How to apply sensitivity labels to external emails received in my Outlook?
I have created a sensitivity label and an auto-labeling policy that applies the label when an email contains sensitive information. When an internal user sends the email, the label is applied correctly. But when I receive an email with sensitive information from an external user, the label is not applied. How can I apply the sensitivity label to emails that come from external users?
Customized Oversharing Dialog not working for Exchange DLP
Hi Team, When I'm enabling policy tip as a dialog for custom content. This is not working. I'm testing this option on new outlook. and this is my JSON file { "LocalizationData": [ { "Language": "en-us", "Title": "Add a title", "Body": "Add the body", "Options": [ "I have a business justification", "This message doesn't contain sensitive information", "Business justification" ] } ], "HasFreeTextOption": "true", "DefaultLanguage": "en-us" } For old outlook it's not working there too. No policy tips, no override option My old outlook version
Cross-Tenant Purview Scan of Fabric Lakehouse fails to ingest Sub-items (Delta Tables)
Environment: Tenant 1 (Consumer): Azure Purview (Microsoft Purview Data Map). Tenant 2 (Provider): Microsoft Fabric (Capacity + Workspaces). Architecture: Purview in Tenant 1 is scanning Fabric in Tenant 2 via the "Fabric" Data Source using Azure Auto-Resolve Integration Runtime. The Issue: I can successfully scan and see Item-level metadata (e.g., Workspace Name, Lakehouse Name). However, I am getting Zero sub-item visibility. No Delta Tables, no Columns, and no sub-item lineage are being ingested into Purview. Configuration Verified: Service Principal (SPN): Created an App Registration in Tenant 2 (Fabric Tenant). Permissions: The SPN is a Member (and I tested Admin) of the target Fabric Workspace. Fabric Admin Settings (Tenant 2): Allow service principals to use read-only admin APIs: Enabled for the SPN's Security Group. Enhance admin APIs responses with detailed metadata: Enabled. Enhance admin APIs responses with DAX and mashup expressions: Enabled. My Specific Questions for the Product Team / MVPs/Members: Authentication Flow: For sub-item ingestion (Delta Tables) to work cross-tenant, is it sufficient for the SPN to be a standard App Registration in Tenant 2 (Provider), or does Fabric require the "Cross-Tenant Access" (Guest User) flow where a shadow SPN is created via the specific trusted external tenants configuration? API Limitation: Is the "Enhanced Metadata" API payload (metadata/subartifacts) restricted to Same-Tenant calls only during the current Preview? I suspect the API is returning a standard payload instead of the enhanced one due to the cross-tenant boundary. Workaround: Has anyone successfully forced ingestion of Delta Tables cross-tenant by using the Apache Atlas REST API to manually inject the schema entities, or is there a specific hidden toggle in the Fabric Admin Portal (perhaps specifically for "External Principals") that I am missing?
Purview Unified Catalogue Gov Domains Numeric Prefixing
Has Anyone Tried Numeric Prefixing for Governance Domains in Purview? Context: We introduced a structured numeric prefixing system for governance domains in Microsoft Purview to make hierarchical sorting more intuitive. What we did: Parent domains use a base prefix ending in .00 (e.g., 02.00 Group). Child domains are numbered sequentially (e.g., 02.01 Directorate, 02.01.01 Team). Why: Purview sorts domains alphabetically, which caused child domains (e.g., 02.01) to appear above their parent (02 Group). Adding .00 ensures parents always sort before children, creating a clear hierarchy. How it works: All already have 01.00- Top-level groups: 02.00 Directorates: 02.01, 02.02 Teams/Units: 02.01.01 This approach guarantees correct sorting, clear hierarchy, and scalability for future additions? Question for the community: Has anyone else implemented a similar numeric prefixing approach in Purview? Do you think this is a good idea for maintaining clarity and scalability? Any alternative strategies you’ve found effective?Issue with the Canadian Drivers License SIT
Did any face an issue with the Canadian Driver's License SIT in the DLP policy? We see a lot of false positives especially around BC province number, NB, PrinceEdward Island and Saskatchewan. These provinces has just digits which can flag any kind of digits. Even if we use some custom RegEx and reduced keyword list, it still flags a lot of false positives. We see this as more and more customers are not happy with it. Has anyone found a breakthrough or best solution for deploying the Canadian Driver's License DLP?Downgrading of encrypted label (User defined permission) in SPO to Desktop app
Hi I have a file stored in SharePoint that was originally labeled Restricted with user-defined encryption. When I open the word file from SharePoint using a desktop Office application and downgrade the label to Internal, the original encryption and permissions are still retained. This issue occurs only when opening the file from SharePoint into the desktop app—the previous protection settings persist even though the sensitivity label correctly updates to Internal. I’ve attached a screenshot for reference. Is there any official Microsoft documentation that explains why this behavior occurs and the underlying reason for it? Additionally, what is the recommended workaround if I want to fully remove user-defined permissions when downgrading the label? I have already tried reapplying the Internal label, but the file remains encrypted with the prior permissions.
