In the previous post I argued the HIPAA Security Rule NPRM is essentially an autopsy report, with each major mandate traceable to a specific named failure mode from 2024. The one mandate that doesn't trace to a single named breach, but to the entire enforcement pattern OCR has
There is a version of the HIPAA Security Rule NPRM that everyone is reading, and then there's a version that almost nobody is reading. The version everyone is reading is a compliance update. It's the biggest since 2013, with 4,700+ public comments, a May 2026
Your Copilot deployment did not create a new security risk. That risk has been there since the beginning, and it will be there until you stop blaming new tech and start focusing on the underlying issue. In the months since Microsoft 365 Copilot became broadly available inside enterprise tenants, a
Apparently, someone at Microsoft thought it'd be a good idea to give me an MVP award for Purview. I'm as surprised as you are 🙂 For those wondering what this means: I now have a fancy title to put in my email signature and an official reason
Guess what we're baaaaaack. December/January are rough here in Cleveland, man. But, I've got some updates pushed out for the Purview SIT Email Scanner Tool that you might want to check out 🙂 Shout out to Emily Spotts for her collaboration on this one. What was
AI is transforming industries worldwide, but it’s simultaneously creating one of the largest data risks we've ever seen. According to the Varonis 2025 State of Data Security Report, 95% of healthcare organizations have exposed sensitive cloud data, and 64% have employees using unverified AI tools. The same
Found this nugget buried in the Purview Blueprints Github repo. Figured I'd take a crack at integrating credential SITs into my EXO SIT Finder. The "All Credentials" Bundled SIT is multitudinous and complex, as you can see in the linked Learn Doc below. Current SITs being
This post is a continuation of a series. See part 1, here. Most enterprises already live in dual worlds. On one side, Microsoft Purview governs information inside Microsoft 365. But on the other, dedicated DLP platforms like Digital Guardian DLP control endpoints, networks, and file movement. So what's
As a consultant in the Microsoft Security & Compliance space, you learn that some projects are more like therapy sessions. Half the organization wants to migrate to Microsoft, and the other half, clutching their Varonis or Symantec licenses, waits in the shadows for their "I told you so"
I didn't have much of a following when I initially wrote about SIT-search limitations in mailbox data-at-rest. Since then, I've spoken with multiple clients and data security professionals who were under the mistaken impression that Purview could find that data. Since this limitation still exists, and
One of the lesser-known (and dare I say "quietly devastating") mechanics in Microsoft Purview Insider Risk Management (IRM) is how Collection Policies silently override your IRM policy logic. They don't cooperate and they especially don't warn you. If there's a conflict, the
I've been getting a lot of questions lately in follow-up to my 99% DLP policy post. I followed your advice and have this nifty DLP Policy broken into three rules. How on earth do I sort through all of the Activity Explorer hits and tune this thing? Well,