David Drever | MVP | Data Protection & Compliance

Off on my first trip of the year and first conference of the year. Off to #M365Miami to share some #DataProtection and AI Governance tips and tricks. Excited to share how to protect your environment with #MicrosoftPurview #Purview.

Join me at #M365Con 2026, April 21 to 23 in Orlando Florida. It will be epic with new ways to get stuff done using Microsoft’s latest tools. Save $150 with code DREVER150
Register: m365conf.com#!/register

Microsoft Purview Data Protection – Creating an Endpoint DLP Policy – Video In my previous video blog I had promised my next video was going to be the administrator and end user experience.  Unfortunately, I have made a liar of myself.  Before I do that video, I wanted instead to demonstrate the process for creating an endpoint DLP policy.  This will allow me to demonstrate both the cloud related policy and the endpoint policy experience. 

New Post and new Video! Microsoft Purview Data Protection - Creating an Endpoint DLP Policy

Microsoft Purview Data Protection – Protect your Sensitive Information in Remote Desktop Sessions Believe it or not, it isn't uncommon data loss to occur through the use of remote desktop services.  One wouldn't think this could happen often as you can actually configure group policies and Intune policies to block the flow of data across the remote desktop protocol (RDP).  Organizations often don't do this as it can hinder valid movement of data.  Especially amongst employees that regularly work with virtual machines (VMs) to complete their tasks. 

New Blog Post! Microsoft Purview Data Protection - Protect your Sensitive Information in Remote Desktop Sessions.

Microsoft Purview Data Protection – Creating your First DLP Policy – Video For my first post of the year I'm actually going to point you to my YouTube channel.  I created an overview of Microsoft Purview's Data Loss Prevention feature and a walkthrough to create your first DLP Policy.   Just a quick overview of a DLP policy and what the video will cover: The intent of a Data Loss Prevention (DLP) policy is to help control the flow of data—specifically the data your organization considers sensitive.

New Blog and Video! Microsoft Purview Data Protection - Creating your First DLP Policy

Compliance Unplugged – Episode # 12 – Retention vs Sensitivity Labels Alright, hold onto your seats.  This is going to be a long one.  Something Joanne and I have been wanting to talk about for some time, we finally decided to record.  There are so many confused about the difference between sensitivity and retention labels. Do they overlap?  Are they completely different?  Joanne and I take 18 minutes to go through all of the differences and similarities between the two types of labels that are so important to your information protection and governance.

Compliance Unplugged – Episode # 12 – Retention vs Sensitivity Labels

Alright, hold onto your seats.  This is going to be a long one.  Something Joanne and I have been wanting to talk about for some time, we finally decided to record.  There are so many confused about the difference between…

Compliance Unplugged – Episode #10 – Classification of Data Joanne and I have recently been discusing now people view classification of content.  Not just the process, but even the definition of classification.  We find that a lot of confusion occurs because many people define the classification of data different than Microsoft does and when reviewing Microsoft information problems can occur due to that mismatch of understanding.  So we decided to discuss that in the next episode of Compliance Unplugged.

New Podcast: Compliance Unplugged - Episode #10 - Classification of Data

Just Got Microsoft Defender… Now What? – CollabDays New England I had a really quick trip to Boston this week to speak at CollabDays New England.  It's been a few years since my last trip here and I'm happy to have been part of it.  Boston and area is gorgeous and the fall is even more so. Like New York, I am only here for a very short time.  Less than 24 hours. 

Just Got Microsoft Defender… Now What? – CollabDays New England

I had a really quick trip to Boston this week to speak at CollabDays New England.  It's been a few years since my last trip here and I'm happy to have been part of it.  Boston and area is gorgeous and the fall is even more so. Like…

I Have Microsoft Purview…. Now What!? – Experts Live NY 2025 In a first for me, I have made the trip to New York, NY.  I have been in New York before, but only passing through in a flight layover.  This time, I am getting to stay for a whopping 24 hours.  I get a double honour of speaking at the Experts Live conference and to speak with two fantastic data security specialists: …

I Have Microsoft Purview…. Now What!? – Experts Live NY 2025

In a first for me, I have made the trip to New York, NY.  I have been in New York before, but only passing through in a flight layover.  This time, I am getting to stay for a whopping 24 hours.  I get a double honour of speaking at the…

Being a Microsoft MVP - David Drever July 2025 marks a decade since I was first awarded the Microsoft MVP designation.  I’ll be honest, 11 or 12 years ago, MVP wasn’t even on my radar, let alone […]

I drop a few names and thank a few people in it: daviddrever.com/2025/07/bein...

