Microsoft Purview & Compliance Microsoft Purview & Compliance
Referenz für Purview Portal, DLP, Sensitivity Labels, Retention, eDiscovery, Audit und Insider-Risiko. Reference for the Purview portal, DLP, sensitivity labels, retention, eDiscovery, audit, and insider risk.
20+
Built-in Sensitive Info Types
Built-in sensitive info types
3
Audit-Retentionsklassen
Audit retention tiers
2
Retention-Ansätze
Retention approaches
EDiscovery
Standard & Premium
Standard & premium
Compliance ist workloadübergreifend
Compliance is workload-spanning
Purview wirkt auf Exchange, SharePoint, OneDrive, Teams und Endpunkte. Änderungen müssen immer mit den Fachbereichen und Datenschutz abgestimmt werden. Purview affects Exchange, SharePoint, OneDrive, Teams, and endpoints. Changes must always be aligned with business stakeholders and privacy teams.
🛡️ Portal
🛡️ Portal
Purview Arbeitsbereiche Purview workspaces
🚫 DLP
🚫 DLP
Regeln und Sensitive Info Types Rules and sensitive info types
🗂️ Retention
🗂️ Retention
Policies, Labels und Scopes Policies, labels, and scopes
⌨️ PowerShell
⌨️ PowerShell
IPPSSession und Cmdlets IPPSSession and cmdlets
🛡️ Portal Übersicht 🛡️ Portal overview
Das Microsoft Purview Portal bündelt Lösungen für Information Protection, DLP, Audit, eDiscovery, Records, Insider Risk und Communication Compliance. Rollen und Lizenzierung bestimmen, welche Workloads sichtbar und nutzbar sind. The Microsoft Purview portal consolidates solutions for information protection, DLP, audit, eDiscovery, records, insider risk, and communication compliance. Roles and licensing determine which workloads are visible and usable.
| Arbeitsbereich Workspace | Funktion Function | Beispiele Examples |
|---|---|---|
| Information Protection Information protection | Sensitivity Labels, Verschlüsselung, Auto-Labeling Sensitivity labels, encryption, auto-labeling | Dokumente, E-Mails, Containerlabels Documents, emails, container labels |
| Data Loss Prevention Data Loss Prevention | Richtlinien für Datenabfluss über M365, Endpoint, Devices Policies for data exfiltration across M365, endpoints, and devices | Teams Chat, Exchange, SharePoint, Endpoint DLP Teams chat, Exchange, SharePoint, endpoint DLP |
| Data Lifecycle Management Data lifecycle management | Retention Labels, Retention Policies, Adaptive Scopes Retention labels, retention policies, adaptive scopes | Aufbewahrung und Löschung Retention and deletion |
| eDiscovery eDiscovery | Cases, Searches, Review Sets, Exporte Cases, searches, review sets, exports | Juristische Untersuchungen und Compliance Requests Legal investigations and compliance requests |
| Audit Audit | Unified Audit Log Suche und Retention Unified audit log search and retention | Forensik und Nachvollziehbarkeit Forensics and traceability |
🚫 Data Loss Prevention 🚫 Data Loss Prevention
DLP-Richtlinien bestehen aus einer Policy, Regeln, Bedingungen, Ausnahmen und Aktionen. Zielorte können Exchange, SharePoint, OneDrive, Teams und Geräte sein. DLP policies consist of a policy, rules, conditions, exceptions, and actions. Locations can include Exchange, SharePoint, OneDrive, Teams, and devices.
