Adaptive Scope Sytntax
Hi. I have a requirement to scope only "UserMailbox" data in an Adaptive scope to ensure only user mailbox data is retained and deleted > 7years and shared mailbox is not in scope and retained forever. This scope will then be used in Adaptive Exchange Online Retention policy to Retain and then delete email > 7years old. Could anyone help me define the syntax to use in the query please? I have used the following but am not sure if this is correct even though it never failed when I completed the Adaptive Scope RecipientTypeDetails -eq 'UserMailbox' Thanks in Advance Chris
What are the exact steps (the latest) to enable container support in Purview?
I've been pulling my hair out trying to figure this one for the last couple hours. Can someone help me out with the exact steps (the latest) to enable container support (SharePoint Sites, Teams, 365 Groups) in Purview? Thanks in advance !Duplicate Sensitivity Label Headers and Footers showing in Outlook emails
Hello I have a a strange issue where recipients are receiving duplicate Sensitivity Label headers and footers from our policy. For example, we have an unofficial label that stamps the header and footer as 'Unofficial'. Everytime it is received by a receipient it shows 4 times, 2 on the top as the header and 2 on the bottom. Looking in activity explorer I can see the email I sent listed three times. Any ideas how this could be happenning? ThanksHow to Solution Prevent User Downgrade Sensitivity Label is changed
Hi Everyone , Now I use Microsoft 365 E3 + Microsoft 365 E5 Information Protection and Governance. I am looking for a way to prevent User Downgrade Sensitivity Label from High to Low. I understand that before they change the label, they have to comment and they can change it. Is there any solution that can block this or notify from the log?Whenever login into the office applications different OTP needs to be applied Outlook and teams
When signing into Office applications, adifferent OTP is required for both Outlook and Teams. To address this issue, there is any resolution this issue supports or a supporting document as proof to confirm that this is a standard procedure.
Ingesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available:The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hubbut this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs:Microsoft Graph Security API Add-On for Splunk | Splunkbase As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.
How can I access "Review" pane and "Match" vs "No Match" when reviewing matched items?
As the title of the post says, when I am going over my "matched items for review" in my labels, or when I am reviewing items using the content explorer, I am able to drill into individual documents, but I can never seem to see or find the buttons that let you select whether an item is a "Match" or "Not a Match" when I am trying to increase the accuracy of my sensitive info types. Could it be a permissions thing? There are so many permissions with no description that I do not know which one I need to access that feature. Please help!Who uses the Microsoft Purview Governance Portal
Hi there, I am working with the Microsoft Purview Compliance Portal to protect sensitive data ect. and lately I've been coming across the Microsoft Purview Governance Portal again and again, but I can't really tell whether it's relevant for me in terms of information security and data protection or whether it serves a completely different purpose. Does anyone know more than me? Thank you very much 🙂