Yesterday, I was named a @microsoft.com MVP for the 10th year in a row. I felt this warranted a brief retrospective post. I wanted to explore what it meant to me to be an MVP, as well as my journey to achieving that designation. I ask that you check it out. #MVPBuzz

Off to Toronto to connect with colleagues, meetings, and some training. Looking forward to seeing in person those i normally only see on the screen.

What a week. Last minute, full-day workshop M365 Community Conference with Sarah Haase. Followed the next day with a packed room of 250+ people in my session. Then rush to airport for some awesome Protiviti employee training. Been an eventful week and happy to be going home.

Please join me at #M365Conf. There's a lot out there to take in for collaboration. I'd love to help you share and work together safely and efficiently. @m365con.bsky.social

Want to learn about the history of #M365CON — from its early days as the #SharePoint Conference?
Hear from Jeff Teper, @karuana.bsky.social, and Chris McNulty as they reflect on how it all started and why it still matters today.
bsky.app/profile/m365...

Heading home after a great week of meeting with Microsoft product teams, colleagues, and friends. It was a great trip, but I'm so ready to be getting home. #MVPBuzz

Advanced data loss prevention (DLP) strategies in Microsoft Puview Learn how to protect sensitive data with advanced data loss prevention (DLP) strategies in Microsoft Purview.

New Blog Post: "Implementing advanced data loss prevention (DLP) strategies in Microsoft Purview" covers considerations when moving beyond the "standard" DLP policies and digging into more complex configuration. #DataProtection #DLP #Purview @syskit.bsky.social www.syskit.com/blog/advance...

Off on my first leg to #MVPSummit. Looking forward to hear the great things coming, connecting with old friends, making new ones, and some great networking!

Compliance Unplugged – Episode #10 – How Insider Risk Management Integrates with Data Lifecycle Management Completing our Insider Risk Management discussion, Joanne and I are discussing how Insider Risk Management integrates with Data Lifecycle Management.  In this series, Joanne and I discuss how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Data Lifecycle Management. I invite you to take a look at the video on our YouTube channel: …

New Podcast: Compliance Unplugged - Episode #10 - How Insider Risk Management Integrates with Data Lifecycle Management

Compliance Unplugged – Episode #9 – How Insider Risk Management Integrates with Conditional Access Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Conditional Access. I invite you to take a look at the video on our YouTube channel: …

Compliance Unplugged – Episode #9 – How Insider Risk Management Integrates with Conditional Access

Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other…

Compliance Unplugged – Episode #8 – How Insider Risk Management Integrates with DLP Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Conditional Access. I invite you to take a look at the video on our YouTube channel: …

New Podcast Release: Compliance Unplugged - Episode #8 - How Insider Risk Management Integrates with DLP

Microsoft Purview Data Protection – Protecting Sensitive Data from Third-Party Apps Recently, I released a post concerning protecting data against third-party cloud storage.  This post is similar but focuses on applications installed on the workstation.  A common use case is blocking sensitive data from being accessible for applications like Dropbox.  The argument could be said that the organization could just block the application from being installed, or they could have a corporate version of the application and monitor through Defender for Cloud Apps (a post for another day). 

New Blog Post! Microsoft #Purview Data Protection - Protecting Sensitive Data from Third-Party Apps. Covers protecting your sensitive data from programs installed on workstations. #DataProtection #DLP

Microsoft Purview Data Protection – Configure the Restricted App Groups A common method for data to exit an organization's control is through third-party applications.  These applications can be cloud storage like Dropbox or Google Drive.  They can also be applications such as Grammarly with access to a cloud infrastructure.  To support the control of this, it is possible to create Data Loss Prevention (DLP) policies that monitor when data is accessed by these applications. 

