File Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?
General Availability: Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint
In today's digital age, protecting sensitive information is more critical than ever. Sensitivity labels from Microsoft Purview Information Protection offer highly effective controls to limit access to sensitive files and to prevent users from taking inappropriate actions such as printing a document, while still allowing unhindered collaboration. However, these controls don't prevent users from taking pictures of sensitive information on their screen or of a presentation being shared either online or in-person, and some forms of screen-shotting can't be blocked with existing technology. This loophole presents an easy way to bypass protections that sensitivity labels enforce on a document, and these pictures can end up in the wrong hands of competitors or the public. Dynamic Watermarking helps address this gap in document security by deterring unauthorized sharing and enabling traceability of leaks. What is Dynamic Watermarking? Dynamic watermarking is a feature that overlays watermarks containing user-specific information on documents. These watermarks are visible when the document is viewed, edited, or shared in Word, Excel, or PowerPoint, deterring leaks and making it easier to trace any unauthorized dissemination of sensitive information. This feature can be configured by the compliance admin on any sensitivity label with admin-defined permissions via the Microsoft Purview compliance portal or PowerShell. When the setting is enabled for a label, files with that label will render dynamic watermarks when opened in Word, Excel, and PowerPoint. Key Features User-Specific Watermarks: Watermarks display the UPN (usually email address) of the user currently viewing the document. Watermark Customizability: Watermarks can be configured to also include the device date-time, enabling admins to know precisely when leaked information was captured, as well as a custom string. Cross-Platform Support: Available on Word, Excel, and PowerPoint for the web, Windows, Mac, iOS, and Android. Seamless Integration: Configurable on sensitivity labels with admin-defined permissions via the Microsoft Purview compliance portal or PowerShell. Enhanced Security: Prevents users from accessing documents with labels configured for dynamic watermarking on Word, Excel, and PowerPoint clients that cannot render dynamic watermarks. Benefits & Differentiators Although there are existing security solutions that may offer different aspects of dynamic watermarking, Microsoft provides the most comprehensive offering with the following differentiators: Broad support in many views (e.g., slide view, notes view, etc.) so it’s not the only the primary application view that’s protected for more comprehensive coverage. Ability to set dynamic watermarking for a sensitivity label and have it apply to all Word, Excel, and PowerPoint files with that sensitivity label (rather than a separate setting), making it easier for admins to apply dynamic watermarking across applications and files all at once. Ability to edit (and coauthor) a watermarked file. Coauthoring enables users to collaborate on Word, Excel, and PowerPoint files that are labeled with sensitivity labels across Web, Windows, Mac, iOS, and Android. Cross-platform support: Web, Windows, Mac, iOS, and Android. When a user attempts to open a file with dynamic watermarks on a version of Office that doesn’t support the feature, they will see an access denied message. Users who don’t have an Office client installed that is capable of dynamic watermarking should use Office for the web to work with watermarked files. Get Started with Dynamic Watermarking When setting up a label in the Purview compliance portal, you can select “Use Dynamic Watermarking” when configuring encryption. You can also configure dynamic watermarking on a sensitivity label using the Set-Label cmdlet in PowerShell. Learn more about configuring sensitivity labels for dynamic watermarking here. For dynamic watermarking for Word, Excel, and PowerPoint, this will require a Microsoft 365 E5, Microsoft 365 E5 Compliance, Microsoft Information Protection and Governance E5, Microsoft Enterprise Mobiity and Security E5, or Microsoft Security and Compliance for Frontline Workers F5 license. These license requirements are necessary to configure dynamic watermarks and apply labels configured for dynamic watermarking. There is no licensing requirement for users to open files with dynamic watermarks. To view the minimum versions needed to open files with dynamic watermarks on all platforms, see Minimum versions for sensitivity labels in Microsoft 365 Apps | Microsoft Learn.Microsoft Information Protection and Compliance Resources