| Baustein Building block | Beschreibung Description | Beispiele Examples |
|---|---|---|
| Policy Policy | Definiert Orte, Modus und allgemeine Konfiguration Defines locations, mode, and general configuration | Test with notifications, enabled mode Test with notifications, enabled mode |
| Rule Rule | Logik für Bedingungen und Aktionen Logic for conditions and actions | If content contains SITs then restrict sharing If content contains SITs then restrict sharing |
| Conditions Conditions | Sensitive Info, Labels, Inhalteigenschaften, Nutzerattribute Sensitive info, labels, content properties, user attributes | Anzahl Treffer, Confidence Level, Dateityp Match count, confidence level, file type |
| Actions Actions | Blockieren, Verschlüsseln, Notify, Incident Report Block, encrypt, notify, incident report | Policy Tips, E-Mail Meldung, Audit Policy tips, email alerts, audit |
| Sensitive Info Type Sensitive info type | Beschreibung Description | Typische Nutzung Typical use |
|---|---|---|
| Credit Card Number Credit Card Number | Kreditkartennummern nach bekannten Mustern Credit card numbers based on known patterns | PCI-bezogene Kontrollen PCI-related controls |
| IBAN IBAN | Internationale Bankkontonummern International bank account numbers | Zahlungsverkehr Payments |
| SWIFT Code SWIFT Code | Bank Identifier Codes Bank identifier codes | Finanzkommunikation Financial communication |
| EU Passport Number EU Passport Number | Europäische Reisepassnummern European passport numbers | HR und Travel HR and travel |
| German Passport Number German Passport Number | Deutsche Reisepassnummern German passport numbers | DACH-spezifische Richtlinien DACH-specific policies |
| German Identity Card Number German Identity Card Number | Personalausweisnummern German identity card numbers | Personalunterlagen Personnel files |
| German Tax Identification Number German Tax Identification Number | Steuer-ID German tax ID | Lohn- und Steuerdaten Payroll and tax data |
| German Driver License Number German Driver License Number | Führerscheinnummern German driver license numbers | Fuhrpark und HR Fleet and HR |
| U.S. Social Security Number U.S. Social Security Number | US Sozialversicherungsnummern US social security numbers | Globale HR-Workloads Global HR workloads |
| U.S. Individual Taxpayer Identification Number U.S. Individual Taxpayer Identification Number | US Steueridentifikationsnummern US taxpayer identification numbers | Steuerunterlagen Tax records |
| U.S. Bank Account Number U.S. Bank Account Number | US Kontonummern US bank account numbers | Finance Finance |
| ABA Routing Number ABA Routing Number | US Bankrouting US bank routing | Zahlungsverkehr Payments |
| VAT Number EU VAT Number EU | EU Umsatzsteuer-IDs EU VAT numbers | Rechnungswesen Accounting |
| Medical Terms Medical Terms | Medizinische Begriffe und Klassifikationen Medical terms and classifications | Health Compliance Health compliance |
| Drug Enforcement Agency Number Drug Enforcement Agency Number | DEA Nummern DEA numbers | Health / Pharma Health / pharma |
| Date of Birth Date of Birth | Geburtsdaten Dates of birth | PII und HR PII and HR |
| Phone Number Phone Number | Telefonnummern nach Regionen Regional phone numbers | Kontakt-PII Contact PII |
| EU National Identification Number EU National Identification Number | Nationale Kennnummern in EU-Ländern National identification numbers in EU countries | Personenbezogene Daten Personal data |
| Azure Information Protection Label Azure Information Protection Label | Label-bezogene Bedingungen Label-based conditions | Kombination mit Sensitivity Labels Combined with sensitivity labels |
| Credentials Credentials | Benutzername/Passwort ähnliche Muster Username/password-like patterns | Schutz vor Geheimnisabfluss Protection against credential leakage |
- Custom Sensitive Info Types erlauben eigene Schlüsselwörter, reguläre Ausdrücke und EDM-Modelle. Custom sensitive info types allow custom keywords, regular expressions, and EDM models.
- Endpoint DLP erweitert DLP auf Geräteaktionen wie Copy to USB, Print oder Upload in Browser. Endpoint DLP extends DLP to device actions such as copy to USB, print, or browser uploads.
- Policy Tips und Incident Reports helfen beim kontrollierten Rollout. Policy tips and incident reports help with controlled rollout.
