Two sensitivity labels on PDF file
Hi everyone, First time poster here. We encountered an interesting issue yesterday where we had a user come to us with a PDF that had two sensitivity labels attached. In Purview activity explorer, we can see the file hit the DLP policy and the two labels, but when trying to replicate the issue cannot do it, or see how this has been done. Has anyone else encountered a similar issue? We were able to remove labels in our PDF editor but in Office suite once a label is applied, I could not see a way to remove it. We tried applying a label to a Doc file, converting to PDF and then seeing if it was there where it was being asked for another label but it was not, it just let us change the original. Many thanks in advance!
Block transfer of labelled data through CLI Apps - Powershell
I have a ticket open with microsoft since mid november, and to date not fixed, still chasing. So we have labelled data, using a custom label intellectual property. We block and alert using it, from uploads to list of urls, to prompt to override, etc. So the label works. Next step is to prevent exfil using Cli apps. This is where the issue is.. Not working. Would you have any idea if this actually works? Has anyone set it up? In settings and then Restricted apps and app groups I have setup the following: Then I created a policy that is applied to my machine and my user to block the move and upload of data that is labelled as Intellectual Property (Sensivity Label) It should block when I am using WinSCP or powershell. It does not. I tried with the restricted app group and with access by restricted apps. None works My machine is in sync
Data Quality Error (Internal Service Error)
I am facing an issue while running the DQ scan, when i tried doing manual scan and scheduled scans both time i faced Internal Service Error. ( DataQualityInternalError Internal service error occurred .Please retry or contact Microsoft support ) Data Profiling is running successfully but for none of the asset, DQ is working. After the lineage patch which MS had fixed, they had introduced Custom SQL option to create a rule, and after that only i am facing this issue. Is anyone else also facing the same? I tried with different data sources (ADLS, and Synapse) its same for both. If anyone has an idea, do share it here, it will be helpful.Share Your Experience with Microsoft Purview on Gartner Peer Insights!
When deciding which products to include in an RFP or to purchase, companies often look at reviews from real customers. At Microsoft, we are committed to delivering top-notch security solutions that meet your needs and exceed your expectations. Additionally, we’re always looking to get more online reviews from users of our products. You would have the chance to help your peers, who can benefit from your experiences and feedback so that they buy products they can trust. And as a token of our appreciation for taking 10 minutes to fill out a review, Gartner Peer Insights will prompt you to choose a $25 USD gift card option! How to Submit Your Review for Microsoft Purview Communication Compliance: Click this direct link: Purview Communication Compliance. You’ll be prompted to create an account first or log in. Once you have completed your review, GPI will prompt you to choose a gift card option. As soon as your review is approved, the card will be made available to you digitally. You can also click this link to review other Microsoft Security Products that you are familiar with. Privacy/Guidelines: Please Note: Only Microsoft customers are eligible to participate. Microsoft partners, MVPs and Microsoft employees are not eligible. Microsoft Privacy Statement Gartner’s Community Guidelines & Gartner Peer Insights Review Guide Please feel free to comment on this post or message RenWoods with any questions!
DLP USB Block
Currently we have DLP policies setup to block the use of USB devices and copying data to it. When checking the activity explorer I am still seeing user's able to copy data to USB devices and for the action item it says "Audit" when in the DLP policies we explicitly set it to block. Has anyone run into this issue or seen similar behavior?
Microsoft Compliance Assessment issues - ASD L1
Hi, We are using Microsoft Compliance Assessments in Microsoft Purview In the Microsoft Compliance Manager we have enabled the ASD Essentials Level 1 assessment Under the Microsoft Actions There are 2 actions, one is: Malicious Code Protection - Periodic and Real-Time Scans (SI-0116) The issue that currently the testing status is 'failed low risk' , but the testing status has the date tested as Monday Sep 30 2024, well before we opened the assessment, also with notes that are completely irrelevant to this client and certainly not something we have put in. The information in there is quite long, I can provide a txt file with this information I have checked the documentation and we have implemented the required security configuration With these items set the way they are we have no way to complete the assessmentMIP SDK cannot read file labels if a message was encrypted by Outlook Classic.