The Microsoft Information Protection and Compliance Customer Experience (CXE) team work with Microsoft's largest enterprise customers to provide guidance and advisory services to help them deploy our information protection and compliance solutions. As part of our community you can speak directly to our engineering teams and get early access to changes by joining our webinars, participating in private previews, reviewing product roadmaps, attending in-person events, or providing feedback on our forums. Getting Started We have lots of resources below to help, but to start with you can review: https://aka.ms/MIPC/GettingStarted Official Documentation A lot of the common questions that customers ask have been captured in our documentation. There are a team of tech writers who work tirelessly to ensure it's accurate and up to date! MIP - https://aka.ms/MIPdocs Compliance - https://docs.microsoft.com/en-us/microsoft-365/compliance/ Licensing Documentation Licensing for different features across the M365 security and compliance product set arefrequently asked questions. M365 Security and Compliance - https://aka.ms/MIPC/licensing Information Protection section - https://aka.ms/MIPC/MIPlicensing White Papers We have documents that we've developed for our customers where we share best practices and guidance to help deploy our solutions. MIP - https://aka.ms/MIPC/DataClassification Zero Trust Deployment Center This contains all of our guidance to help you with your Zero Trust planning and deployment activities. http://aka.ms/ZTGuide You can jump straight to securing your data with Zero Trust - https://aka.ms/ZTData MIP&C Deployment Acceleration Guides (DAGs) We have written a number of guides which will help with: ➢ One Compliance Story covering how to each solution features complement each. ➢ Best Practices based on the CxE teams experience with customer roadblocks. ➢ Considerations to take and research before starting your deployment. ➢ Help Resources links to additional readings and topics to gain a deeper understanding. ➢ Appendix for additional information on licensing. Check out the blog post here https://aka.ms/MIPC/DAGs for more details and the documents. Webinars To check out our upcoming webinars, or recordings of past webinars, visit https://aka.ms/MIPC/Webinars. Private Previews To join our private preview program, where you can get early access to changes in exchange for your feedback. sign-up https://aka.ms/MIPC/JoinPreviews check out the previews page for full details - https://aka.ms/MIPC/Previews Forums Got questions or feedback? Check out our product-specific forums where you can speak directly to our engineering teams. MIP Yammer Channel - https://aka.ms/MIPC/AskMIPTeam MIP Product Feedback - https://aka.ms/MIP/uservoice Compliance Product Feedback - https://aka.ms/CompUV Tech Community - Security, Privacy, & Compliance Code Samples / Scripts You can check out our PowerShell code snippets at: GitHub Repo: https://aka.ms/MIPC/PowerShellSamples Localization migration script: https://aka.ms/MIPC/Blog-LocaleMigration Social Media Hang out on Social Media? Check out the team's presence below and follow and interact with us there as well. MIP: https://Twitter.com/MIPNews Compliance Blog - https://aka.ms/CompBlog MIP Blog - https://aka.ms/MIPblog Thanks! @Adam Bell on behalf of the MIP and Compliance CXE teamNew Place to Chat with the Microsoft Information Protection Team
Happy Wednesday, all! We're constantly working to provide easily accessible channels for direct interaction with our product team including feedback on how to improve your experience with our products! Moving forward, you can: talk to the Microsoft Information Protection team about our product and integrations via our Yammer Channel or provide feedback via our UserVoice Forum. You can also continue to get updates in our Microsoft Information Protection blog. Finally, we have a complete list of resources available here. If you're currently engaged in a conversation, the conversation space will be moved to the Microsoft Security and Compliance conversation space on 9/2. Feel free to comment with any questions regarding channels or informational resources.Retirement notification for the Azure Information Protection Unified Labeling add-in for Office
We are officially announcing the retirement of the Azure Information Protection (AIP) Unified Labeling add-in for Office and starting the 12-month clock, after which it will reach retirement on April 11, 2024.All the locations where you can find Sensitivity labels
Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) (the bottom left will show the label applied to the document) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries Windows File Explorer: Sensitivity labels can be extended to Windows File Explorer, allowing users to apply and view labels directly from their file management interface. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.Microsoft Security in Action: Zero Trust Deployment Essentials for Digital Security
