Sharing: PDF readers that support Purview labels
As I was researching on Adobe Acrobat reader and Sensitivity labels, I decided to check if the common alternative PDF readers out there are able to support Purview MIP Sensitivity labels. There is already a published documentation on this for SharePoint-Compatible PDF readers that supports Microsoft IRM: https://learn.microsoft.com/en-us/purview/sp-compatible-pdf-readers-for-irm (last updated Nov-2023) but I wanted to see if these same PDF readers supports the ability for end-users to use/ select labels similar to that of Adobe Acrobat As of 11-June-2025; atleast one of them clearly do: Nitro PDF: Yes. Documentation shows that users can see and use the sensitivity labels. PDF -X.change Editor: Yes. Documentation show that users can see and use the sensitivity labels. (check the official website, I can't hyperlink it because the site is blocked. FOX PDF editor: No. Documentation only states RMS and not clear if it show Purview labels. This is for F.O.X.I.T editor (spelled without the ".") but for some reason there is a community ban on that word and it won't allow me to post the full name PDFescape: No. Sumatra PDF: No Okular: No If there are other PDF readers that I've missed, I encourage you list it down in the comment below. Would love to grow this list.
Managing Multi-Tenant Azure/365: Workarounds for Cross-Tenant Limitations in Purview and Fabric
I am working in a Microsoft Azure/365 multi-tenant setting due to some constraints. I am using Purview (Tenant1) and Fabric (Tenant2), M365 in (Tenant 2). I'm facing issues with various solutions due to cross tenant limitation for eg: Data Quality Connection, Metadata ingestion, lineage, etc. To overcome this I am exploring various workarounds. Key Question: 1. Are there proven workarounds or solutions to manage data estate in this scenario? (Can't merge /migrate tenants)
Microsoft Purview - Structured Database Management, Governance, Security and Protection
Since Microsoft Purview is a Data Governance and Data Security platform, I need to integrate Microsoft Purview with both structured and non-structured databases hosted in the public cloud and on-premises. The goal is to leverage Microsoft Purview to manage user roles and permissions, enforce data loss prevention policies and rules (e.g., statement-based rules), mask specific columns to restrict certain users from viewing actual data, implement field-level encryption for database fields, and, most importantly, ensure data quality and integrity by preventing unauthorized direct modifications. I am uncertain about the current capabilities of Microsoft Purview to meet the mentioned requirements. I believe that some features may already be available, while others might not be supported yet.Purview YouTube Show and Podcast
I am a Microsoft MVP who co-hosts All Things M365 Compliance with Ryan John Murphy from Microsoft. The show focuses on Microsoft 365 compliance, data security, and governance. Our episodes cover: Microsoft Purview features and updates Practical guidance for improving compliance posture Real-world scenarios and expert discussions Recent episodes include: Mastering Records Management in Microsoft Purview: A Practical Guide for AI-Ready Governance Teams Private Channel Messages: Compliance Action Required by 20 Sept 2025 Microsoft Purview DLP: Best Practices for Successful Implementation Shadow AI, Culture Change, and Compliance: Securing the Future with Rafah Knight 📺 Watch on YouTube: All Things M365 Compliance - YouTube 🎧 Listen on your favourite podcast platform: All Things M365 Compliance | Podcast on Spotify If you’re responsible for compliance, governance, or security in Microsoft 365, this is for you. 👉 Subscribe to stay up to date – and let us know in the comments what topics you’d like us to cover in future episodes!Java MIP SDK 1.17.154: commitAsync() TemplateNotFoundError (C# OK; Java fails Win & Ubuntu)
TL;DR Java SDK 1.17.154: calling setLabel() then commitAsync() fails with TemplateNotFoundError (TemplateId=2ea3c830-...). Same label/code works on Java 1.16.x and C# 1.17.154. Policy cache cleared, templates/labels verified, token/tenant checked—issue persists. Environment SDK (Java): 1.16.x (OK), 1.17.154 (FAIL) SDK (C#): 1.17.154 (OK) OS (Java): Windows 10/11 (win32 build), Ubuntu 20.04 / 22.04 / 24.04 Java: Corretto/OpenJDK 17.0.16 (x64) Service/Tenant: Microsoft Purview Information Protection Auth: (e.g., user delegated token / app-only token) Code Snippet (Java) // Label apply options LabelingOptions labelingOptions = new LabelingOptions(); labelingOptions.setAssignmentMethod(AssignmentMethod.PRIVILEGED); labelingOptions.setDowngradeJustified(true); labelingOptions.setJustificationMessage("Label Apply"); // Get label Label label = fileEngine.getLabelById(labelId); // Apply label (no explicit template handling) fileHandler.setLabel(label, labelingOptions, new ProtectionSettings()); // Commit File workFile = new File(domainFolder, UidUtil.makeUid()); CompletableFuture<Boolean> commitFuture = fileHandler.commitAsync(workFile.getAbsolutePath()); commitFuture.get(); // <-- Throws TemplateNotFoundError on 1.17.154 Stack trace excerpt: Caused by: com.microsoft.informationprotection.internal.gen.Error: TemplateNotFoundError: Could not