Microsoft Purview DLP Extends to Microsoft 365 Copilot

on
As organizations increasingly adopt Microsoft 365 Copilot to enhance productivity and collaboration, ensuring the security of corporate data becomes more and more important. Microsoft Purview Data Loss Prevention (DLP) offers a robust solution to safeguard sensitive information. Purview's new and upcoming DLP capabilities can soon help secure your organization's use of Copilot even better. Microsoft Purview Data Loss Prevention (DLP) is expanding its capabilities to support Microsoft 365 Copilot. This enhancement will allow DLP policies to identify sensitive documents using sensitivity labels and exclude them from processing in Microsoft 365 Copilot Business Chat. The feature will be available for customers who already have E5 (or equivalent) licenses together with copilot licenses. Information protection admins can then create policies that will include Microsoft Copilot in addition to all of the existing services. The preview started in late November, and it should be availab...

A thing about DHCPUtil -EmulateClient

on
I was trying to troubleshoot a Lync phone registry issue for a client of mine, and I ran into an issue I haven't seen before.

As I do not have access to every LAN to every customer at all times, I often get the customer to run certain commands and have them read me the output. When troubleshooting the registration of a CS-Commonareadevice, one of these commands are "DHCPUtil -Emulateclient". I send them instructions on how to map to the Lync server, set their path correct, and run the command from dos.

Usually, I've only been concerned whether the result is a failure, or success. Preferably have the client read out loud the bottom lines of the output. It would look something like this, and I'll say: Read me the result, and what ever information below "result".:


If the result is "success", and everything else seems valid, I will then move on to run the test-csphonebootstrap command, and try to understand the underlying issue.

This is what the test-csphonebootstrap had to tell me:


If you look closely at the TargetURI, it is missing something. It should contain the FQDN of the webservice providing the RootCertChain. So I told the customer his DHCP was all wrong, and asked him to fix it. He's reply was: "No, it's not". And he provided a screenshot of the settings/options showing everything was in order (Or at least it looked like it was in order)

Time to inspect that DHCP ACK packet in-depth. Or at least scroll up a line or two. And try to figure out what was happening.

This is what I saw with my own eyes:
Success, and the correct provisioning url as shown in the first screen shot. But as I scrolled up, I saw something interesting:


Taking a closer look at the option 43 as the client read it, it revealed the values were read in the wrong order.
I do not know why the result came out "Success" or why the output seemingly gave the correct provisioning URL. But I do know the phones didn't register and the test cmdlet gave me an error, and cleaning up the DHCP (removing settings, and reapplying them as described in this post) fixed the error.

Lessons learned:
- Don't always accept "Success" as a definite answer when troubleshooting. Sometimes you still need to take a closer look at things. The -Emulateclient obviously only look for the values in DHCP, and it doesn't do a syntax check. Nice knowing? It took me a couple of rounds before I really realized what was wrong.
- And from now on, I will have to ask the customer for the entire output not just the result.