The Zero Trust framework is widely regarded as a key security model and a commonly referenced standard in modern cybersecurity. Unlike legacy perimeter-based models, Zero Trust assumes that adversaries will sometimes get access to some assets in the organization, and you must build your security strategy, architecture, processes, and skills accordingly. Implementing this framework requires a deliberate approach to deployment, configuration, and integration of tools. What is Zero Trust? At its core, Zero Trust operates on three guiding principles: Assume Breach (Assume Compromise): Assume attackers can and will successfully attack anything (identity, network, device, app, infrastructure, etc.) and plan accordingly. Verify Explicitly: Protect assets against attacker control by explicitly validating that all trust and security decisions use all relevant available information and telemetry. Use Least Privileged Access: Limit access of a potentially compromised asset, typically with just-in-time and just-enough-access (JIT/JEA) and risk-based policies like adaptive access control. Implementing a Zero Trust architecture is essential for organizations to enhance security and mitigate risks. Microsoft's Zero Trust framework essentially focuses on six key technological pillars: Identity, Endpoints, Data, Applications, Infrastructure, & Networks. This blog provides a structured approach to deploying each pillar. 1. Identity: Secure Access Starts Here Ensure secure and authenticated access to resources by verifying and enforcing policies on all user and service identities. Here are some key deployment steps to get started: Implement Strong Authentication: Enforce Multi-Factor Authentication (MFA) for all users to add an extra layer of security. Adopt phishing-resistant methods, such as password less authentication with biometrics or hardware tokens, to reduce reliance on traditional passwords. Leverage Conditional Access Policies: Define policies that grant or deny access based on real-time risk assessments, user roles, and compliance requirements. Restrict access from non-compliant or unmanaged devices to protect sensitive resources. Monitor and Protect Identities: Use tools like Microsoft Entra ID Protection to detect and respond to identity-based threats. Regularly review and audit user access rights to ensure adherence to the principle of least privilege. Integrate threat signals from diverse security solutions to enhance detection and response capabilities. 2. Endpoints: Protect the Frontlines Endpoints are frequent attack targets. A robust endpoint strategy ensures secure, compliant devices across your ecosystem. Here are some key deployment steps to get started: Implement Device Enrollment: Deploy Microsoft Intune for comprehensive device management, including policy enforcement and compliance monitoring. Enable self-service registration for BYOD to maintain visibility. Enforce Device Compliance Policies: Set and enforce policies requiring devices to meet security standards, such as up-to-date antivirus software and OS patches. Block access from devices that do not comply with established security policies. Utilize and Integrate Endpoint Detection and Response (EDR): Deploy Microsoft Defender for Endpoint to detect, investigate, and respond to advanced threats on endpoints and integrate with Conditional Access. Enable automated remediation to quickly address identified issues. Apply Data Loss Prevention (DLP): Leverage DLP policies alongside Insider Risk Management (IRM) to restrict sensitive data movement, such as copying corporate data to external drives, and address potential insider threats with adaptive protection. 3. Data: Classify, Protect, and Govern Data security spans classification, access control, and lifecycle management. Here are some key deployment steps to get started: Classify and Label Data: Use Microsoft Purview Information Protection to discover and classify sensitive information based on predefined or custom policies. Apply sensitivity labels to data to dictate handling and protection requirements. Implement Data Loss Prevention (DLP): Configure DLP policies to prevent unauthorized sharing or transfer of sensitive data. Monitor and control data movement across endpoints, applications, and cloud services. Encrypt Data at Rest and in Transit: Ensure sensitive data is encrypted both when stored and during transmission. Use Microsoft Purview Information Protection for data security. 