🏷️ Sensitivity Labels 🏷️ Sensitivity labels
Sensitivity Labels klassifizieren und schützen Inhalte sowie Container. Sie können Verschlüsselung, Content Marking, Freigabeeinschränkungen und Default Labels steuern. Sensitivity labels classify and protect content and containers. They can control encryption, content marking, sharing restrictions, and default labels.
| Thema Topic | Details Details | Hinweis Note |
|---|---|---|
| Create Create | Name, Tooltip, Farbe, Schutzoptionen Name, tooltip, color, protection options | Taxonomie früh mit Fachbereichen abstimmen Align taxonomy early with business stakeholders |
| Publish Publish | Wer sieht und nutzt welche Labels Who sees and uses which labels | Ohne Publish Policy ist das Label nicht aktiv nutzbar Without a publish policy the label is not usable |
| Auto-labeling Auto-labeling | Regelbasierte oder trainierbare Erkennung Rule-based or trainable detection | Erfordert Tests und Benutzerkommunikation Requires testing and user communication |
| Encryption Encryption | Do Not Forward, Double Key Encryption, Rights Management Do Not Forward, Double Key Encryption, rights management | Kompatibilität mit externen Empfängern prüfen Validate compatibility with external recipients |
| Content Marking Content marking | Header, Footer, Watermark Header, footer, watermark | Sichtbar und oft Compliance-relevant Visible and often compliance-relevant |
| Default Label Default label | Vorschlags- oder Pflichtlabel Suggested or mandatory label | Hilft bei konsistenter Klassifizierung Helps drive consistent classification |
🗂️ Retention 🗂️ Retention
Retention Policies wirken ortsbezogen auf ganze Workloads; Retention Labels wirken objektbezogen auf Inhalte. Beide können statische oder adaptive Scopes verwenden. Retention policies work location-based across workloads; retention labels work item-based on content. Both can use static or adaptive scopes.
| Ansatz Approach | Beschreibung Description | Beispiele Examples |
|---|---|---|
| Retain and then delete Retain and then delete | Inhalte werden aufbewahrt und nach Frist gelöscht Content is retained and deleted after the retention period | Finanzunterlagen 7 Jahre Financial records for 7 years |
| Retain only Retain only | Keine Löschung durch die Richtlinie No deletion through the policy | Untersuchungsrelevante Daten Investigation-relevant data |
| Delete only Delete only | Inhalte werden nach Zeitraum entfernt Content is removed after a set period | Kurzlebige Kollaborationsdaten Short-lived collaboration data |
| Static scopes Static scopes | Benutzer, Sites oder Gruppen explizit ausgewählt Users, sites, or groups explicitly selected | Kleine oder stabile Zielgruppen Small or stable target groups |
| Adaptive scopes Adaptive scopes | Filter nach Attributen wie Land, Abteilung oder Standort Filter by attributes such as country, department, or location | Große oder dynamische Organisationen Large or dynamic organizations |
🔎 eDiscovery 🔎 eDiscovery
| Funktion Feature | Standard Standard | Premium Premium |
|---|---|---|
| Content Search Content search | Suche und Export über Workloads Search and export across workloads | Auch Basisbestandteil für Fälle Also a building block for cases |
| Custodians Custodians | Begrenzt Limited | Explizites Custodian Management und Hold Notifications Explicit custodian management and hold notifications |
| Review Sets Review sets | Nicht verfügbar Not available | Review Sets, Analytics, Tagging Review sets, analytics, tagging |
| Advanced Processing Advanced processing | Einfachere Szenarien Simpler scenarios | Deduplication, near-duplicate detection, threading Deduplication, near-duplicate detection, threading |
- Content Search ist oft der erste Schritt vor formaler Fallanlage. Content search is often the first step before creating a formal case.
- Legal Hold kann auf Mailboxen, Sites oder Custodians wirken. Legal hold can apply to mailboxes, sites, or custodians.
- Review Sets sollten mit Export- und Zugriffsmodell sauber geplant werden. Review sets should be planned carefully with export and access controls.
