Microsoft Purview best practices
I am wondering what the best way to accomplish this would be. We are working at stepping down our email retention periods from 10 years to 5 years. We currently have a 10-years policy that uses a dynamic 365 group for assigned users. The group runs a query that finds anyone in our organization with a Business Premium license. That's working great. Our next step is to go to a 5-year policy. But we have several users that need to be placed in a 7-year policy. Microsoft has removed the option to use both the include and exclude settings in a retention policy. My question is, Are we over thinking the way to do this? Or should we just be doing this: Create one 5-year policy that is set to the entire organization. Then create a 365 dynamic group with the users who need the 7-year policy assigned to it. Then create a 7-year policy and assign the 7-year policy group to it. Then also place that group in the Exclude listing of the 5-year policy. Will that work and is it best practice.? I can't afford to make a mistake on this and I can't remember if I created the dynamic group with the query for licensed users for a reason or if I was just being too detailed.
Hidden Group and Hidden Group Membership
Hi everyone! I have come across a requirement where the client would like to use an excel spreadsheet, a service account and application registration to manage group membership for a confidential group. They would like to create a group from which the members cannot leave, see other team members and cannot see the group itself. Now, I have the concept of the flow with me but for the life of me, I cannot get around to finding/configuring a group that meets the requirement. Have you guys come across this sort of scenario? Group Configuration: Users should not be able to view the group Users should not be able to view members of the group Users should not be able to leave the group Thanks in advance.
Request for Assistance with Microsoft 365 Security (customer development) in APAC's specific countr
I have observed that many companies in my country (within the APAC region) are not fully aware of the capabilities offered by Microsoft 365 Security. As a result, they often opt for alternative products with fewer features, despite having already purchased Microsoft 365 licenses. I would like to discuss this issue directly with the Microsoft customer development/training team to explore potential solutions and improve awareness about Microsoft 365 Security in our region. is there anyone know that how to contact the appropriate team or provide any resources that could assist in addressing this concern?Using Dynamic Watermarking with Sensitivity Labels
Dynamic watermarking is a new feature for sensitivity labels that's intended to provide a visual deterrent to screen captures of confidential documents. The feature works by using the email address of the signed-in user as a watermark. Everything works and the feature seems effective, but this isn't something to use with every sensitivity label. https://practical365.com/dynamic-watermarking-sensitivity-labels/The Problem with Scoped Audit Log Searches
Microsoft Purview and the Exchange Online Search-UnifiedAuditLog cmdlet both perform searches of the Microsoft 365 unified audit log. Both mechanisms support the concept of scoped searches to limit audit records returned by searches to the administrative units an account can manage. But the permissions assigned by the two mechanisms aren’t synchronized, which can lead to complications. https://office365itpros.com/2024/08/27/scoped-audit-log-searches/Outlook desktop client is encrypting emails despite the sensitivity label setting
We have 3 different sensitivity labels set up - General, Internal and Confidential. The General label does not encrypt content, internal and confidential do. The default label for emails is Confidential. When someone uses the Outlook Desktop client (release 2407) and switches from Confidential to General, the email is still encrypted. This doesn't happen with the Outlook web client. If the switch from Confidential to Internal and then to General, the email is not encrypted. Has anyone else seen this behavior?
Issue with retention policy with adaptive scope
Dear community, We created an adaptive scope and a retention policy about two weeks ago. If I check the scope details on the Purview portal, the adaptive scope shows 9602 users, but the policy shows only ~9150 users. I tried to investigate the issue, but I haven't found an error message or a list of users missing from the policy. I must find a way to list out the users who are not covered by the policy. What I have done in a nutshell is: - Get-ComplianceRetentionPolicy does not see this policy. We have a few other policies with static scope, and they appear on the output, but the one we want to check is not. - I collected all the mailboxes and checked the InPlaceHolds, but there is no such policy either. This is weird since we should have 9150 users covered by this policy. - I checked a user who has this policy with the "Policy lookup" feature on the Purview portal, and it showed that the user is covered by the policy. I googled, Copiloted, and ChatGPTd my question, but I still have no clue what to do. The main question is: How can I query a list of users missing from a retention policy with adaptive scope? Thank you for your help in advance!Retention policy - keep deleted files for a year
Hello everyone, Have a question regarding retention policy (or labels if it might help in this situation). I would like to implement a policy which keeps files which were deleted for a year after the file is deleted (in this case, for SharePoint Online). From what I saw, the only triggers for the policies are when items are created and when files are modified, but not when a file is deleted. Also, if I am understanding it correctly, you cannot put labels on the files which are in the recycle bin. Is there any solution which could help me in this case? This is the policy that I would like to implement for all of my SharePoint sites, which I have a lot of. Kind regards.
