Getting Contextual Summary from SIT(Sensitive info types) via PowerShell cmd
Hi, I am using a PowerShell command(Export-ContentExplorerData) to extract data from an SIT. In the response, I am getting most of the data but I am interested in getting the matching primary element from Contextual summary(Content explorer) https://learn.microsoft.com/en-us/powershell/module/exchange/export-contentexplorerdataHelp! Sensitivity label applied to whole tenant mistakenly with Watermark
We create a sensitivity label to have a watermark to be applied on the files on where it assigned but accidentally or due to misconfiguration, the watermark applied to whole tenant and the files, need a solution to automatically removed these watermarks from the files wherever it is applied. Please assist, TIA... .
New Blog | Embracing the Data Protection and Data Privacy Act
By Manny Sahota In an era where data breaches and privacy concerns are at the forefront of concerns, the Data Protection and Data Privacy (DPDP) Act 2023 emerges to enhance protection for individuals' personal information. This landmark legislation signifies a pivotal shift in the global data privacy landscape, imposing rigorous standards for data handling and compelling organizations to elevate their data protection measures. As we navigate the intricacies of compliance with the DPDP. Microsoft Compliance Manager emerges as a tool to help our customers meet regulatory obligations. Compliance regulations protect customers and the organizations they serve, and Microsoft Compliance Manager is here to help protect private data. Unpacking the DPDP Act 2023 The DPDP Act 2023 introduces a stringent legal framework aimed at safeguarding personal data against misuse, unauthorized access, and breaches. It mandates comprehensive data protection protocols, consent mechanisms for data collection, and stringent penalties for non-compliance, thereby setting a new benchmark for data privacy. This act underscores the importance of responsible data stewardship, emphasizing transparency, security, and the individual's right to privacy. For organizations, the enactment of the DPDP Act 2023 signifies a call to action—a mandate to reassess and fortify their data handling practices. It necessitates a holistic approach to data privacy, requiring robust governance, risk management, and compliance (GRC) frameworks to ensure adherence to the law. This is where the strategic deployment of Microsoft's Compliance Manager can make a substantial difference. Read the full post here: Embracing the Data Protection and Data Privacy Act: A Strategic Approach with Microsoft's Compliance
Meet Your New Cybersecurity Sidekick - Microsoft Security Copilot Agents
Imagine if your security team had a super-smart assistant that never sleeps, learns from every task, and helps stop cyber threats before they become disasters. That’s exactly what Microsoft’s new Security Copilot Agents are designed to do. Why Do We Need Them? Cyberattacks are getting sneakier and faster many now use AI to trick people or break into systems. In fact, 67% of phishing attacks in 2024 used AI. Meanwhile, security teams are drowning in alerts 66 per day on average and 73% of experts admit they’ve missed important ones. That’s where Security Copilot comes in. It’s like having an AI-powered teammate that helps you investigate threats, fix issues, and stay ahead of attackers. What Are Security Copilot Agents? Think of these agents as mini digital coworkers. They’re not just chatbots they’re smart, adaptable tools that: Learn from your feedback Work with your existing Microsoft security tools Help you make faster, better decisions Keep you in control while they handle the heavy lifting They’re built to be flexible and smart unlike traditional automation that breaks when things change. Real-World Examples of What They Do Here are a few of the agents already available: Phishing Triage Agent: Automatically checks if a suspicious email is a real threat or just spam. It explains its reasoning in plain language and learns from your feedback. Alert Triage Agents (in Microsoft Purview): Helps prioritize which security alerts matter most, so your team can focus on the big stuff first. Conditional Access Optimization Agent (in Microsoft Entra): Keeps an eye on who has access to what and flags any gaps in your security policies. Vulnerability Remediation Agent (in Microsoft Intune): Spots the most urgent software vulnerabilities and tells you what to fix first. Threat Intelligence Briefing Agent: Gives you a quick, customized report on the latest threats that could affect your organization. Even More Help from Partners Microsoft is also teaming up with other companies to build even more agents. For example: OneTrust helps with privacy breach responses. Tanium helps analysts make faster decisions on alerts. Fletch helps reduce alert fatigue by showing what’s most important. Aviatrix helps diagnose network issues like VPN or gateway failures. BlueVoyant: helps to assess your SOC and recommends improvements. Why It Matters These agents don’t just save time they help your team stay ahead of threats, reduce stress, and focus on what really matters. They’re like having a team of AI-powered interns who never get tired and are always learning. Learn More 📢 Microsoft Security Blog: Security Copilot Agents Launch 🎥 https://aka.ms/SecurityCopilotAgentsVideo
Sensitivity Labels not working as expected
