David Drever | MVP | Data Protection & Compliance

Being a Microsoft MVP - David Drever July 2025 marks a decade since I was first awarded the Microsoft MVP designation.  I’ll be honest, 11 or 12 years ago, MVP wasn’t even on my radar, let alone […]

I drop a few names and thank a few people in it: daviddrever.com/2025/07/bein...

Yesterday, I was named a @microsoft.com MVP for the 10th year in a row. I felt this warranted a brief retrospective post. I wanted to explore what it meant to me to be an MVP, as well as my journey to achieving that designation. I ask that you check it out. #MVPBuzz

Off to Toronto to connect with colleagues, meetings, and some training. Looking forward to seeing in person those i normally only see on the screen.

What a week. Last minute, full-day workshop M365 Community Conference with Sarah Haase. Followed the next day with a packed room of 250+ people in my session. Then rush to airport for some awesome Protiviti employee training. Been an eventful week and happy to be going home.

Please join me at #M365Conf. There's a lot out there to take in for collaboration. I'd love to help you share and work together safely and efficiently. @m365con.bsky.social

Want to learn about the history of #M365CON — from its early days as the #SharePoint Conference?
Hear from Jeff Teper, @karuana.bsky.social, and Chris McNulty as they reflect on how it all started and why it still matters today.
bsky.app/profile/m365...

Heading home after a great week of meeting with Microsoft product teams, colleagues, and friends. It was a great trip, but I'm so ready to be getting home. #MVPBuzz

Advanced data loss prevention (DLP) strategies in Microsoft Puview Learn how to protect sensitive data with advanced data loss prevention (DLP) strategies in Microsoft Purview.

New Blog Post: "Implementing advanced data loss prevention (DLP) strategies in Microsoft Purview" covers considerations when moving beyond the "standard" DLP policies and digging into more complex configuration. #DataProtection #DLP #Purview @syskit.bsky.social www.syskit.com/blog/advance...

Off on my first leg to #MVPSummit. Looking forward to hear the great things coming, connecting with old friends, making new ones, and some great networking!

Compliance Unplugged – Episode #10 – How Insider Risk Management Integrates with Data Lifecycle Management Completing our Insider Risk Management discussion, Joanne and I are discussing how Insider Risk Management integrates with Data Lifecycle Management.  In this series, Joanne and I discuss how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Data Lifecycle Management. I invite you to take a look at the video on our YouTube channel: …

New Podcast: Compliance Unplugged - Episode #10 - How Insider Risk Management Integrates with Data Lifecycle Management

Compliance Unplugged – Episode #9 – How Insider Risk Management Integrates with Conditional Access Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Conditional Access. I invite you to take a look at the video on our YouTube channel: …

Compliance Unplugged – Episode #9 – How Insider Risk Management Integrates with Conditional Access

Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other…

Compliance Unplugged – Episode #8 – How Insider Risk Management Integrates with DLP Continuing our Insider Risk Management journey, Joanne and I are discussing how Insider Risk Management integrates with Conditional Access.  In this series, Joanne and I are discussing how other tools in Microsoft environment integrate together to provide a great security experience.  In this episode we cover IRM and Conditional Access. I invite you to take a look at the video on our YouTube channel: …

New Podcast Release: Compliance Unplugged - Episode #8 - How Insider Risk Management Integrates with DLP

Microsoft Purview Data Protection – Protecting Sensitive Data from Third-Party Apps Recently, I released a post concerning protecting data against third-party cloud storage.  This post is similar but focuses on applications installed on the workstation.  A common use case is blocking sensitive data from being accessible for applications like Dropbox.  The argument could be said that the organization could just block the application from being installed, or they could have a corporate version of the application and monitor through Defender for Cloud Apps (a post for another day). 

New Blog Post! Microsoft #Purview Data Protection - Protecting Sensitive Data from Third-Party Apps. Covers protecting your sensitive data from programs installed on workstations. #DataProtection #DLP

Microsoft Purview Data Protection – Configure the Restricted App Groups A common method for data to exit an organization's control is through third-party applications.  These applications can be cloud storage like Dropbox or Google Drive.  They can also be applications such as Grammarly with access to a cloud infrastructure.  To support the control of this, it is possible to create Data Loss Prevention (DLP) policies that monitor when data is accessed by these applications. 

New Blog Post! Microsoft #Purview Data Protection - Configure the Restricted App Groups. Learn how to support #DLP controls in Purview with Restricted App Groups #DataProtection

Microsoft Purview Data Protection – Configure the Sensitive Service Domain Groups A common method for data to exit an organization's control is through third-party cloud storage locations such as Dropbox or Google Drive.  To support the control of this, it is possible to create Data Loss Prevention (DLP) policies that monitor when data is moved to these locations.  The DLP policies can even block the content uploaded to these locations should the organization determine this is necessary to protect their environment. 