4. Applications: Manage and Secure Application Access Securing access to applications ensures that only authenticated and authorized users interact with enterprise resources. Here are some key deployment steps to get started: Implement Application Access Controls: Use Microsoft Entra ID to manage and secure access to applications, enforcing Conditional Access policies. Integrate SaaS and on-premises applications with Microsoft Entra ID for seamless authentication. Monitor Application Usage: Deploy Microsoft Defender for Cloud Apps to gain visibility into application usage and detect risky behaviors. Set up alerts for anomalous activities, such as unusual download patterns or access from unfamiliar locations. Ensure Application Compliance: Regularly assess applications for compliance with security policies and regulatory requirements. Implement measures such as Single Sign-On (SSO) and MFA for application access. 5. Infrastructure: Securing the Foundation It’s vital to protect the assets you have today providing business critical services your organization is creating each day. Cloud and on-premises infrastructure hosts crucial assets that are frequently targeted by attackers. Here are some key deployment steps to get started: Implement Security Baselines: Apply secure configurations to VMs, containers, and Azure services using Microsoft Defender for Cloud. Monitor and Protect Infrastructure: Deploy Microsoft Defender for Cloud to monitor infrastructure for vulnerabilities and threats. Segment workloads using Network Security Groups (NSGs). Enforce Least Privilege Access: Implement Just-In-Time (JIT) access and Privileged Identity Management (PIM). Just-in-time (JIT) mechanisms grant privileges on-demand when required. This technique helps by reducing the time exposure of privileges that are required for people, but are only rarely used. Regularly review access rights to align with current roles and responsibilities. 6. Networks: Safeguard Communication and Limit Lateral Movement Network segmentation and monitoring are critical to Zero Trust implementation. Here are some key deployment steps to get started: Implement Network Segmentation: Use Virtual Networks (VNets) and Network Security Groups (NSGs) to segment and control traffic flow. Secure Remote Access: Deploy Azure Virtual Network Gateway and Azure Bastion for secure remote access. Require device and user health verification for VPN access. Monitor Network Traffic: Use Microsoft Defender for Endpoint to analyze traffic and detect anomalies. Taking the First Step Toward Zero Trust Zero Trust isn’t just a security model—it’s a cultural shift. By implementing the six pillars comprehensively, organizations can potentially enhance their security posture while enabling seamless, secure access for users. Implementing Zero Trust can be complex and may require additional deployment approaches beyond those outlined here. Cybersecurity needs vary widely across organizations and deployment isn’t one-size-fits all, so these steps might not fully address your organization’s specific requirements. However, this guide is intended to provide a helpful starting point or checklist for planning your Zero Trust deployment. For a more detailed walkthrough and additional resources, visit Microsoft Zero Trust Implementation Guidance. The Microsoft Security in Action blog series is an evolving collection of posts that explores practical deployment strategies, real-world implementations, and best practices to help organizations secure their digital estate with Microsoft Security solutions. Stay tuned for our next blog on deploying and maximizing your investments in Microsoft Threat Protection solutions.
Optimizing OneDrive Retention Policies with Administrative Units and Adaptive Scopes
A special thank you note to Ashwini_Anand for contributing to the content of this blog. In today's digital landscape, efficient data retention management is a critical priority for organizations of all sizes. Organizations can optimize their OneDrive retention policies, ensuring efficient and compliant data management tailored to their unique user base and licensing arrangements. Scenario: Contoso Org encountered a distinct challenge - managing data retention for their diverse user base of 200,000 employees, which includes 80,000 users with F3 licenses and 120,000 users with E3 and E5 licenses. As per Microsoft licensing, F3 users are allocated only 2 GB of OneDrive storage, whereas E3 and E5 users are provided with a much larger allocation of 5 TB. This difference required creating separate retention policies for these users' groups. The challenge was further complicated by the fact that retention policies utilize the same storage for preserving deleted data. If a unified retention policy were applied to all users such as retaining data for 6 years before deletion - F3 users’ OneDrive storage could potentially fill up within a year or less (depending on usage patterns). This would leave F3 users unable to delete or save new files, severely disrupting productivity and data management. To address this, it is essential to create a separate