DLP USB Block
Currently we have DLP policies setup to block the use of USB devices and copying data to it. When checking the activity explorer I am still seeing user's able to copy data to USB devices and for the action item it says "Audit" when in the DLP policies we explicitly set it to block. Has anyone run into this issue or seen similar behavior?
Clarification related to JIT for EDLP
Can someone help clarify how JIT actually works and in which scenario we should enable JIT. The Microsoft documentation is very differently from what I’m observing during hands-on testing. I enabled JIT for a specific user (only 1 user). For that user, no JIT toast notifications appear for stale files when performing EDLP activities such as copying to a network share, etc. However, for all other users even though JIT is not enabled for them their events are still being captured in Activity Explorer. See SS below.DLP Policy not Working with OCR
Hello Community, i activated the OCR in Microsoft Purview, and scan works fine infact Purview find image that contains sensible data. I have created DLP Policy that not permit print and move to rdp file that containts "Italy Confidential Data" like "Passport Number, Drivers License ecc..." this policy works for xlsx or word that contains data, but if file word contains image with this data not apply the DLP Rule infact i'm able to print or move into rdp this file also only the jpeg file. Policy match correctly i see it into "Activity Explorer" Is this behavior correct? Regards, Guido
Test DLP Policy: On-Prem
We have DLP policies based on SIT and it is working well for various locations such as Sharepoint, Exchange and Endpoint devices. But the DLP policy for On-Prem Nas shares is not matching when used with Microsoft Information Protection Scanner. DLP Rule: Conditions Content contains any of these sensitive info types: Credit Card Number U.S. Bank Account Number U.S. Driver's License Number U.S. Individual Taxpayer Identification Number (ITIN) U.S. Social Security Number (SSN) The policy is visible to the Scanner and it is being logged as being executed MSIP.Lib MSIP.Scanner (30548) Executing policy: Data Discovery On-Prem, policyId: 85........................ and the MIP reports are listing files with these SITs The results Information Type Name - Credit Card Number U.S. Social Security Number (SSN) U.S. Bank Account Number Action - Classified Dlp Mode -- Test Dlp Status -- Skipped Dlp Comment -- No match There is no other information in logs. Why is the DLP policy not matching and how can I test the policy ? thanksAggregate alerts not showing up for Email DLP
Hi, I’m unable to see the “Aggregate alerts” option while configuring an Email DLP policy, although the same option is visible for Endpoint DLP. The available license is Microsoft 365 E5 Information Protection and DLP (add-on). If this is a licensing limitation, why am I still able to see the option for Endpoint DLP but not for Email DLP? Screen short showing option for Endpoint DLP alerts
How to apply sensitivity labels to external emails received in my Outlook?
I have created a sensitivity label and an auto-labeling policy that applies the label when an email contains sensitive information. When an internal user sends the email, the label is applied correctly. But when I receive an email with sensitive information from an external user, the label is not applied. How can I apply the sensitivity label to emails that come from external users?Customized Oversharing Dialog not working for Exchange DLP
Hi Team, When I'm enabling policy tip as a dialog for custom content. This is not working. I'm testing this option on new outlook. and this is my JSON file { "LocalizationData": [ { "Language": "en-us", "Title": "Add a title", "Body": "Add the body", "Options": [ "I have a business justification", "This message doesn't contain sensitive information", "Business justification" ] } ], "HasFreeTextOption": "true", "DefaultLanguage": "en-us" } For old outlook it's not working there too. No policy tips, no override option My old outlook version
Cross-Tenant Purview Scan of Fabric Lakehouse fails to ingest Sub-items (Delta Tables)
Environment: Tenant 1 (Consumer): Azure Purview (Microsoft Purview Data Map). Tenant 2 (Provider): Microsoft Fabric (Capacity + Workspaces). Architecture: Purview in Tenant 1 is scanning Fabric in Tenant 2 via the "Fabric" Data Source using Azure Auto-Resolve Integration Runtime. The Issue: I can successfully scan and see Item-level metadata (e.g., Workspace Name, Lakehouse Name). However, I am getting Zero sub-item visibility. No Delta Tables, no Columns, and no sub-item lineage are being ingested into Purview. Configuration Verified: Service Principal (SPN): Created an App Registration in Tenant 2 (Fabric Tenant). Permissions: The SPN is a Member (and I tested Admin) of the target Fabric Workspace. Fabric Admin Settings (Tenant 2): Allow service principals to use read-only admin APIs: Enabled for the SPN's Security Group. Enhance admin APIs responses with detailed metadata: Enabled. Enhance admin APIs responses with DAX and mashup expressions: Enabled. My Specific Questions for the Product Team / MVPs/Members: Authentication Flow: For sub-item ingestion (Delta Tables) to work cross-tenant, is it sufficient for the SPN to be a standard App Registration in Tenant 2 (Provider), or does Fabric require the "Cross-Tenant Access" (Guest User) flow where a shadow SPN is created via the specific trusted external tenants configuration? API Limitation: Is the "Enhanced Metadata" API payload (metadata/subartifacts) restricted to Same-Tenant calls only during the current Preview? I suspect the API is returning a standard payload instead of the enhanced one due to the cross-tenant boundary. Workaround: Has anyone successfully forced ingestion of Delta Tables cross-tenant by using the Apache Atlas REST API to manually inject the schema entities, or is there a specific hidden toggle in the Fabric Admin Portal (perhaps specifically for "External Principals") that I am missing?