📜 Audit 📜 Audit
| Variante Variant | Retention Retention | Typische Nutzung Typical use |
|---|---|---|
| Audit Standard Audit Standard | 90 Tage 90 days | Allgemeine Nachvollziehbarkeit und Basisforensik General traceability and baseline forensics |
| Audit Premium Audit Premium | 1 Jahr oder 10 Jahre mit Add-on 1 year or 10 years with add-on | Erweiterte Ermittlungen und lange Aufbewahrung Advanced investigations and long-term retention |
| Search Audit Log Search audit log | Abhängig von Lizenz und Workload Depends on license and workload | Suche nach User-, File-, Admin- und Policy-Aktionen Search for user, file, admin, and policy actions |
🗣️ Communication Compliance 🗣️ Communication Compliance
Communication Compliance überwacht Kommunikationsmuster auf Belästigung, Insider-Risiko, unangemessene Sprache oder regulatorische Verstöße. Teams und Exchange sind typische Zielquellen. Communication Compliance monitors communication patterns for harassment, insider risk, inappropriate language, or regulatory violations. Teams and Exchange are common source workloads.
🕵️ Insider Risk Management 🕵️ Insider Risk Management
Insider Risk korreliert Signale aus Geräten, Inhalten und Benutzeraktivitäten. Typische Szenarien sind Datendiebstahl, IP-Abfluss, Risky Departures oder Security Policy Violations. Insider Risk correlates signals from devices, content, and user activities. Typical scenarios are data theft, IP exfiltration, risky departures, or security policy violations.
🚧 Information Barriers 🚧 Information Barriers
Information Barriers verhindern Kommunikation und Zusammenarbeit zwischen definierten Segmenten. Häufig genutzt in regulierten Branchen wie Finance oder Legal. Information barriers prevent communication and collaboration between defined segments. They are often used in regulated industries such as finance or legal.
📚 Records Management 📚 Records Management
Records Management ergänzt Retention um deklarierte Datensätze, Disposition Reviews und immutable Controls für besonders sensible Aufbewahrungspflichten. Records management extends retention with declared records, disposition reviews, and immutable controls for especially sensitive retention requirements.
⌨️ PowerShell ⌨️ PowerShell
| Bereich Area | Cmdlet / Sitzung Cmdlet / session | Beispiele Examples |
|---|---|---|
| Verbindung Connection | Connect-IPPSSession Connect-IPPSSession | Purview / Security & Compliance PowerShell Purview / Security & Compliance PowerShell |
| DLP DLP | Get-DlpCompliancePolicy / New-DlpCompliancePolicy Get-DlpCompliancePolicy / New-DlpCompliancePolicy | Richtlinien auslesen und anlegen Read and create policies |
| Retention Retention | Get-RetentionCompliancePolicy / New-RetentionCompliancePolicy Get-RetentionCompliancePolicy / New-RetentionCompliancePolicy | Lifecycle Regeln verwalten Manage lifecycle rules |
| Labels Labels | Get-Label / New-Label / Set-Label Get-Label / New-Label / Set-Label | Sensitivity Labels administrieren Administer sensitivity labels |
PowerShell
PowerShell
Connect-IPPSSession
Get-DlpCompliancePolicy
Get-DlpComplianceRule
New-DlpCompliancePolicy -Name "EU Sensitive Data" -ExchangeLocation All -SharePointLocation All -OneDriveLocation All
Get-Label
Get-RetentionCompliancePolicy
Get-RetentionComplianceRule
50+ Built-in Sensitive Information Types50+ built-in sensitive information types
| SITSIT | Patterns summaryPattern summary |
|---|---|
| Credit Card NumberCredit Card Number | Luhn-Prüfung plus Kartenmuster.Luhn validation plus card patterns. |
| ABA Routing NumberABA Routing Number | 9-stellige US Bankleitzahl mit Prüfziffer.9-digit US routing number with checksum. |
| SWIFT CodeSWIFT Code | Bank Identifier Code aus 8 oder 11 Zeichen.Bank identifier code with 8 or 11 characters. |
| IBANIBAN | Länderspezifische IBAN mit Format- und Prüflogik.Country-specific IBAN with format and checksum. |