retention policy for E3 and E5 users, ensuring that the policy applies only to these users and excludes F3 users. This blog will discuss the process of designing and implementing such a policy for the large user base based on separate licenses, ensuring efficient data management and uninterrupted productivity. Challenges with Retention Policy Configuration for large organizations 1. Adaptive Scope Adaptive scopes in Microsoft Purview allow you to dynamically target policies based on specific attributes or properties such as department, location, email address, custom Exchange attributes etc. Refer the link to get the list of supported attributes: Adaptive scopes | Microsoft Learn. Limitation: Although Adaptive scopes can filter by user properties, Contoso, being a large organization, had already utilized all 15 custom attributes for various purposes. Additionally, user attributes also couldn’t be used to segregate users based on licenses. This made it challenging to repurpose any attribute for our filter criteria to apply the retention policy to a specific set of users. Furthermore, refinable strings used in SharePoint do not work for OneDrive sites. 2. Static Scope Static scope refers to manually selected locations (e.g., specific users, mailboxes, or sites) where the policy is applied. The scope remains fixed and does not automatically adjust. Limitation: Static scope allows the inclusion or exclusion of mailboxes and sites but is limited to 100 sites and 1000 mailboxes, making it challenging to utilize for large organizations. Proposed Solution: Administrative Units with Adaptive Scope To address the above challenges, it required utilizing Administrative Units (Admin Units - is a container within an organization that can hold users, groups, or devices. It helps us to manage and organize users within an organization more efficiently, especially in large or complex environments) with Adaptive Scopes for creation of a retention policy targeting E3 and E5 licensed users. This approach allows organizations to selectively apply retention policies based on user licenses, enhancing both efficiency and governance. Prerequisites For Administrative unit - Microsoft Entra ID P1 license For Retention policy - Refer to the link: Microsoft 365 guidance for security & compliance - Service Descriptions | Microsoft Learn Configuration Steps Step 1: Create Administrative Unit: Navigate to Microsoft Entra Admin Center https://entra.microsoft.com/#home Click on ‘Identity’ and then click on ‘Show more’ Expand ‘Roles & admins’ Proceed to ‘Admin units’ -> Add. Define a name for the Administrative unit. Click on ‘Next: Assign roles’ No role assignment required, click on 'Next: Review + create’) Click on ‘Create’. To get more information about creating administrative unit, refer this link: Create or delete administrative units - Microsoft Entra ID | Microsoft Learn Step 2: Update Dynamic Membership: Select the Administrative Unit which is created in Step1. Navigate to ‘Properties’ Choose ‘Dynamic User’ for Membership type. Click on ‘Add a dynamic query’ for Dynamic user members. Click on ‘Edit' for Rule syntax In order to include E3 and E5 licensed users who are using OneDrive, you need to include SharePoint Online Service Plan 2 enabled users. Use the query below in the code snippet to define the dynamic membership. user.assignedPlans -any (assignedPlan.servicePlanId -eq "5dbe027f-2339-4123-9542-606e4d348a72" -and assignedPlan.capabilityStatus -eq "Enabled") Click on 'Save' to update the Dynamic membership rules Click on 'Save' to update the Administrative unit changes. Open the Administrative Unit and click on the 'Users' tab to check if users have started to populate. Note: It may take some time to replicate all users, depending on the size of your organization. Please wait for minutes and then check again. Step 3: Create Adaptive Scope under Purview Portal: Access https://purview.microsoft.com Navigate to ‘Settings’ Expand ‘Roles & scopes’ and click on ‘Adaptive scopes’ Create a new adaptive scope, providing ‘Name’ and ‘Description’. Proceed to select the Administrative unit which was created earlier. (It takes time for the Admin/Administrative Unit to become visible. Please wait for some time if it does not appear immediately.) Click on ‘Add’ and ‘Next’ Select ‘Users’ and 'Next' Once the Admin unit is selected, we need to specify the criteria which allows to select users within the Admin unit (this is the second level of filtering available). However, in this case since we needed to select all users of the admin unit, hence the below criteria was used. Click 'Add attribute' and form the below query. Email addresses is not equal to $null Note: You can apply any other filter if you need to select a subset of users within the Admin Unit based on your business use case. Click on ‘Next’ Review and ‘Submit’ the adaptive scope. Step 4: Create Retention Policy using Adaptive Scope: Access https://purview.microsoft.com/datalifecyclemanagement/overview Navigate to ‘Policies’ and then go to ‘Retention Policies’. Create a ‘New Retention policy’, providing a ‘Name’ and ‘Description’. Proceed to select the Administrative unit created earlier. Click on ‘Add or remove admin units’ Choose ‘Adaptive’ and click on ‘Next’. Click on ‘Add scopes’ and Select the previously created Adaptive scope. Click on ‘Next’ to proceed and select the desired retention settings. Click Next and Finish Outcome By implementing Admin Units with adaptive scopes, organizations can effectively overcome challenges associated with applying OneDrive retention policies for distinguished and large set of users. This approach facilitates the dynamic addition of required users, eliminating the need for custom attributes and manual user management. Users are dynamically added or removed from the policy based on license status, ensuring seamless compliance management. FAQ: Why is it important to differentiate retention policies based on user licensing tiers? It is important to differentiate retention policies based on user licensing tiers to ensure that each user group has policies tailored to their specific needs and constraints, avoiding issues such as storage limitations for users with lower-tier licenses like F3. How many Exchange custom attributes are typically available? There are typically 15 Exchange custom attributes available, which can limit scalability when dealing with a large user base. What challenge does Adaptive Scoping face when including a large number of OneDrive sites? Adaptive Scoping faces the challenge of including a large number of OneDrive sites due to limitations in the number of custom attributes allowed. While these custom attributes help in categorizing and managing OneDrive sites, the finite number of attributes available can restrict scalability and flexibility. Why are refinable strings a limitation for Adaptive Scoping in OneDrive? Refinable strings are a limitation for Adaptive Scoping in OneDrive because their usage is restricted to SharePoint only. What are the limitations of Static Scoping for OneDrive sites? Static Scoping for OneDrive sites is limited by the strict limit of including or excluding only 100 sites, making it usage limited for larger environments. Do we need any licenses to create an administrative unit with dynamic membership? Yes, a Microsoft Entra ID P1 license is required for all members of the group.Select the 'Adaptive' retention policy type
Ingesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available: The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hub but this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs: Microsoft Graph Security API Add-On for Splunk | Splunkbase As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.The Data Loss Prevention Ninja Training is here!
**January 2025: Under Construction** Short link: https://aka.ms/DLPNinja The Microsoft Purview Data Loss Prevention Ninja Training is here! We are very excited and pleased to announce this rendition of the Ninja Training Series. With all the other training out there, our team has been working diligently to get this content out there. There are several videos and resources out there and the overall purpose of the Microsoft Purview Data Loss Prevention Ninja training is to help you master this realm. We aim to get you up-to-date links to the community blogs, training videos, Interactive Guides, learning paths, and any other relevant documentation. To make it easier for you to start and advance your knowledge gradually without throwing you in deep waters, we split content in each offering into three levels: beginner, intermediate, and advanced. Please find the Microsoft Purview Information Protection Ninja Training here. In addition, after each section, there will be a knowledge check based on the training material you’d have just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways. There’ll be a fun certificate issued at the end of the training: Disclaimer: This is NOT an official Microsoft certification and only acts as a way of recognizing your participation in this training content. Lastly, this training will be updated one to two times a year to ensure you all have the latest and greatest material! If there's any topic you'd like for us to include and/or have any thoughts on this training, please let us know what you think below in the comments! Legend/Acronyms (D) Microsoft Documentation (V) Video (B) Blog (P) PDF (S) Site (SBD) Scenario Based Demo (Video) (DAG) Deployment Acceleration Guide MIP Microsoft Information Protection (old terminology for Microsoft Purview Information Protection) AIP Azure Information Protection ULC Unified Labeling Client SIT Sensitive Information