Help! Sensitivity label applied to whole tenant mistakenly with Watermark
We create a sensitivity label to have a watermark to be applied on the files on where it assigned but accidentally or due to misconfiguration, the watermark applied to whole tenant and the files, need a solution to automatically removed these watermarks from the files wherever it is applied. Please assist, TIA... .Sharing: All Built-in SIT categorised
So, Microsoft Purview gives you 313 built-in Sensitive Information Types (SITs)—yes, I counted! When I worked with an Cyber Risk auditor, one of their ask was categorizing all the items that we decided for it to be deployed. This was a bit of a nightmare, so I took one for the team and grouped them into three neat categories: PII, Financial, and Medical. Now, I’m sharing it with you so that my struggle can save you the headache. You’re welcome! Download the excel spreadsheet here: All SIT list and their categories.xlsx
Old Tenant Name visible in Outlook Desktop Client under Protect button
Hello I have a two accounts (two is a minimum to see Tenant Name in front of your email address) added to Outlook Dekstop client. When i create new email and try to Encrypt email using Options > Encrypt button i can see Old tanant name in front of my email address. Organization Settings in admin portal were changed, change is visible in azure portal as well but old tenant name is still visible in outlook. I've found PS command Get-AipServiceKeys which showed me AipServiceKey where old tenant name is visible. Contoso is an OldTenantName Tried to user Set-AipServiceKeyProperties with -RefreshSlcName switch on this key but even command completed succesfully, there is still old name visible under FriendlyName property when i run Get-AipServiceKeys Do you know how to generete new key with correct FriendlyName or how to refresh name in current AipServiceKey? Thanks for your help PS. Microsoft is trying to find answer for my issue since december and there is no any valuable feedback from them.All the locations where you can find Sensitivity labels
Update (14-Mar-25): Removed Windows Explorer Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries (Removed) Windows File Explorer: - As it was rightly pointed in the comment section, this is a roadmap item that has yet to materialise. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.New Place to Chat with the Microsoft Information Protection Team
Happy Wednesday, all! We're constantly working to provide easily accessible channels for direct interaction with our product team including feedback on how to improve your experience with our products! Moving forward, you can: talk to the Microsoft Information Protection team about our product and integrations via our Yammer Channel or provide feedback via our UserVoice Forum. You can also continue to get updates in our Microsoft Information Protection blog. Finally, we have a complete list of resources available here. If you're currently engaged in a conversation, the conversation space will be moved to the Microsoft Security and Compliance conversation space on 9/2. Feel free to comment with any questions regarding channels or informational resources.
Auto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! Kev
AIP scanner job error: Policy is missing
We deployed AIP scanner couple of weeks ago and completed a scan and got the scan report. This week edited the scan job to automatically label the documents with a default label. Now we noticed that scan job is failing to run and in the "Scanner Nodes" we see "Policy is missing" error under "Content Scan job status" We know our configuration is good, because it finished the scan once 2 weeks ago and then only change we did this week is to modify scan job. Any suggestions?Purview Information Protection for internal and external emails
I'm working with an organisation that is starting to use sensitivity labels. They have Office 365 E3 licenses. The current plan is to set up a default label for documents and emails called "Internal Only". This label will encrypt contents and grant co-author permissions to all staff. The challenge will be when emails include external recipients. Ideally, the user will change from the default label to one that grants access to any recipients. However, I can imagine that there will be many cases where they forget to do this. If we had Office 365 E5 licenses, we would have the option to create a DLP policy to show a policy tip. I I would expect this would reduce the incidents of mislabeling. I have seen recommendations to avoid encrypting by default and only use it where needed. However this client is keen to use encryption to protect as much content as possible. One suggestion could be to change the default email label to only grant access to the sender and recipients, regardless of whether they are internal or external. I'm interested in any real-world feedback on how others have tackled this issue.
