Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan Rojas
Ingesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available: The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hub but this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs: Microsoft Graph Security API Add-On for Splunk | Splunkbase As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.
Compliance Center DLP Policy Tips
Greetings! We are in the middle of implementing the Compliance Center DLP solution using a variety of the advanced rules. We really love the idea of Policy Tips providing guidance to users on what they should do with their sensitive data. Our model is that we are allowed to send sensitive data to intended and verified recipients as long as it is encrypted. So we have some rules that look for HIPAA and PII and inform the user that they should encrypt before sending. The selling point for us was the ability to provide users an override to the policy in cases where encryption wasn't necessary. It is less common, but makes up about 10% of our use-case. Minus the normal bumps and issues, we are mostly happy with the way the system works! Users can override, encrypt, and we get good visibility on why users are sending data unencrypted if they do, so we can retrain or tune the system. Our issue is, of course, the wonkyness of the PolicyTips and how it checks for certain conditions and may or may not clear when a condition is met/not-met. Issue: A user composes an email headed out of our company that contains sensitive data. The system catches this and throws a Policy Tip requiring they encrypt or override. They say, "oh ya! Thanks for reminding me" and hit that encrypt button. This doesn't clear the Policy Tip or the block condition and they cannot send the email, even though it is encrypted. What I've Tried: I added the exception onto the rules to exempt if the Message Type is: Permission Controlled. I tried Message Type: Encrypted, but it doesn't work correctly at all. With this setup, everything works except the Policy Tip, which get stuck. Example: blue box is original PolicyTip. Red box is button encryption. Current Work-Around: The users hate it, because the button is way easier than the subject tags. Our current work-around is to "Clear the Policy Tip" by 1) Remove encryption by clicking link in PolicyTip, 2) Remove Recipient using same method inside Policy Tip. This resets the Policy Tip, so then the user can push the Encrypt button first, then add recipients, without redrafting the whole email. Help!! What sort of logic do I need to make the Encrypt button clear out the Policy Tips? Or is this just it? Workaround city! Thanks for reading and I'd love any help or guidance. Trust me, I've read every docs.microsoft article I can find about Policy Tips and DLP. But I'll take some more if you have them if they are relevant.DLP Policy Tip Stopped Working in SharePoint/OneDrive
Greetings, I created a DLP policy in Microsoft Purview several years ago to display a policy tip to users and it has been working until recently. No changes have been made to the policy. Now, when I go to a SharePoint document library, whether I hover on a sensitive document to see the "View policy tip" or select on the details pane, I no longer see the policy tip information. If I try to share the sensitive document, I also see the "View policy tip". However, this time it shows a Policy tip details dialog box "Policy tip couldn't be displayed. Please try again." Has anyone seen this? Could you share the solution to fix it? Thanks!
Auto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! Kev
What are the exact steps (the latest) to enable container support in Purview?
I've been pulling my hair out trying to figure this one for the last couple hours. Can someone help me out with the exact steps (the latest) to enable container support (SharePoint Sites, Teams, 365 Groups) in Purview? Thanks in advance !Best practice basics for Labels and DLPs to protect company data
Hello experts, I've been doing some research and testing recently on Information protection and DLP as I would like to deploy it in our organization soon. I am very new into this and found lots of useful information, but still can't answer some very basics for this topic. Would be great to get some advise from ppl that has been using it already. Below are few points that I'm a bit confused and trying to find some clarification. We use exchange online and SharePoint as primary way to exchange information with our external partners. We are licensed with M365 E3 + M365 E5 Security I will create 3-5 labels (based on my testing) and would like to have all documents labelled. For that reason, I would like to use a "default" label feature and have data labelled with that label (Internal) accessible only for internal users. Now, I could achieve it with configuring "Access Control" and allow "All users and groups in your organization" option. This is fine however I've found MS recommendation that default label should not be encrypting data. How can I then achieve that? I've seen advise to remove encryption for that label - but there is no option to remove encryption when configuring "Access Control" for specific users. Or should I just use that label to mark data and do not perform any action? and use DLP to block all emails/documents with Internal label to be shared outside organization? one of the disadvantage I've noticed during testing was that "auto-save" for documents is disabled with encrypted label. I've found that enabling "co-authoring" on tenant should solve that - so I've enabled it and will be testing tomorrow. What is the best way to restrict access between departments within an organization? Should I use Label/Sublabel (e.g. Internal\Legal) approach, or utilize DLP somehow for it? What is the recommended way? I have configured "Confidential" label with "assign permission now" and used "All users and groups in your organization" option, and I cannot select this label in Outlook 365 (when I made it a default label, the email was selected, but when changed to another one and then tried to change back to Confidential, it did not work) I have configured "Restricted" label with "Let user assign permission..." and it works fine for documents (I get a pop up windows to provide allowed users). How this works with emails? Are "allowed users" taken directly from email recipients? As I do not get extra pop up window so I believe it works that way? we are a small company with quite a few external partners - and I would need to prevent emails for abc.com to be sent to xyz.com by human error. Should I use labels access control for it? Or have kind of "external" label and use DLP to check for that label and maybe a subject that needs to mention abc and recipeint is abc.com to allow email externally? These are few very basic questions that I was not able to find answer last few days... First two are a general ones, 3 and 4 are ones that I noticed during my testing. Any advise on this would be great.Unable to Restrict Sensitive Data Access by Microsoft Edge via Endpoint DLP Policy
Hello everyone, I've been running into a peculiar issue where actions we have configured to be blocked via our Endpoint DLP policies do not apply to the Microsoft Edge browser. Currently, we have a DLP policy configured to block attempts to access protected files by a list of restricted apps. Our restricted apps include "firefox.exe", "chrome.exe", "msedge.exe" and "msedgewebview2.exe". When the sensitive content is accessed by either Chrome or Firefox, the DLP policy works correctly (Block with override), but the policy completely refuses to work in any scenario that involves Edge. The data we are using as an example is able to be accessed by the Edge executables without restriction. Has anyone else run into this issue? It's strange to me that for some reason Edge is just completely exempt from the DLP policy actions we have implemented. Thank you!