Type RBAC Role-based access control eDLP Endpoint DLP OME Office 365 Message Encryption EDM Exact Data Match DLP Data Loss Prevention SPO SharePoint Online OCR Optical character recognition MCAS Microsoft Cloud App Security (old terminology for Microsoft Defender for Cloud Apps) TC Trainable Classifiers ODSP OneDrive SharePoint EXO Exchange Online Microsoft Purview Data Loss Prevention (DLP) Microsoft’s DLP solution provides a broad range of capabilities to address the modern workplace and the unique challenges represented by these very different scenarios. One of the key investment areas is in providing a unified and comprehensive solution across the many different kinds of environments and services where sensitive data is stored, used or shared. This includes platforms native to Microsoft and also non-Microsoft services and apps. Beginner Training Public forums to contact the overall information protection team Yammer Tech Community Introducing Microsoft Purview (V) In this video, hear from Microsoft executives on this new product family and our vision for the future of data governance. Introduction to Microsoft Purview Data Loss Prevention? (V) In this video, you’ll find an overview on Microsoft Purview Data Loss Prevention. Quick overview on new Exchange DLP Predicates (V) This video provides a quick walk through on creating an Exchange DLP policy and a soft focus on the new predicates and actions. Microsoft Purview Information Protection Framework (D) Check out the above documentation to see how Microsoft Purview Information Protection uses 3 pillars to deploy an information protection solution. Protect Data with Zero Trust (LP) Zero Trust isn't a tool or product, it's an essential security strategy, with data at its core. Here, you'll learn how to identify and protect your data using a Zero Trust approach. Learn about data loss prevention (D) Learn about DLP basics and Microsoft Unified DLP and why it’s uniquely positioned to protect your data in the cloud. How to secure your data with Microsoft Security (V) The above video is a quick summary on how to protect your data. Microsoft Purview Information Protection and Data Loss Prevention Roadmap (S) Please check out the above site on the latest items on our public roadmap. Microsoft Purview Information Protection support for PDF and GitHub (V) and Ignite Conversation (V) The above videos walk through announcements regarding support for PDF and GitHub Microsoft Defender for Cloud Apps integration (D) Please visit the above documentation to learn more about how Microsoft Purview Information Protection integrates with Microsoft Defender for Cloud Apps Trainable Classifiers (D) Check out the documentation to create custom trainable classifiers. Retrain a classifier in content explorer (D) The above documentation shows you how to improve the performance of custom trainable classifiers by providing them more feedback. Explain data loss prevention reporting capabilities (LP) The above learning path walks you through reporting in the Microsoft Purview Compliance Portal. Review and analyze data loss prevention reports (LP) The above learning path walks you through analyzing reports in the Microsoft Purview Compliance Portal. Beginner Knowledge Check Intermediate Training Microsoft Compliance Extension for Chrome (B) aka Microsoft Purview Extension (D) Please check out the above blog and Microsoft Doc to understand what we’re doing to expand our DLP capabilities to Chrome. Microsoft Purview extension for Firefox (D) The above documentation details procedures to roll out the Microsoft Purview extension for Firefox. Data Loss Prevention and Endpoint DLP (V) This video details how Microsoft approaches information protection across Files, emails, Teams, endpoints and others. How DLP works between the Compliance portal and Exchange admin center (D) You can create a data loss prevention (DLP) policy in two different admin centers; the above document walks through the differences and similarities. Data Loss Prevention across endpoints, apps, & services | Microsoft Purview (V) This video walks you through how to protect sensitive data everywhere you create, view, and access information with one Data Loss Prevention policy in Microsoft Purview. Data Loss Prevention Policy Tips Reference Guide (D) and Quick Overview (V) Please check out the above documentation and short video on where we support policy tips. Create a DLP Policy for Microsoft 365 Online Services (IG) Please use the above interactive guide to see how to create DLP policies. Apply Microsoft Purview Endpoint DLP to Devices (IG) Please use the above interactive guide to see how to create Endpoint DLP policies. Sites for testing documentation (S) The above site details locations where you can get sample data. Scope of DLP Protection for Microsoft Teams (D) The above documentation