloadfor feature-level licensing requirements. You also need to be licensed for Microsoft Copilot for Security, more informationhere. Consider setting up Azure AI Search to ingest policy documents, so that they can be part of the process. Read the full post here:Learn how to customize and optimize Copilot for Security with the custom Data Security pluginBacking up and restoring labels (sensitive or retention) and dlp policies in purview
Is there a way to backup and restore sensitive labels, retention labels or dlp policies with the security and compliance portal (purview)? The documentation is not thorough when it comes to a scenario in which an admin deletes any of these. I'd like to think there's a way to back these things up in the event of accidental deletion or from a change management perspective (making a change and want to roll back). Thanks! Sanjoyan Mustafi2.1KViews0likes2CommentsWord Export to Kindle feature and DLP.
Just wondering if anyone has found a way to control exports to Kindle, other than disabling the feature via a cloud policy. I don't want to disable the feature, I'm sure it will serve a purpose for some users, but I would like to prevent the export of certain information. Thanks, Neil.256Views0likes0Comments