New blog post! #Microsoft #Purview Data Protection - Configure the Sensitive Service Domain Groups. Configure the sensitive service domain groups in Purview DLP to prepare for DLP policies that monitor or block 3rd party cloud storage

Microsoft Purview Data Protection – Protecting Sensitive Data from Third-Party Cloud Storage A common gap in data security is caused when users store content belonging to the organization in cloud storage not controlled by the company's IT infrastructure.  When this occurs, the content is potentially no longer under the control of the business and is at risk for misuse.  Whether this is a malicious act or an innocent one, the outcome is the same. 

New Blog Post! #Microsoft #Purview Data Protection - Protecting Sensitive Data from Third-Party Cloud Storage. Demonstrates how to protect sensitive information from being uploaded to 3rd party cloud storage #DataProtection

Compliance Unplugged – Episode #7 – How Microsoft Purview Information Protection Integrates with Insider Risk Management In Episode #6, Joanne and I introduced Insider Risk Management.  This was to coincide with the blog posts I wrote on the subject, and it worked out well because Joanne had just completed a webinar and conference session about it as well.  In this episode, we start our drive down into the various Purview features that work with Insider Risk Management. 

New Podcast!! Compliance Unplugged - Episode #7 - How Microsoft Purview Information Protection Integrates with Insider Risk Management

Microsoft Purview Records Management – Daisy Chaining Retention Labels Some time ago, Microsoft released a feature into Purview that provided a new "after retention" action to a retention label.  Microsoft called it "Automatically apply another retention label".  The Record Management community of Microsoft Purview immediately changed that and now fondly calls it "Daisy Chaining Retention Labels".  Microsoft still uses its boring explanation for it 😉 . Daisy-chaining is exactly as it sounds. 

New Blog Post - Microsoft #Purview Records Management - Daisy Chaining Retention Labels. Another use case to consider for use in what has become known as the Daisy Chain Labeling Process. #RecordsManagement #M365 #SharePoint

Use the Correct Copilot for the Task at Hand I have previously discussed that the wording of your query is very important in Security Copilot.  But another key item to be aware of is also which Copilot to use when.  You really want to use the correct Copilot for the task at hand.  Or, as I like to call it... Don't burn your SCUs (Security Compute Units) on wasteful queries.

New Blog Post! Use the Correct Copilot for the Task at Hand. Know when NOT to use Security #Copilot for your queries and prompts. #SecurityCopilot #DataProtection #M365Copilot #Purview

Microsoft Security Copilot and How it Relates to Data Protection Recently, I provided an overview of Security Copilot.  In that post, I discussed the 50,000-foot view of Security for Copilot, its origins, and some of its use cases.  Security for Copilot encompasses a pretty large area of focus in the Microsoft environment.  And to be honest, it isn't limited to just Microsoft products.  Already, there are dozens of integrations with other tools, such as CrowdSec, Darktrace, CheckPhish, and more. 

New Blog Post! Microsoft Security #Copilot and How it Relates to Data Protection. Discover how Security Copilot goes beyond infiltration attacks and helps security analysts focus on data protection in their organization. #SecurityCopilot

Copilot for Security – Your Copilot Query Wording Matters We all have seen it, and some of us are living through it, but every organization and many users are making use of AI systems in their day-to-day work.  Within Microsoft's security realm, we have Copilot for Security.  I previously provided some insights into how you can deploy and set up Copilot for testing (however, the same steps can be used for production as well). 

New Blog Post: Copilot for Security - Your Copilot Query Wording Matters
Discussion on how you word your prompts to #Copilot has an effect on the results. #CopilotForSecurity #DataProtection

Managing Copilot for Security Costs with Provisioning Previously, I provided the steps for monitoring the usage of Copilot for Security within your tenant.  This is important to ensure you are not over-deploying SCUs unnecessarily or under-deploying the SCUs based on the needs of your organization.  Now that we have established how to review the cost let's move on to controlling the cost.  In this post I'll demonstrate some methods for managing Copilot for Security costs with provisioning.

New Blog Post: Managing Copilot for Security Costs with Provisioning
Providing some tips for managing the cost of your Copilot for Security test environment #Copilot #CopilotForSecurity #DataProtection

Compliance Unplugged Episode 6 – David and Joanne Discuss Insider Risk Management A very important feature of Microsoft Purview and something that should be strongly considered for your Data Protection Program is Insider Risk Management.  Joanne Klein and I feel it's such an important part that we have made an entire series around it in Compliance Unplugged.  In episode six, Joanne and I introduce Insider Risk Management and give a highlight of the different features of Purview that integrate directly with IRM.

