Purview Insider Risk Management – Site Classification
Hi All,
We use Purview IRM to monitor for data risks. Its tuned and working very well for us. I have a question around the way one of the triggers classifies the activity. I’m sure its easy to change I just cant figure it out so any help appreciated.
We trigger a number of Cumulative exfiltration activity events, with the main trigger being xxx events: Files copied to personal cloud storage: when we look at the activity explorer event we can see that its files being uploaded to either Corporate OneDrive or SharePoint.
My question is I cant find where I can re-classify our SharePoint portals as Corporate and not personal, essentially I don’t care that people are uploading to our corporate portals. Its the D/Ling that’s important.
Its driving me nuts trying to find it! Please help
Hi All, We use Purview IRM to monitor for data risks. Its tuned and working very well for us. I have a question around the way one of the triggers classifies the activity. I’m sure its easy to change I just cant figure it out so any help appreciated. We trigger a number of Cumulative exfiltration activity events, with the main trigger being xxx events: Files copied to personal cloud storage: when we look at the activity explorer event we can see that its files being uploaded to either Corporate OneDrive or SharePoint. My question is I cant find where I can re-classify our SharePoint portals as Corporate and not personal, essentially I don’t care that people are uploading to our corporate portals. Its the D/Ling that’s important. Its driving me nuts trying to find it! Please help Read More