Data Loss Prevention: Collect Microsoft Purview compliance diagnostics

By Ashwin Venugopal -

 








Introduction

The PowerShell Gallery hosts the ComplianceDiagnostics tool, which is a PowerShell module. The program offers a number of data gathering templates from which you can choose. What diagnostic information is collected depends on your choice. Usually, a Microsoft Support engineer instructs you on which data collection template to utilize and requests diagnostic data.

Prerequisites

In order to use the ComplianceDiagnostics tool, ensure that your environment meets the following requirements:
  1. Installed PowerShell 5.0 or its latest version.
  2. Installed ExchangeOnlineManagement module 3.0 or a later version.
  3. The PowerShell Gallery should be in the list of PowerShell repositories on your local computer.
  4. You should be a Compliance administrator in Microsoft Purview. 
  5. PowerShell execution policy should be set to RemoteSigned. 

Install Tool

Install the latest version of the ComplianceDiagnostics tool by running the following cmdlet:

Install-Module ComplianceDiagnostics -Force

Note- It is recommended to run the command periodically to install the latest tool version.

Run Tool

Run the following PowerShell cmdlet to open the ComplianceDiagnostics tool and then sign in to the Exchange Management Shell and Security & Compliance PowerShell when you are prompted:

Start -ComplianceDiagnostics

Collect Diagnostic Data

  1. Select the data collection template that matches your issue.
  2. Use the template fields to provide information about your issue.
  3. Select Export Support Data.
  4. In the folder dialog box that opens, choose a parent folder for the diagnostic data. 
  5. Select Yes in the completion dialog box to view the .zip file in File Explorer.

Review Diagnostic Data

  1. Extract the contents of the .zip file.
  2. Parse the .json file, and view the parsed data objects.
  3. Get detailed  diagnostic information by querying the data objects.
  4. After finishing the diagnostic review, send the .zip file to Microsoft Support to investigate the issue.

Conclusion

Data Loss Prevention compliance diagnostic is done via above steps.





































Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Design Planning (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Complex Organizational Structures SIEM can be an expensive security control, hence, it is common multiple businesses to contribute to the overall expense. Various organizational units may require a level of access to specific dashboards or sets of data. Microsoft Sentinel offers the ability to assign table-level permissions and limit the level of access to the minimum required to perform requisite job functions.  Role-based Access Control (RBAC) Requirements Microsoft Sentinel offers an extensive list of Azure built-in roles that can be used to provide granular access according to the job requirements and permitted level of access. Some of them are various Microsoft Sentinel dedicated roles: Microsoft Sentinel Contributor- Can perform all engineering-related configuration, such as creating alert rules, configuring data connectors, and additional similar tasks.  Microsoft Sentinel Reader- Can...
Read more