Custom SITs fine tunned in MIP
Hello Everyone, Currently working on MS Purview Solutions greenfield deployment project for one of the customer for on-premise data and M365 data. I have created few custom SITs classifiers with regex pattern in the MIP portal almost 3 months ago and it's classifying the data as expected but with some false positives. All of them are fine-tuned to prevent false positives. It's scanning and classifying the newly created M365 data as expected. However it's not reclassifying the previously classified false positive data. How can I forcefully rescan/reclassify the false positive M365 data. I just want to reclassify the data with fine-tuned custom SITs to correctly classify the data before labelling. One more question related to on-prem scanners. I have started the on-prem scanners to scan all the SharePoint sites and Fileshares for any sensitive information. Initially its ran full scan and later it's started as incremental scan. Above scan started before creating the custom SITs and labels. Now I want run a full scan just to classify the data with recommending the labels based on the sensitive data instead of enforcing and applying the label. Can someone throw some light which options need to be select for just recommending the label instead of applying the label. Current configuration as shown below: Any help really appreciated. Regards Anand SunkaSecuring Data with Microsoft Purview IRM + Defender: A Hands-On Lab
Hi everyone I recently explored how Microsoft Purview Insider Risk Management (IRM) integrates with Microsoft Defender to secure sensitive data. This lab demonstrates how these tools work together to identify, investigate, and mitigate insider risks. What I covered in this lab: Set up Insider Risk Management policies in Microsoft Purview Connected Microsoft Defender to monitor risky activities Walkthrough of alerts triggered → triaged → escalated into cases Key governance and compliance insights Key learnings from the lab: Purview IRM policies detect both accidental risks (like data spillage) and malicious ones (IP theft, fraud, insider trading) IRM principles include transparency (balancing privacy vs. protection), configurable policies, integrations across Microsoft 365 apps, and actionable alerts IRM workflow follows: Define policies → Trigger alerts → Triage by severity → Investigate cases (dashboards, Content Explorer, Activity Explorer) → Take action (training, legal escalation, or SIEM integration) Defender + Purview together provide unified coverage: Defender detects and responds to threats, while Purview governs compliance and insider risk This was part of my ongoing series of security labs. Curious to hear from others — how are you approaching Insider Risk Management in your organizations or labs?
eDiscovery for email attachment with encrypted sensitivity labels
We are currently testing encrypted sensitivity labels in conjunction with eDiscovery. We applied an encrypted label to a document, and eDiscovery was able to successfully search for the content in both OneDrive and SharePoint. However, the same functionality does not appear to work for email attachments—the content of encrypted attachments is not searchable. Are there any specific settings or configurations that need to be enabled to support encrypted email attachments in eDiscovery? Thanks
Default Label and Justification Suddenly Stopped Working
Hi, Sometime last week, default labels for documents suddenly stopped working, it still works for emails. Also, there is a configuration where users have to provide a justification to lower a sensitivity label, that stopped working as well. This has all been in place since May and have always worked but just suddenly stopped working last week. I created a new label with the exact configuration to test, but that works perfectly. I have tried recreating the labels that do not work anymore, but nothing changed. Has anyone experienced this and how did you go about it. Thanks, AishatPurview YouTube Show and Podcast
I am a Microsoft MVP who co-hosts All Things M365 Compliance with Ryan John Murphy from Microsoft. The show focuses on Microsoft 365 compliance, data security, and governance. Our episodes cover: Microsoft Purview features and updates Practical guidance for improving compliance posture Real-world scenarios and expert discussions Recent episodes include: Mastering Records Management in Microsoft Purview: A Practical Guide for AI-Ready Governance Teams Private Channel Messages: Compliance Action Required by 20 Sept 2025 Microsoft Purview DLP: Best Practices for Successful Implementation Shadow AI, Culture Change, and Compliance: Securing the Future with Rafah Knight 📺 Watch on YouTube: All Things M365 Compliance - YouTube 🎧 Listen on your favourite podcast platform: All Things M365 Compliance | Podcast on Spotify If you’re responsible for compliance, governance, or security in Microsoft 365, this is for you. 👉 Subscribe to stay up to date – and let us know in the comments what topics you’d like us to cover in future episodes!New blog post: Is Your Data Ready for Microsoft 365 Copilot?
Is Your Data Ready for Microsoft 365 Copilot? Microsoft 365 Copilot is a game-changer for productivity, but here’s the catch: Copilot surfaces what users already have access to. If your governance isn’t in order, sensitive data could be exposed. In my latest blog, I share: ✅ How to prevent oversharing in Teams & SharePoint ✅ Why sensitivity labels are critical for Copilot ✅ How to monitor usage and avoid shadow AI ✅ Why you don’t need perfect governance to start 📖 Read the full blog: Microsoft 365 Copilot Data Readiness Checklist 👉 What’s your biggest challenge with Copilot readiness? Drop your thoughts below!
