Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?
Hidden Group and Hidden Group Membership
Hi everyone! I have come across a requirement where the client would like to use an excel spreadsheet, a service account and application registration to manage group membership for a confidential group. They would like to create a group from which the members cannot leave, see other team members and cannot see the group itself. Now, I have the concept of the flow with me but for the life of me, I cannot get around to finding/configuring a group that meets the requirement. Have you guys come across this sort of scenario? Group Configuration: Users should not be able to view the group Users should not be able to view members of the group Users should not be able to leave the group Thanks in advance.
Forms update
I use MS Forms for collecting data to excel file and frequently make corrections to typos and wrong entries. If I now update my existing Forms as instructed, will the corrections/alterations get overwritten by faulty data from the Forms probably still saved in the cloud. I would prefer to continue using these Forms, but I cannot risk loosing the corrections that I have made during longer period. I have made Backups but rebuilding my Forms and data model will cause me a lot of extra work. Please advice asap. Mikulof
Mail enabled AD accounts
I have a question about email delivery to Mail enabled AD accounts. I am aware that these types of accounts are useful when you need to provide an external person like a contractor a login but don't want to provide them with a mailbox. You can add their external email address to the email field in Entra but they login with your companies UPN. Apparently there is also a license saving here as you dont need to assign them an E5 My questions are: If I put their UPN as the recipient of an email and send it will EXO fail to deliver it since they don't have an EXO mailbox? Or will it deliver to the external mail address set in the mail address field in their user account? How does advanced features like purview etc work if they don't have an E5? What's the process to create one of these mail enabled users?
How do I apply retention label to a folder in a SharePoint library?
Hello All, Can you please advice how do I apply a "Retention label" (Created in M365 compliance centre) to folders in a Document Library? I created this retention label below I published this label and it now appears in document library, but at a individual document level as shown below I am not sure how to make the same appear at a folder level. Note : In the actual customer scenario, they would like different retention labels to be applied to different "folders" (ie, users should be able to apply retention labels to folders, so that the documents inside those folders follow the label applied at folder level). For achieving this, I heard that we only need to create a retention label (not retention policy) as we are looking at a "Folder" level here (not site level or up). However I am not sure how to do it. Please advice.How do I apply auto labelling policy based on a folder name in M365 Purview?
Condition --> When a folder name is "Finance", then auto apply the label "Indefinite" to the folder (and it's items inside it). So I Created a "auto apply label" and selected this retention label "indefinite" to it. I am having trouble writing the CONDITION which actually looks for folder named "Finance". Can you help me with that? I searched up various resources but can't find a single video or resource which explains how to write the above condition to apply a label when a folder name is matching a name mentiond in a query. Here is the auto label policy I am trying out This is what some of the resources in web suggested, but It doesn't work The above policy si active, but I can't see the auto label applied to the folder, or any document inside the Finance folder (See below). Is there a issue with the syntax?How do I ensure a document/folder is not automatically deleted after retention label period lapses?
Hello All, I have retention label created in M365 compliance centre, which appears as document metadata (As expected) in the document library as shown below One of the objectives is that the below retention label needs to appear at a folder level (one level up), rather than at document level. The desired outcome is that once this 3 years has lapsed, the folder should NOT be automatically deleted. It should be manually actioned by user (and the documents underneath the folder) When I created this retention label, here are the sequence of screens I went through ( I did not see the option that says "do nothing") when retention period lapses here is the retention period setting screen Here is the screenshot below that I have question about. Where is the option that says "dont do anything" after retention period lapses? It seems like I dont have that option here (Is it a setting that I need to enable somewhere?) . My goal is to have control over manually deleting documents (while respecting retention policies) without automatic deletion occuring. So my 2 questions here in this post are : 1) How do I apply this retention label to a folder (instead of individual document level)? 2) In the last screenshot above, how do I enable the option to "not do anything" (After retention period lapses)?DLP Policy Tips Get New Premium Conditions
MC894577 announces that DLP policy tips displayed in Outlook will soon support a set of new conditions. That’s good, but the text of the announcement is unclear about important points like the clients that will support the new policy tips, what kinds of groups are supported by the conditions, and precise details of how Outlook will differentiate between users with Office 365 E3 and E5 licenses. https://office365itpros.com/2024/09/25/dlp-policy-tips-premium/Office 365 Customers Emails being silently blocked with certain Media[]Fire URL's.
We have heard from 3 different Office 365 customers that sending to or from Office 365 accounts using protection.outlook.com results in emails with certain media[]fire.com URL's being blocked or dropped. A similar incident happened several years ago. Folder ULR's are not blocked, but image viewing URL's are: hXXps://www[.]media[]fire[.]com/view/pxxxxxot3rflsw2/A44_Final_Logo%25282%2529.jpg/file (URL changed for customer privacy). We have tested through outlook.com to Gmail and from Gmail to Outlook without any issue so it seems specific to Office 365 customers since all impacted are using custom domains. i.e. xxxx-com[.]mail.protection.outlook[.]com. There doesn't seem to be any mechanism to report a false positive from outside of being an Office 365 admin and it seems the customers impacted are not familiar enough with these systems to investigate and make the report. How or who can we contact to have this false positive corrected?
If document with sensitivity label with user right is sent outside organization
If a document with a sensitivity label with certain control access of a user group (AD group) is sent outside organization as an attachment (different tenant with no guest user profile for the sender): What kind of behavior the recipient will face if he tries to open the attachment?