find template with id: 2ea3c830-5a0e-4eea-b48b-c72186d453c0, BadInputError.Code=General, CorrelationId=42ffaad4-3a0f-4986-ba9d-b5a79c5fd076 (ProtectionEngine), CorrelationId=16819f70-e419-473f-9895-c756f3dd5e4b (FileHandler) at com.microsoft.informationprotection.internal.gen.SdkWrapperJNI.SwigDirector_FileHandler_Observer_OnCommitFailure(SdkWrapperJNI.java:2688) Expected Behavior setLabel() should apply the label (and its protection) and commit successfully, as it does in Java 1.16 and C# 1.17.154. Actual Behavior commitAsync() fails with TemplateNotFoundError for the GUID referenced by the label’s ApplyProtectionAction. What I’ve Tried Policy/cache refresh: Deleted %LOCALAPPDATA%\Microsoft\MSIP\ / ~/.mip/, reloaded engine. Template/label verification: Confirmed existence and publish scope in Purview portal & via PowerShell/Graph. Label actions check: policyEngine.getLabelActions(labelId) shows an ApplyProtectionAction with that GUID. Token/tenant sanity check: Correct scopes and same tenant. Rollback test: Java 1.16 works; C# 1.17.154 works. Questions Any breaking change in Java 1.17 regarding how protection templates are resolved during setLabel()? Is this a known issue specific to Java SDK 1.17.154 (win32 & Ubuntu 20/22/24 builds)? Should we now explicitly use ProtectionDescriptor / SetProtection() in Java? Can someone review the service logs using the CorrelationIds above? Happy to provide additional logs, PowerShell/Graph queries, or action dumps if needed. Thanks!
Configuring Purview policy to email user's Leader for approval, using external HR Database
Hello, Wondering if anybody could confirm within Microsoft Purview if it is possible to: Have a DLP Policy configured with a Policy Tip Override and have it configured so if the email for example is blocked it sends a Notification to the users 'Leader' to either Accept or Deny it. If Accepted by the user's Leader, the content is released. In the same configuration have Purview user a Data Connector to say a SAP database that the HR Department uses or any type of external database to automatically determine the users leader??? If so, any Microsoft articles and or videos???? Also want this compatibility to also be used for any type of Policy for say a SIT, Sensitivity Label, Trainable Classifier etc. etc. Thank you kindly, J
Issues with Oracle Database Classification in Microsoft Purview
Hello, I'm testing the registration of an Oracle on-prem database with Microsoft Purview. The scan is running successfully and ingesting metadata, but it is not identifying any classifications. although this dataset is used with SQL Server and works properly, showing all the classifications, there is a section discussing this saying that If the user is not the owner of the table, the scan will run successfully and ingest metadata, but will not identify any classifications. https://learn.microsoft.com/en-us/purview/register-scan-oracle-source#required-permissions-for-scan But it's already done and the user have all the select roles and system roles. Could anyone help i don't know where is the problem Thanks in advance
Azure Purview Self-Service Access policy not working.
Using this https://learn.microsoft.com/en-us/purview/how-to-policies-self-service-storage we created a Workflow for self-service data access policy. When a consumer submits a request for a Read access to a data asset, it successfully sends the request to the data owner of the asset. Data Owner approves the request, and after approval, a policy gets successfully auto generated. But the consumer still does not have Read access to the data asset via Azure Portal or Azure Storage Explorer. According to following official documentations and a video from Purview teams, the consumer should have a Read access to the data asset. Question: What we may have been missing and how the issue can be resolved? Remarks: We have verified all the prerequisites described in the above link, as follows: Ran the short PowerShell script: # Install the Az module Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force # Login into the subscription Connect-AzAccount -Subscription <SubscriptionID> # Register the feature Register-AzProviderFeature -FeatureName AllowPurviewPolicyEnforcement -ProviderNamespace Microsoft.Storage Data Asset: ADLSGen2 Storage Account [This was created after the above script run] Purview Collection: Collection1 (subcollection of root collection) Data Owner roles on the storage account: IAM Owner, Storage Blob Data Contributor Data Owner roles on Collection1: Data Curator, Data Reader Consumer role on Collection1: Reader A screenshot of the policy auto-generated after an approval from data owner: Ref: https://learn.microsoft.com/en-us/purview/concept-self-service-data-access-policy https://learn.microsoft.com/en-us/purview/how-to-workflow-self-service-data-access-hybrid https://learn.microsoft.com/en-us/purview/how-to-enable-data-policy-enforcement https://www.youtube.com/watch?v=CFE8ltT19Ss
DLP Reports
Is there a way to create a report for DLP Alerts so I get a CSV file sent to me weekly? Right now its a manual report that I have to download. I don't see where I can schedule it. I would like to be able to send to my managers a file shows who on what day and what match policy matches were triggered.
