r/MicrosoftPurview

Sensitivity Labels, MP4/AVI videos and an unknown error

Hi,

We recently enabled sensitivity labels for our files and sites. Since doing so we have run into an error where MP4 content no longer works when shared externally, the content can be shared via OneDrive or SPO but when an external party tries to open it they get an error saying 'Something Went wrong', Error type: 'Unknown Issue".

The sensitivity label on this content is Public. Office documents and PDF's work as expected when shared externally, we have isolated the issue to video files. Anyone else come across this?

Happens on content that was there prior to enabling labelling and new videos uploaded.

Edit: I am not sure what's going on but it turns out it was related to Conditional access requiring Authentication strength. I don't know why it only started after labels were applied and unsure how it only applied to video files but its working once we excluded guests from the main MFA policy and made one without authentication strength options enabled.

reddit.com
u/OCAU07 — 8 days ago

DLP Policy Sanity Check

I've got a DLP policy running in simulation mode (TestWithoutNotifyUser) with a single rule. Two conditions, ANDed together:

  • Content is shared from Microsoft 365 → with people outside my organization
  • Content contains → [custom SIT]

Action is "Restrict access or encrypt -> Block only people outside your organization" (not firing, since it's simulation).

What I'm seeing:
Activity Explorer is full of "DLP rule matched" events with dozens from a single user's OneDrive, all with the same timestamp. When I drill into individual matches, they're files sitting in a Desktop-synced OneDrive folder (.../Desktop/[folder]/[subfolder]/...). Nothing in the event indicates an active send or share action. it looks like the initial content scan picking up files at rest.

My confusion:
If the rule requires BOTH "shared externally" AND "contains SIT" to match, why are at-rest files matching? A few theories I want to confirm or kill:

  1. Is the "shared with people outside my organization" condition evaluating the file's current sharing state (e.g., an existing Anyone-link or an external grant on the file or a parent folder), rather than an actual share event?
  2. Could an externally-shared parent folder be propagating that "shared externally" state down to every file inside it making it look like many separate incidents when it's really one over-permissive folder?
  3. Does simulation mode's initial scan evaluate the sharing condition against existing sharing state, so previously-shared content lights up all at once (hence the identical timestamps)?

Please save my life lol

reddit.com
u/ThatBoiAndy — 11 days ago

Purview on-premises scanner - any associated ingestion costs?

I've been looking at the Purview On-premises scanner for our locally hosted network share server. The intent is to identify PII stored outside of approved locations. https://learn.microsoft.com/en-us/purview/deploy-scanner

We are on the Free tier of the Purview portal, not enterprise. We have A5 licenses. https://learn.microsoft.com/en-us/purview/data-governance-billing

In the past, the Purview scanner sent metadata to Azure, and there were associated ingestion costs. I believe Microsoft changed the scanner (or Purview) at some point (in 2025?), and the Scanner pages don't mention any additional costs.

This page https://learn.microsoft.com/en-us/purview/purview-billing-models#data-security-capabilities mentions "Sensitivity labels that you apply to non-Microsoft 365 data sources" with the unit of measure being "Number of assets in scope of protection policy/day". Going off of this pricing page https://azure.microsoft.com/en-us/pricing/details/purview/ (assuming the "Data Security At Rest Protection" is what they are referring to), does that mean every labelled file costs $0.50 per month? Or is this just referring to Azure hosted non 365 data? The Assets section of that page https://learn.microsoft.com/en-us/purview/purview-billing-models#assets only mentions Azure sources.

If you are using this scanner, can you share if there are associated Azure costs?

u/BrentNewland — 13 days ago