| EU Debit Card NumberEU Debit Card Number | Kartennummern für europäische Debitkarten.Card numbers for European debit cards. |
| US Bank Account NumberUS Bank Account Number | US Kontonummer mit Kontextwörtern.US bank account number with context words. |
| Canada Bank Account NumberCanada Bank Account Number | Kanadische Kontonummern und Transitkontext.Canadian account numbers with transit context. |
| Australian Bank Account NumberAustralian Bank Account Number | Australische BSB/Kontonummer-Muster.Australian BSB/account number patterns. |
| UK National Insurance NumberUK National Insurance Number | Muster plus reservierte Präfixlogik.Pattern plus reserved prefix logic. |
| US Social Security NumberUS Social Security Number | 3-2-4 Muster mit Ausschluss ungültiger Bereiche.3-2-4 pattern excluding invalid ranges. |
| US Individual Taxpayer Identification NumberUS Individual Taxpayer Identification Number | 9-stellige ITIN mit 9er Präfix.9-digit ITIN with 9-prefix. |
| US Employer Identification NumberUS Employer Identification Number | EIN mit 2-7 Muster.EIN with 2-7 pattern. |
| US Passport NumberUS Passport Number | Alphanumerisches US Passformat.Alphanumeric US passport format. |
| UK Passport NumberUK Passport Number | Neunstelliges UK Passmuster.Nine-digit UK passport pattern. |
| Germany Passport NumberGermany Passport Number | Deutsches Passformat mit Kontext.German passport format with context. |
| France Passport NumberFrance Passport Number | Französisches Passmuster.French passport pattern. |
| Spain Passport NumberSpain Passport Number | Spanisches Passmuster mit Kontext.Spanish passport pattern with context. |
| Italy Passport NumberItaly Passport Number | Italienische Passnummern.Italian passport numbers. |
| Netherlands Passport NumberNetherlands Passport Number | Niederländische Passnummern.Dutch passport numbers. |
| Belgium Passport NumberBelgium Passport Number | Belgische Passnummern.Belgian passport numbers. |
| EU Driver's License NumberEU Driver's License Number | Europäische Führerscheinkontexte und Formate.European driver's license contexts and formats. |
| Germany Driver's License NumberGermany Driver's License Number | Deutsches Führerscheinmuster.German driver's license pattern. |
| France Driver's License NumberFrance Driver's License Number | Französische Führerscheinnummer.French driver's license number. |
| Spain Driver's License NumberSpain Driver's License Number | Spanische Führerscheinnummer.Spanish driver's license number. |
| Netherlands Driver's License NumberNetherlands Driver's License Number | Niederländische Führerscheinnummer.Dutch driver's license number. |
| Belgium National NumberBelgium National Number | Belgische Rijksregisternummer.Belgian national registry number. |
| Germany Identity Card NumberGermany Identity Card Number | Personalausweisformat mit Kontext.German identity card format with context. |
| France National ID Card NumberFrance National ID Card Number | Französische Ausweisnummer.French national ID card number. |
| Italy National ID Card NumberItaly National ID Card Number | Italienische Ausweisnummer.Italian national ID number. |
| Spain National ID NumberSpain National ID Number | DNI/NIF Muster mit Prüfbuchstaben.DNI/NIF pattern with checksum letter. |
| Netherlands Citizen Service NumberNetherlands Citizen Service Number | BSN mit 11-Proef.BSN with 11-check. |
| Denmark Personal Identification NumberDenmark Personal Identification Number | CPR Muster mit Datumskontext.CPR pattern with date context. |
| Sweden National IDSweden National ID | Personnummer mit Prüfziffer.Personal number with checksum. |
| Norway National IDNorway National ID | Fødselsnummer mit Datum und Check.National ID with date and checksum. |
| Finland National IDFinland National ID | Finnische HETU Muster.Finnish HETU patterns. |
