Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,312 questions
DLP Policy Not Scanning Inside Compressed Files (Purview)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Mahmoud Hesham
5
Reputation points
I'm trying to configure Microsoft Purview to scan inside compressed files (e.g., .zip, .rar) and apply Data Loss Prevention (DLP) policies to prevent sensitive data from being shared via email. However, I'm encountering the following issues:
I need to ensure that sensitive data labels are detected inside archives and trigger DLP policies when emailed.
Despite configuring the DLP policy, password-protected archives bypass detection.
Important: I do not want to block all encrypted/password-protected files – only the ones that contain sensitive data. Blocking every compressed file creates unnecessary disruption, but I need to ensure sensitive data isn't accidentally shared.
Could someone guide me on:
How to enable scanning for compressed files in Purview?
Whether Purview can extract and inspect contents of .zip files?
How to configure DLP to block only password-protected archives that contain sensitive data?
I would appreciate any detailed steps or links to relevant documentation.
Thank you!
{count} votes
-
AnnuKumari-MSFT 33,981 Reputation points Microsoft Employee2024-12-30T16:43:28.5633333+00:00 Hi Mahmoud Hesham ,
To enable scanning for compressed files in Microsoft Purview and configure DLP policies to prevent sensitive data from being shared via email, you can follow the steps below:
- Enable scanning for compressed files in Purview: By default, Purview does not scan the contents of compressed files such as .zip or .rar files. To enable scanning for compressed files, you need to configure a custom extractor in Purview. You can use the Azure Cognitive Search Blob Indexer to extract the contents of compressed files and make them available for scanning by Purview.
- Extract and inspect contents of .zip files: Once you have configured a custom extractor in Purview, you can extract and inspect the contents of .zip files. Purview will extract the contents of the .zip file and make them available for scanning by DLP policies.
- Configure DLP to block only password-protected archives that contain sensitive data: To configure DLP policies to block only password-protected archives that contain sensitive data, you can use the "Content contains sensitive information" condition in the DLP policy. This condition allows you to specify the sensitive information types that you want to detect, such as credit card numbers or social security numbers. You can also specify the file types that you want to scan, such as .zip or .rar files. Once you have configured the DLP policy, it will trigger a block action only when a password-protected archive containing sensitive data is detected.
Additional resource: https://learn.microsoft.com/en-us/purview/dlp-policy-reference
Hope it helps. Kindly let us know how it goes. Thankyou
Sign in to comment
Sign in to answer