New Podcast! - Compliance Unplugged Episode 6 - David and Joanne Discuss Insider Risk Management

Monitoring Usage in Copilot for Security In a previous post, I provided the steps for deploying Copilot for Security to your test environment. Now that it is deployed, administrators must be able to monitor the usage of Capacity to ensure they are not exceeding their allotted budget. In this post, we'll get some insight into how you can monitor usage and review the cost to your organization.

New Blog Post: Monitoring Usage in Copilot for Security
In this post I provide a quick overview on how you can monitor your environments SCU usage. A very important process for any administrator with a finite budget. #Copilot #CopilotForSecurity #DataProtection

Copilot for Security – Deploying a Test Copilot for Security Environment I previously provided a brief overview of Copilot for Security.  I didn't dig too far into it because Microsoft provides a great deal of information about the features themselves.  Microsoft doesn't provide a great deal of information on how to deploy Copilot for Security in a manner that lets you test out the functionality before you deploy it to your organization. 

New Blog Post: Copilot for Security - Deploying a Test Copilot for Security Environment
I cover the basic steps and considerations for deploying Security for Copilot in a TestDev environment. #Copilot #CopilotForSecurity #DataProtection

An Overview of Copilot for Security Unless you've been living under a proverbial technology-blocking rock, you've heard about Microsoft Copilot or at least ChatGPT by now.  In essence, Copilot is designed to be an assistant (not a replacement) to users as they do their daily tasks.  It integrates with common tools they use and assists in creating content, analyzing content, searching for information, and much more.  It is not meant to replace workers but to enhance their deliverables and make things more efficient. 

New Blog Post! - An Overview of Copilot for Security
This is a the first post in a series of blogs I will be doing on Copilot for Security with a focus on Data Protection. #Copilot #CopilotForSecurity #DataProtection #Purview

Microsoft Purview Insider Risk Management – Escalating an Alert in Insider Risk Management In the previous Insider Risk Management (IRM) post, I covered the high-level steps and dashboards for reviewing alerts within IRM. In this post, we'll take things a bit further by escalating an alert in insider risk management and following the process that allows analysts to gather and save the information necessary to review the larger picture the IRM alert brings to their attention.

New Post! Moving beyond alerts.
Learn about escalating alerts to cases within Insider Risk Management.
Microsoft Purview Insider Risk Management - Escalating an Alert in Insider Risk Management

Microsoft Purview Insider Risk Management – Reviewing Alerts In Insider Risk Management In a previous post, I provided an overview of creating policies within Insider Risk Management (IRM).  Once those policies are created, the activities of the users within the organization will begin to generate alerts.  The alerts can be caused by accidental or benign activities, or they can be truly malicious in nature.  It will be up to the analysts and investigators to determine the intent if they choose, but whether the intent is malicious or not, the user may simply need to be educated on the proper management of the organization's data. 

New Post! An overview of alerts within Insider Risk Management and some tips on reviewing them.
Microsoft Purview Insider Risk Management - Reviewing Alerts In Insider Risk Management

Microsoft Purview Insider Risk Management – Creating a Data Leak Policy Although Microsoft Purview receives all kinds of signals from the various workloads within Microsoft 365, it doesn't know what to do with the signals until you tell it what to do.  This is the case with Microsoft Purview Information Protection  (MPIP), Data Loss Prevention (DLP), and Insider Risk Management (IRM).  The policy in IRM tells the system what it needs to watch for in order to generate an alert, but a unique component of IRM is the scoring capability. 

New Post! Your first policy within Purview's Insider Risk Management.
Microsoft Purview Insider Risk Management - Creating a Data Leak Policy

Microsoft Purview Insider Risk Management – Configuring Your Tenant for Insider Risk Management As discussed in the overview of Insider Risk Management, the feature can monitor and alert admins of their users performing actions that can place the organization at risk.  The information can come from many sources and focus on different areas of the organization's data storage.  This means it isn't just SharePoint or Microsoft Exchange.  In this post, I'll cover some common steps that should be taken when configuring your tenant for insider risk management to ensure the policies you create later can gather all the information necessary to provide excellent coverage when monitoring your environment.

New Post! Taking those first steps of enabling Insider Risk Management in your environment.
Microsoft Purview Insider Risk Management - Configuring Your Tenant for Insider Risk Management