C++ application uses MIP SDK version 1.14.108. The application does Office files decryption and labels reading. The problem with labels reading is observed. Steps to reproduce: Create a docx file with a label which does not impose encryption. Open Outlook Classic, compose email, attach the document from 1, click Encrypt, send. During message sending our application intercepts encrypted by Outlook docx file in temporary folder C:\Users\UserName\AppData\Local\Temp Application decrypts the intercepted file using mipns::FileHandler::RemoveProtection. Visual inspection demonstrates that decryption runs successfully. Then a separate FileHandler for decrypted file is created, and mipns::FileHandler::GetLabel() returns an empty label. It means that the label was lost during decryption. Upon visual inspection of the decrypted file via Word we can see that the label is missing. Also, we do not see MSIP_Label* entries in meta data (File -> Info -> Properties -> Advanced Properties -> Custom). Here is a fragment of MIP SDK reducted log during file handler creation ================= file_engine_impl.cpp:327 "Creating file handler for: [D:\GitRepos\ ...reducted]" mipns::FileEngineImpl::CreateFileHandlerImpl gsf_utils.cpp:50 "Initialized GSF" `anonymous-namespace'::InitGsfHelper data_spaces.cpp:415 "No LabelInfo stream was found. No v1 custom properties" mipns::DataSpaces::GetLabelInfoStream data_spaces.cpp:428 "No LabelInfo stream was found. No v1 custom properties" mipns::DataSpaces::GetXmlPropertiesV1 file_format_base.cpp:155 "Getting protection from input..." mipns::FileFormatBase::GetProtection license_parser.cpp:233 "XPath returned no results" `anonymous-namespace'::GetXmlNodesFromPath license_parser.cpp:233 "XPath returned no results" `anonymous-namespace'::GetXmlNodesFromPath license_parser.cpp:299 "GetAppDataNode - Failed to get ID in PL app data section, parsing failed" `anonymous-namespace'::GetAppDataNode api_log_cache.cpp:58 "{{============== API CACHED LOGS BEGIN ============}}" mipns::ApiLogCache::LogAllMessages file_engine_impl.cpp:305 "Starting API call: file_create_file_handler_async scenarioId=89fd6484-7db7-4f68-8cf7-132f87825a26" mipns::FileEngineImpl::CreateFileHandlerAsync 37948 default_task_dispatcher_delegate.cpp:83 "Executing task 'ApiObserver-0' on a new detached thread" mipns::DefaultTaskDispatcherDelegate::ExecuteTaskOnIndependentThread 37948 file_engine_impl.cpp:305 "Ended API call: file_create_file_handler_async" mipns::FileEngineImpl::CreateFileHandlerAsync 37948 file_engine_impl.cpp:305 "Starting API task: file_create_file_handler_async scenarioId=89fd6484-7db7-4f68-8cf7-132f87825a26" mipns::FileEngineImpl::CreateFileHandlerAsync file_engine_impl.cpp:327 "Creating file handler for: [D:\GitRepos\...reducted....docx]" mipns::FileEngineImpl::CreateFileHandlerImpl file_format_factory_impl.cpp:88 "Create File Format. Extension: [.docx]" mipns::FileFormatFactoryImpl::Create file_format_base.cpp:363 "V1 metadata is not supported for file extension .docx. Setting metadata version to 0" mipns::FileFormatBase::CalculateMetadataVersion compound_file.cpp:183 "Open compound file for read" mipns::CompoundFile::OpenRead gsf_utils.cpp:50 "Initialized GSF" `anonymous-namespace'::InitGsfHelper compound_file_storage_impl.cpp:351 "Get Metadata" mipns::CompoundFileStorageImpl::GetMetadata compound_file_storage_impl.cpp:356 "No Metadata, not creating GSF object" mipns::CompoundFileStorageImpl::GetMetadata metadata.cpp:119 "Create Metadata" mipns::Metadata::Metadata metadata.cpp:136 "Got [0] properties from DocumentSummaryInformation" mipns::Metadata::GetProperties compound_file_storage_impl.cpp:351 "Get Metadata" mipns::CompoundFileStorageImpl::GetMetadata compound_file_storage_impl.cpp:356 "No Metadata, not creating GSF object" mipns::CompoundFileStorageImpl::GetMetadata metadata.cpp:119 "Create Metadata" mipns::Metadata::Metadata metadata.cpp:136 "Got [0] properties from DocumentSummaryInformation" mipns::Metadata::GetProperties =================
Error trying to Connect-PnPOnline
Hi! I'm using PowerShell in VSC to run the following script: # Install PnP PowerShell module if not already installed # Install-Module PnP.PowerShell -Force # Define SharePoint site URL, folder path, and the sensitivity label to apply $SiteUrl = "https://yourtenant.sharepoint.com/sites/yoursite" $FolderPath = "Shared Documents/YourFolder" # Example: "Documents/ConfidentialData" $SensitivityLabelId = "YourSensitivityLabelId" # The GUID of your sensitivity label # Connect to SharePoint Online Connect-PnPOnline -Url $SiteUrl -UseWebLogin # This will open a browser for authentication # Get all files in the specified folder $Files = Get-PnPListItem -List "Documents" -Folder $FolderPath | Where-Object { $_.FileSystemObjectType -eq "File" } # Loop through each file and apply the sensitivity label foreach ($File in $Files) { Write-Host "Applying label to: $($File.FieldValues.FileRef)" Set-PnPSensitivityLabel -ListItem $File -SensitivityLabelId $SensitivityLabelId } Write-Host "Sensitivity label application complete." I keep getting this error, "OperationStopped: Unable to load DLL 'msalruntime' or one of its dependencies: The specified module could not be found. (0x8007007E) See https://aka.ms/msal-net-wam#troubleshooting" I'm using: ExchangeOnlineManagement version 3.9.0 PnP.Powershell version 3.1.0 VSC version 1.107 PowerShell version 7.5.3.0 I've tried changing Connect-PnpOnline from "UseWebLogin" to "Interactive" (that asks for an Entra ID App Reg and says it's not supported). Any idea where this going wrong?Clarification related to JIT for EDLP
Can someone help clarify how JIT actually works and in which scenario we should enable JIT. The Microsoft documentation is very differently from what I’m observing during hands-on testing. I enabled JIT for a specific user (only 1 user). For that user, no JIT toast notifications appear for stale files when performing EDLP activities such as copying to a network share, etc. However, for all other users even though JIT is not enabled for them their events are still being captured in Activity Explorer. See SS below.