New Blog Post! Microsoft #Purview Data Protection - Configure the Restricted App Groups. Learn how to support #DLP controls in Purview with Restricted App Groups #DataProtection

Microsoft Purview Data Protection – Configure the Sensitive Service Domain Groups A common method for data to exit an organization's control is through third-party cloud storage locations such as Dropbox or Google Drive.  To support the control of this, it is possible to create Data Loss Prevention (DLP) policies that monitor when data is moved to these locations.  The DLP policies can even block the content uploaded to these locations should the organization determine this is necessary to protect their environment. 

New blog post! #Microsoft #Purview Data Protection - Configure the Sensitive Service Domain Groups. Configure the sensitive service domain groups in Purview DLP to prepare for DLP policies that monitor or block 3rd party cloud storage

Microsoft Purview Data Protection – Protecting Sensitive Data from Third-Party Cloud Storage A common gap in data security is caused when users store content belonging to the organization in cloud storage not controlled by the company's IT infrastructure.  When this occurs, the content is potentially no longer under the control of the business and is at risk for misuse.  Whether this is a malicious act or an innocent one, the outcome is the same. 

New Blog Post! #Microsoft #Purview Data Protection - Protecting Sensitive Data from Third-Party Cloud Storage. Demonstrates how to protect sensitive information from being uploaded to 3rd party cloud storage #DataProtection

Compliance Unplugged – Episode #7 – How Microsoft Purview Information Protection Integrates with Insider Risk Management In Episode #6, Joanne and I introduced Insider Risk Management.  This was to coincide with the blog posts I wrote on the subject, and it worked out well because Joanne had just completed a webinar and conference session about it as well.  In this episode, we start our drive down into the various Purview features that work with Insider Risk Management. 

New Podcast!! Compliance Unplugged - Episode #7 - How Microsoft Purview Information Protection Integrates with Insider Risk Management

Microsoft Purview Records Management – Daisy Chaining Retention Labels Some time ago, Microsoft released a feature into Purview that provided a new "after retention" action to a retention label.  Microsoft called it "Automatically apply another retention label".  The Record Management community of Microsoft Purview immediately changed that and now fondly calls it "Daisy Chaining Retention Labels".  Microsoft still uses its boring explanation for it 😉 . Daisy-chaining is exactly as it sounds. 

New Blog Post - Microsoft #Purview Records Management - Daisy Chaining Retention Labels. Another use case to consider for use in what has become known as the Daisy Chain Labeling Process. #RecordsManagement #M365 #SharePoint

Use the Correct Copilot for the Task at Hand I have previously discussed that the wording of your query is very important in Security Copilot.  But another key item to be aware of is also which Copilot to use when.  You really want to use the correct Copilot for the task at hand.  Or, as I like to call it... Don't burn your SCUs (Security Compute Units) on wasteful queries.

New Blog Post! Use the Correct Copilot for the Task at Hand. Know when NOT to use Security #Copilot for your queries and prompts. #SecurityCopilot #DataProtection #M365Copilot #Purview

Microsoft Security Copilot and How it Relates to Data Protection Recently, I provided an overview of Security Copilot.  In that post, I discussed the 50,000-foot view of Security for Copilot, its origins, and some of its use cases.  Security for Copilot encompasses a pretty large area of focus in the Microsoft environment.  And to be honest, it isn't limited to just Microsoft products.  Already, there are dozens of integrations with other tools, such as CrowdSec, Darktrace, CheckPhish, and more. 

New Blog Post! Microsoft Security #Copilot and How it Relates to Data Protection. Discover how Security Copilot goes beyond infiltration attacks and helps security analysts focus on data protection in their organization. #SecurityCopilot

Copilot for Security – Your Copilot Query Wording Matters We all have seen it, and some of us are living through it, but every organization and many users are making use of AI systems in their day-to-day work.  Within Microsoft's security realm, we have Copilot for Security.  I previously provided some insights into how you can deploy and set up Copilot for testing (however, the same steps can be used for production as well). 

New Blog Post: Copilot for Security - Your Copilot Query Wording Matters
Discussion on how you word your prompts to #Copilot has an effect on the results. #CopilotForSecurity #DataProtection