| Poland PESEL NumberPoland PESEL Number | PESEL mit Prüfziffer.PESEL with checksum. |
| Czech National ID NumberCzech National ID Number | Tschechische Rodné číslo Muster.Czech birth number pattern. |
| Austria Identity Card NumberAustria Identity Card Number | Österreichische Ausweisnummer.Austrian identity card number. |
| Switzerland Passport NumberSwitzerland Passport Number | Schweizer Passnummer.Swiss passport number. |
| Switzerland Social Security NumberSwitzerland Social Security Number | AHV/AVS Muster.AHV/AVS pattern. |
| India PAN NumberIndia PAN Number | Permanent Account Number mit Buchstaben-Ziffern-Format.Permanent Account Number with alpha-numeric format. |
| India Aadhaar NumberIndia Aadhaar Number | 12-stellige Aadhaar-Nummer mit Kontext.12-digit Aadhaar number with context. |
| Singapore National Registration Identity Card NumberSingapore National Registration Identity Card Number | NRIC/FIN Muster.NRIC/FIN pattern. |
| Japan My NumberJapan My Number | 12-stellige Individual Number.12-digit individual number. |
| China Resident Identity Card NumberChina Resident Identity Card Number | 18-stellig mit Geburts- und Prüflogik.18-digit format with birth and checksum logic. |
| South Korea Resident Registration NumberSouth Korea Resident Registration Number | 13-stelliges RRN Muster.13-digit RRN pattern. |
| Brazil CPF NumberBrazil CPF Number | CPF mit doppelter Prüfziffer.CPF with double checksum. |
| Brazil CNPJ NumberBrazil CNPJ Number | CNPJ Unternehmenskennung.CNPJ business identifier. |
| Mexico CURP NumberMexico CURP Number | CURP mit Namens- und Datumsstruktur.CURP with name and date structure. |
| Argentina National Identity NumberArgentina National Identity Number | DNI Kontext plus Nummernformat.DNI context plus number format. |
| Chile Identity Card NumberChile Identity Card Number | RUN/RUT mit Prüfziffer.RUN/RUT with checksum. |
| South Africa ID NumberSouth Africa ID Number | SA ID mit Geburtsdatum und Check.South African ID with birth date and checksum. |
| Australia Tax File NumberAustralia Tax File Number | TFN Muster und Prüflogik.TFN pattern and checksum. |
| New Zealand Inland Revenue NumberNew Zealand Inland Revenue Number | NZ IRD Nummernformat.NZ IRD number format. |
DLP Conditions und Actions ReferenzDLP conditions and actions reference
| ElementElement | HinweisNote |
|---|---|
| Contains sensitive informationContains sensitive information | Kernbedingung für SIT-basierte Kontrollen.Core condition for SIT-based controls. |
| Document property matchesDocument property matches | Nutzt Metadaten oder Dateieigenschaften.Uses metadata or file properties. |
| Content contains wordsContent contains words | Schlüsselwörter und reguläre Muster.Keywords and regular expressions. |
| Recipient is externalRecipient is external | Trennt interne und externe Freigaben oder Mailwege.Separates internal and external sharing or mail routes. |
| Accessed from unmanaged deviceAccessed from unmanaged device | Wichtig für Endpoint- und Browser-Sessions.Important for endpoint and browser sessions. |
| Block accessBlock access | Stoppt die Aktion vollständig.Stops the action completely. |
| Restrict accessRestrict access | Erlaubt nur Ownern oder Justification-Pfaden den Zugriff.Allows access only for owners or justification paths. |
| Encrypt emailEncrypt email | Erzwingt OME oder Label-basierte Verschlüsselung.Enforces OME or label-based encryption. |
| Send incident reportSend incident report | Alarmiert Security/Compliance Teams.Alerts security/compliance teams. |
| User notificationUser notification | Zeigt Policy Tips oder Blockhinweise.Shows policy tips or block notices. |
Retention Label vs Policy MatrixRetention label vs policy matrix
| BausteinBuilding block | BeschreibungDescription |
|---|---|