Hi experts, I've been playing with sensitivity labels recently and I'm in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I'm not sure why. Hope I can find some help here. Here is what I have configured and what is the experience during our testing Email should inherit sensitivity label form attachment I have label for documents set as required , and email is set to no default label and selected "inherit" label from attachment I have "Confidential\View Only" label that has allowed only "View rights / Reply / Reply all" allowed permission. Testing experience: For emails, when I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc... and the recipient can forward with no issues. Looks like inheritance of label from attachments to email is not working at all. When I (as a recipient) download the attachment, I see that the document has restricted permissions (can't print, save, etc) so it looks it is working on the document level. "Confidential\Internal" label should be blocked I can share with external users via SharePoint ...and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important - I have "MS Entra for Sharepoint enabled" DLP is configured to check Sharepoint, Emails, OneDrive for "Confidential\Internal" for "content shared outside the organization" and "sensitivity label Confidential\Internal" and BLOCK it DLP works fine for emails with attachments labelled with this label, and it is blocked as expected Confidential\Internal is blocked in the outlook when trying to send email when I am sending an attachment with Confidential\Internal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only - which is nice, but the experience I get is much better as users can correct recipients instantly (FYI - I am using NEW Outlook - need to check later this week with the testers if they are on Old or NEW one) Its a bit of text, and I apologize... Wanted to describe is as best as I can 🙂 ... and hopefully help anyone else facing the same... Would be grateful for your help.... As the testing is super time consuming due to the fact that any change I make to sensitivity label and policy, I prefer to wait recommended 24 hrs to see if it had any effect.... Update: forgot to ask, why I see some "built-in" labels when creating emails? When I go to "More Options", in new email, I can see the below: When I go through New Email > Options > Sensitivity - I can see the labels I configuredDLP Alerts Issue - Windows Defender
Hi, I am encountering an issue where a single file containing multiple policy matches triggers multiple DLP alerts defined for Exchange. I would prefer to receive just one alert per email, regardless of the number of files or policy/rule matches in Windows Defender. Any suggestions on how to resolve this would be greatly appreciatedFile Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?How to Solution Prevent User Downgrade Sensitivity Label is changed
Hi Everyone , Now I use Microsoft 365 E3 + Microsoft 365 E5 Information Protection and Governance. I am looking for a way to prevent User Downgrade Sensitivity Label from High to Low. I understand that before they change the label, they have to comment and they can change it. Is there any solution that can block this or notify from the log?New Blog Post | Migrating from Windows Information Protection to Microsoft Purview
By Edwin Chan Introduction In July 2022 we announced the sunsetting here: Announcing the sunset of Windows Information Protection (WIP) - Microsoft Community Hub of Windows Information Protection (WIP). The last version of windows to ship with WIP will be Win11 24H2, it will be the first version to not include WIP. However, the decryption capabilities will remain. Why are we doing this? Windows Information Protection, previously known as Enterprise Data Protection (EDP), was originally released to help organizations protect enterprise apps and data against accidental data leaks without interfering with the employee experience on Windows. Over time, many of you have expressed a need for a data protection solution that works across heterogenous platforms, and that allows you to extend the same sensitive data protection controls on endpoints that you have for the various SaaS apps and services you rely upon every day. To address these needs, Microsoft has built Microsoft Purview Data Loss Prevention (DLP), which is deeply integrated with Microsoft Purview Information Protection to help your organization discover, classify, and protect sensitive information as it is used or shared. What scenarios are in scope? WIP provided customers with the following key capabilities: Extend data protection to managed and unmanaged devices Protect enterprise data at rest when it's stored on a protected device Restrict which apps, removable drives, printers, network shares, and sites are allowed or restricted from copying, accessing, and storing sensitive data Classify data based upon the app or site where it was created, copied, or downloaded. Granular controls to designate different levels of data access restrictions Remote wipe sensitive data at rest How does deprecation impact WIP users? WIP as an offering is no longer under active feature development. The sunset process will follow the standard Windows client feature lifecycle, which shows which existing features and capabilities are supported and for what timelines. This was announced in July here. Following this deprecation announcement, the Microsoft Endpoint Manager team announced ending support for WIP without enrollment scenario by EOY 2022, which only impacts unmanaged devices. The announcement by the Microsoft Endpoint Manager team is here. Please visit the Microsoft Endpoint Manager announcement for the latest on the decommissioning of MEM’s support for the ‘unenrolled’ scenario. How should you respond to the deprecation notice? If you are using WIP without enrollment, Microsoft will be communicating with you directly about the impact to your devices and the timelines for that impact. Please keep an eye on the message center for the latest updates. Microsoft Endpoint Manager will continue to support WIP with enrollment (managed devices) scenarios for the duration of the OS lifecycle (until 2026) and will continue to offer options to enroll both corporate and personal devices for management (and subsequently to receive WIP policy). How do I start planning for this change? Refer to this chart for a breakdown of WIP capabilities and how they map to Purview: Read the full post here: Migrating from Windows Information Protection to Microsoft Purview