Firewall/Proxy allow-list for onboarding devices and Microsoft Purview
We are enabling Microsoft Purview in our Microsoft 365 tenant and onboarding clients. We need to finalize our network firewall/proxy allow-list. Please hlep us confirm the required ports, IP ranges, service tags, and FQDNs for client(onboarding device)-to-Microsoft Purview Service communication?
Managing Multi-Tenant Azure/365: Workarounds for Cross-Tenant Limitations in Purview and Fabric
I am working in a Microsoft Azure/365 multi-tenant setting due to some constraints. I am using Purview (Tenant1) and Fabric (Tenant2), M365 in (Tenant 2). I'm facing issues with various solutions due to cross tenant limitation for eg: Data Quality Connection, Metadata ingestion, lineage, etc. To overcome this I am exploring various workarounds. Key Question: 1. Are there proven workarounds or solutions to manage data estate in this scenario? (Can't merge /migrate tenants)Java MIP SDK 1.17.154: commitAsync() TemplateNotFoundError (C# OK; Java fails Win & Ubuntu)
TL;DR Java SDK 1.17.154: calling setLabel() then commitAsync() fails with TemplateNotFoundError (TemplateId=2ea3c830-...). Same label/code works on Java 1.16.x and C# 1.17.154. Policy cache cleared, templates/labels verified, token/tenant checked—issue persists. Environment SDK (Java): 1.16.x (OK), 1.17.154 (FAIL) SDK (C#): 1.17.154 (OK) OS (Java): Windows 10/11 (win32 build), Ubuntu 20.04 / 22.04 / 24.04 Java: Corretto/OpenJDK 17.0.16 (x64) Service/Tenant: Microsoft Purview Information Protection Auth: (e.g., user delegated token / app-only token) Code Snippet (Java) // Label apply options LabelingOptions labelingOptions = new LabelingOptions(); labelingOptions.setAssignmentMethod(AssignmentMethod.PRIVILEGED); labelingOptions.setDowngradeJustified(true); labelingOptions.setJustificationMessage("Label Apply"); // Get label Label label = fileEngine.getLabelById(labelId); // Apply label (no explicit template handling) fileHandler.setLabel(label, labelingOptions, new ProtectionSettings()); // Commit File workFile = new File(domainFolder, UidUtil.makeUid()); CompletableFuture<Boolean> commitFuture = fileHandler.commitAsync(workFile.getAbsolutePath()); commitFuture.get(); // <-- Throws TemplateNotFoundError on 1.17.154 Stack trace excerpt: Caused by: com.microsoft.informationprotection.internal.gen.Error: TemplateNotFoundError: Could not find template with id: 2ea3c830-5a0e-4eea-b48b-c72186d453c0, BadInputError.Code=General, CorrelationId=42ffaad4-3a0f-4986-ba9d-b5a79c5fd076 (ProtectionEngine), CorrelationId=16819f70-e419-473f-9895-c756f3dd5e4b (FileHandler) at com.microsoft.informationprotection.internal.gen.SdkWrapperJNI.SwigDirector_FileHandler_Observer_OnCommitFailure(SdkWrapperJNI.java:2688) Expected Behavior setLabel() should apply the label (and its protection) and commit successfully, as it does in Java 1.16 and C# 1.17.154. Actual Behavior commitAsync() fails with TemplateNotFoundError for the GUID referenced by the label’s ApplyProtectionAction. What I’ve Tried Policy/cache refresh: Deleted %LOCALAPPDATA%\Microsoft\MSIP\ / ~/.mip/, reloaded engine. Template/label verification: Confirmed existence and publish scope in Purview portal & via PowerShell/Graph. Label actions check: policyEngine.getLabelActions(labelId) shows an ApplyProtectionAction with that GUID. Token/tenant sanity check: Correct scopes and same tenant. Rollback test: Java 1.16 works; C# 1.17.154 works. Questions Any breaking change in Java 1.17 regarding how protection templates are resolved during setLabel()? Is this a known issue specific to Java SDK 1.17.154 (win32 & Ubuntu 20/22/24 builds)? Should we now explicitly use ProtectionDescriptor / SetProtection() in Java? Can someone review the service logs using the CorrelationIds above? Happy to provide additional logs, PowerShell/Graph queries, or action dumps if needed. Thanks!
