Category Archives: Microsoft Purview

Empowering Cybersecurity with Microsoft Purview Data Security Investigations (Preview)

Posted on by

Data Security Investigations (preview) workflow helps you quickly identify, investigate, and take action on data associated with security and data breach incidents. This workflow isn’t a linear process. It includes significant iteration requirements for several of the steps to fine tune searches, evidence gathering, classification, and investigation by using AI and activities.

Analysts can use Data Security Investigations (preview) features in your organization to:

  • Quickly and efficiently search, discover, and identify impacted data.
  • Use deep content AI analysis to discover exact data risks hidden in data.
  • Take action to reduce the impact of data security incidents and quickly mitigate ongoing risks.
  • Collaborate with internal and external stakeholders on investigation details.

Check out the following videos to learn about how Data Security Investigations (preview) can help you respond to data security incidents:

DSI builds on and extends Microsoft Purview’s existing best-of-breed Data Security portfolio. Our information protection, data loss prevention, and insider risk management solutions have provided customers with a strong foundation to protect their crown jewels, their data. Data is at the center of cyberattacks, and now DSI will use AI to re-imagine how customers investigate and mitigate data security incidents, accelerating the process dramatically.  Most organizations we spoke to (77%) believe that AI will accelerate data security detection and response, and 76% think AI will improve the accuracy of data security detection and response strategies. With its cutting edge, generative AI-powered investigative capabilities, DSI will transform and scale how data security admins analyze incident-related data. DSI uncovers key security and sensitive data risks and facilitates secure collaboration between partner teams to mitigate those identified risks. This simplifies previously complex, time-consuming tasks – what once took months, can now be done in a fraction of the time.

Read more:
Get started with Data Security Investigations (preview)
Learn about Data Security Investigations (preview)

Set an expiration date for email encrypted by Microsoft Purview

Posted on by

When you apply your company brand to customize the look of your organization’s email messages, you can also specify an expiration for these email messages. With Microsoft Purview Advanced Message Encryption, you can create multiple templates for encrypted emails that originate from your organization. Using a template, you can control how long recipients have access to mail sent by your users.

When an end user receives mail that has an expiration date set, the user sees the expiration date in the wrapper email. If a user tries to open an expired mail, an error appears in the OME portal.

You can only set expiration dates for emails to external recipients.

With Microsoft Purview Advanced Message Encryption, anytime you apply custom branding, Microsoft 365 applies the wrapper to email that fits the mail flow rule to which you apply the template. You can only use expiration if you use custom branding.

  • Microsoft 365 E5 subscription
  • Compliance Administrator Permissions

How to create a custom branding template to force mail expiration by using PowerShell

  1. Using a work or school account that has sufficient permissions in your organization, such as Compliance Administrator, start a Windows PowerShell session and connect to Exchange Online. For instructions, see Connect to Exchange Online PowerShell.
  2. Run the New-OMEConfiguration cmdlet

Where:

  • Identity is the name of the custom template.
  • ExternalMailExpiryInDays identifies the number of days that recipients can keep mail before it expires. You can use any value between 1–730 days.

More information about Microsoft Purview Advanced Message Encryption

Data Loss Prevention: Restrict Microsoft 365 Copilot from processing emails with sensitivity labels

Posted on by

Microsoft Purview’s Data Loss Prevention (DLP) now allows you to prevent Microsoft 365 Copilot from processing emails and other content marked with specific sensitivity labels by configuring DLP policies in the Microsoft Purview portal.

By creating a DLP policy with the “Content contains > Sensitivity labels” condition for the Microsoft 365 Copilot policy location, you can restrict Copilot from using this sensitive content in its responses and summarizations, thereby enhancing data protection.

This feature will allow DLP policies to provide detection of sensitivity labels in emails as enterprise grounding data and restrict access of the labeled emails in Microsoft 365 Copilot chat experiences. This feature only works for emails on or after 1/1/2025.

How this will affect your organization:

Organizations with no existing DLP for Microsoft 365 Copilot policies are not impacted. Customers with the required licenses will be able to go to the Microsoft Purview portal to create policies in the Data Loss Prevention solution. Admins can also go to Data Security Posture Management for AI (DSPM for AI) to see recommendations for creating Microsoft 365 Copilot policies.

Admins should create a new DLP policy using the Copilot location to use this feature:

Check also Microsoft Rodmap