| Retention labelRetention label | Feingranular auf Dokumente, E-Mails oder Ordner anwendbar.Fine-grained and can be applied to documents, emails, or folders. |
| Retention policyRetention policy | Weist Aufbewahrung breit an Locations wie Exchange, SPO oder OneDrive zu.Assigns retention broadly to locations such as Exchange, SharePoint, or OneDrive. |
| Event-based retentionEvent-based retention | Startet Fristen auf Basis definierter Ereignisse.Starts periods based on defined events. |
| Disposition reviewDisposition review | Erfordert menschliche Freigabe vor endgültiger Löschung.Requires human approval before permanent deletion. |
eDiscovery KQL ReferenzeDiscovery KQL reference
| KQLKQL | BedeutungMeaning |
|---|---|
| kind:emailkind:email | Filtert Exchange- und E-Mail-Inhalte.Filters Exchange and email content. |
| subject:"invoice"subject:"invoice" | Exakte Betreffsuche.Exact subject search. |
| from:ceo@contoso.comfrom:ceo@contoso.com | Absenderfilter.Sender filter. |
| recipients:legal@contoso.comrecipients:legal@contoso.com | Empfängerfilter.Recipient filter. |
| filetype:pdffiletype:pdf | Dateitypfilter.File type filter. |
| sent>=2026-01-01sent>=2026-01-01 | Zeitlicher Untergrenzenfilter.Lower time boundary filter. |
| sent<=2026-06-30sent<=2026-06-30 | Zeitlicher Obergrenzenfilter.Upper time boundary filter. |
| participants:partner.exampleparticipants:partner.example | Beteiligte in Unterhaltungen.Participants in conversations. |
| attachmentnames:contractattachmentnames:contract | Dateiname oder Dateinamensfragment.Attachment name or fragment. |
| size>10MBsize>10MB | Datei- oder Nachrichtengröße eingrenzen.Constrain by file or message size. |
KQLKQL
kind:email AND subject:"invoice" AND from:finance@contoso.com AND sent>=2026-01-01 AND sent<=2026-06-30
participants:partner.example AND attachmentnames:contract AND filetype:pdfAudit Log SchlüsselereignisseAudit log key events
| EreignisEvent | BedeutungMeaning |
|---|---|
| MailItemsAccessedMailItemsAccessed | Granulares Exchange-Zugriffsereignis.Granular Exchange access event. |
| FileAccessedFileAccessed | SharePoint/OneDrive Datei gelesen.SharePoint/OneDrive file read. |
| FileDownloadedFileDownloaded | Datei wurde heruntergeladen.File was downloaded. |
| SearchQueryInitiatedExchangeSearchQueryInitiatedExchange | Suche in Exchange/Outlook.Search in Exchange/Outlook. |
| SensitivityLabelAppliedSensitivityLabelApplied | Label wurde gesetzt oder geändert.Label was applied or changed. |
| DlpRuleMatchDlpRuleMatch | DLP Treffer mit Policybezug.DLP match with policy context. |
| RetentionLabelAppliedRetentionLabelApplied | Retention Label Aktion.Retention label action. |
| CaseCreatedCaseCreated | eDiscovery Fall erstellt.eDiscovery case created. |
| SearchStartedSearchStarted | Suche oder Collection gestartet.Search or collection started. |
| RecordDeclaredRecordDeclared | Element als Record markiert.Item declared as a record. |
Compliance Manager ÜberblickCompliance Manager overview
| BereichArea | NutzenUse |
|---|---|
| AssessmentsAssessments | Mapped Kontrollen für Standards wie ISO, NIST oder DSGVO.Mapped controls for standards such as ISO, NIST, or GDPR. |
| Improvement actionsImprovement actions | Dokumentieren Verantwortliche, Status und Nachweise.Document owners, status, and evidence. |
| ScoreScore | Messgröße für den Implementierungsstand.Metric for implementation maturity. |
GitHub ReferenzenGitHub references
| RepositoryRepository | NutzenUse |
|---|---|
| microsoft/Microsoft-365-Defender-Hunting-Queriesmicrosoft/Microsoft-365-Defender-Hunting-Queries | Beispielabfragen für Security- und Compliance-Investigations.Sample queries for security and compliance investigations. |
| microsoft/ComplianceCxEmicrosoft/ComplianceCxE | Compliance Customer Experience Assets, Queries und Hilfen.Compliance Customer Experience assets, queries, and utilities. |