walks through how DLP protection is applied differently to Teams entities. Manage DLP alerts in the Microsoft Purview compliance portal (LP) The above learning path walks you through managing DLP alerts. Endpoint activities you can monitor and best practices (LP) The above learning path walks you through Endpoint DLP activities and best practices. Troubleshoot and Manage Microsoft Purview Data Loss Prevention for your Endpoint Devices (B) The above blog goes through a quick guide to troubleshooting Endpoint DLP. Microsoft Purview DLP Interactive Guides (IG) Please visit the above home page to see the latest interactive guides walking you through DLP. Learn how to investigate Microsoft Purview Data Loss Prevention alerts in Microsoft 365 Defender (B) This blog is a step-by-step guided walkthrough of the Microsoft 365 Defender Analyst experience for Microsoft Purview Data Loss Prevention (DLP) incident management. Intermediate Knowledge Check Advanced Training Microsoft Defender for Cloud Apps and Data Loss Preventions (D) Please check out the documentation above detailing how the integration to Microsoft Defender for Cloud Apps further enhances your data loss prevention plan. Power BI: Learn about centralized data loss prevention policies (V) This video highlights DLP capabilities with Power BI. Take a unified and comprehensive approach to prevent data exfiltration with Microsoft (V) This video helps show how we can help you prevent unauthorized sharing, use, and transfer of sensitive information across your applications, services, endpoints, and on-premises file shares – all from a single place. Onboard macOS devices into Microsoft 365 (D), capability announcement (B), and additional screengrabs (B) Please use the documentation above to deploy macOS devices into Endpoint DLP and check out the blog to see a few screengrabs on how the user experience. Troubleshooting Guides (D) Resolve issues that affect DLP policy tips Changes to a data loss prevention policy don't take effect in Outlook 2013 in Microsoft 365 DLP policy tips in Security and Compliance Center don't work in OWA/Outlook How to troubleshoot data loss prevention policy tips in Exchange Online Protection in Microsoft 365 Please check out the below documentation to find guides on common issues. Securing data in an AI-first world with Microsoft Purview (B) The above blog details some new updates on AI with Microsoft Purview. Common questions on Microsoft Purview Data Loss Prevention for endpoints (B) This guide covers the top-of-mind FAQs on Microsoft Purview Data Loss Prevention for endpoints (referred to as Endpoint DLP in the blog). Guidance for investigating Microsoft Purview Data Loss Prevention incidents (B) This blog provides guidance for choosing the best investigation experience suited for your organization when using Microsoft Purview Data Loss Prevention. Data Loss Prevention: From on-premises to cloud (PDF) This whitepaper focuses on why you should move to cloud-native data loss prevention. The Microsoft Purview DLP Migration Assistant for Symantec (IG) Follow the above IG to get guidance on migrating from Symantec to Microsoft Purview DLP. Migrating from Windows Information Protection to Microsoft Purview (B) The above blog gives guidance on how to migrate from WIP to the Microsoft Purview stack. Insider Risk in Conditional Access | Microsoft Entra + Microsoft Purview Adaptive Protection (V) The above video goes through how to protect your organization from insider threats with Microsoft Entra's Conditional Access and Adaptive Protection in Microsoft Purview. Please check out this link for a blog with more details. (B) Protect sensitive data throughout its Copilot journey (B) The above details how the native integration enables organizations to leverage the power of GenAI when working with sensitive data as Copilot can understand and honor the controls such as encryption and provide comprehensive visibility into usage. Protect at the speed and scale of AI with Copilot for Security in Microsoft Purview (B) The above blog details the embedded experiences of Copilot for Security in Microsoft Purview (Communication Compliance, Data Loss Prevention, Insider Risk Management, and eDiscovery. Strengthen protection to mitigate data overexposure in GenAI tools with data classification/labeling (B) The blog above goes into detail on OCR, its cost, and how it goes into the AI Realm with Microsoft Purview Information Protection and Data Loss Prevention. Microsoft Purview Exact Data Match (EDM) support for multi-token corroborative evidence (B) The above blog goes into the new feature that improves the accuracy and effectiveness of EDM detection. Advanced Knowledge Check Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate; you'll see it in your inbox within 3-5 business days (Coming Soon). We hope you enjoy this training!
