File Plan/Retention Labels cannot be deleted OR found in content explorer
When we try to delete a Purview Records Management > File Plan label (or Data Lifecycle Management > Retention label), we get the following error: "You can't delete this record label because it's currently applied to items in your organization. You can use content explorer to determine which items have this label applied." (see attached image). When we go to content explorer to find the label (in this example, Bank Reconciliations), it doesn't appear to exist (see attached image). We also reviewed our Label policies and Retention policies, and the given labels are not associated with any policy that we can see. So, in result, we cannot clean up File Plan labels since we can't find and remove the association between them and policies / items. Has anyone encountered this error when deleting file plan retention labels, but then unable to find anything the label is associated with?New Place to Chat with the Microsoft Information Protection Team
Happy Wednesday, all! We're constantly working to provide easily accessible channels for direct interaction with our product team including feedback on how to improve your experience with our products! Moving forward, you can: talk to the Microsoft Information Protection team about our product and integrations via our Yammer Channel or provide feedback via our UserVoice Forum. You can also continue to get updates in our Microsoft Information Protection blog. Finally, we have a complete list of resources available here. If you're currently engaged in a conversation, the conversation space will be moved to the Microsoft Security and Compliance conversation space on 9/2. Feel free to comment with any questions regarding channels or informational resources.All the locations where you can find Sensitivity labels
Here are the locations where you can find the sensitivity label of a document (if there are any that I've missed, please feel free to add it here) Sensitivity Label Button in the Document: In Office applications such as Word, Excel, and PowerPoint, you can find the Sensitivity label button on the Home tab. This button allows users to apply or view sensitivity labels directly within the document interface. (Sensitivity label app on the upper right) (the bottom left will show the label applied to the document) Document Properties > Advanced Properties Sensitivity labels can also be found in the document properties. To access this, go to File > Info > Properties > Advanced Properties. Here, you can see detailed metadata, including any applied sensitivity labels. Sensitivity Label Column in SharePoint: In SharePoint, sensitivity labels are displayed in a dedicated column. This allows users to quickly see the sensitivity level of documents stored within SharePoint libraries Windows File Explorer: Sensitivity labels can be extended to Windows File Explorer, allowing users to apply and view labels directly from their file management interface. Mobile Applications: Office mobile apps for iOS and Android also support sensitivity labels, enabling users to apply and view labels on the go. Microsoft Purview Compliance Portal: Administrators can manage and view sensitivity labels applied across the organization through the Microsoft Purview Compliance Portal. This portal is only accessible to IT admins who has the right Purview role.
Ingesting Purview compliance DLP logs to Splunk
We are in the process of enabling Microsoft purview MIP DLP for a large-scale enterprise, and there is a requirement to push MIP DLP related alerts, incidents and data to Splunk SIEM. Could not find any specific documentation for the same. researched on this and found below solutions however not sure which could work to fit in our requirement: Splunk add on for Microsoft security is available: The Splunk Add-on for Microsoft Security is now available - Microsoft Community Hub but this does not talk about Purview DLP logs. This add-on is available for Splunk but only says MIP can be integrated however does not talk about DLP logs: Microsoft Graph Security API Add-On for Splunk | Splunkbase As per few articles we can also ingest Defender logs to Azure event hub then event hub can be connected to splunk. Above mentioned steps do not explain much about Ingestion of MIP DLP raw data or incidents. If anyone has done it in the past I will appreciate any input.Sensitivity Labels applied to email attachments versus directly on the document
I've noticed that the encryption applied to email attachments via sensitivity labels behaves differently than if the encryption is applied directly to the document. Example 1: I create an email and choose a sensitivity label that encrypts contents based on the specified users. I attach a Word document that does not have a sensitivity label applied. The email and attachment are encrypted. The email is sent to an external user Example 2: I create an email and attach a Word document that has already been assigned a sensitivity label that includes encryption. The email is sent to an external user. In Example 1, the recipient can view the attachment in Outlook Web. In Example 2, the document can't be viewed in Outlook Web. You will see a message "Sorry, Word can't open this document in a browser because it's protected by Information Rights Management". In example 1, the recipient can forward the email to someone in a separate tenant. They can also view the email and attachment. Is this expected behavior?
Auto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! KevSharing: All Built-in SIT categorised
So, Microsoft Purview gives you 313 built-in Sensitive Information Types (SITs)—yes, I counted! When I worked with an Cyber Risk auditor, one of their ask was categorizing all the items that we decided for it to be deployed. This was a bit of a nightmare, so I took one for the team and grouped them into three neat categories: PII, Financial, and Medical. Now, I’m sharing it with you so that my struggle can save you the headache. You’re welcome! Download the excel spreadsheet here: All SIT list and their categories.xlsx
