Erica Toelle

Want to learn more about Microsoft Purview Data Lifecycle and Records Management? Check out our new Ninja Training, listing all the resources available from Microsoft! aka.ms/DLM/NinjaTrain…

@Aeroplan I am still getting a message that the @aeroplan call center is closed and to call back between 7am and midnight eastern. It is 1PM eastern now. This has been happening for days and no one will help me, not even the social media people.

@Aeroplan I need to make a flight change that I can't do online. The recording says the call center is open from 7am - midnight est but I get the recording even during those hours. Happened just now. I've been trying for days. Help!

Do you have questions about safeguarding your data, to reduce risk and complexity in the era of AI? The Microsoft Purview team is ready for your questions and feedback. @MSFT_Purview @MSFTSecurity 🗓️ Wed, Jan. 8, 9 - 10 AM PST. Join in the live #AMA techcommunity.microsoft.com/event/security…

Today, we’re pleased to introduce new product capabilities aimed at enhancing the security, safety, and privacy of AI systems. We remain dedicated to empowering our customers to create and deploy trustworthy AI solutions. msft.it/6000mjLSC

Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated. This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses. The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines". The 2024 version is 800-63-4. Here: pages.nist.gov/800-63-4/ The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org. The previous update was in2020. The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead: 1. After a breach/compromise 2. User request 2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords. This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this. Most frameworks, however, have moved away from arbitrary password resets and complexity rules. **We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them. Using complexity rules gets you the user psychology of: Password1 Password2 and so on Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies. I'm so excited for the new changes! Ok I'm off my soapbox. Share the love! Thank you!

I'm curious - has anyone used one of the Power Automate or Power Platform connectors to accomplish a compliance or regulatory requirement? I'm trying to find some examples of using multi-cloud (non-M365) data via Power Platform + Microsoft Purview together. Thank you!

@PeacockTVCare Thank you!! Please tag it to appear on the gymnastics page. Appreciate the reply!

@EricaToelle Hi Erica! Thanks for reaching out! The Women's Gymnastics Vault Final Replay is on Peacock at this time! You can search for it by going into the search bar and typing "Finals: W Vault, M Floor & Pommel." We hope this helps! 🦚

@peacock, you've been doing fantastic with the Olympics coverage, but where is the replay of the women's gymnastics Vault final? I didn't wake up at 6 am to watch it because I trusted you ☹️

@_alikim_xoxo @peacock Thank you so much ❤️❤️❤️

@EricaToelle @peacock Type M&W Apparatus Finals in the search bar, that’s how I found it. It’s not up on the Gymnastics page yet for some reason.

@JoanneCKlein Hmmm. Definitely email Rahul about this (pls cc me). I'm also happy to help when I'm back from medical leave. We need to ensure this is a great experience for our records managers. Thank you so much for bringing it up!

@EricaToelle Will be important to advise customers to ensure they have Azure billing set up for the (now required) Archive storage. Current limitation for disposition reviews for items in Archive where they can't be displayed and the URL link to the item won't work may be an issue.

Getting clarification on whether retention policies, retention labels, eDiscovery holds in effect on unlicensed accounts will fall under this as well.

@zaab_it @JoanneCKlein What about it? Do you have a question?

@EricaToelle @JoanneCKlein And what about the licensing compliance then? 🤔😁

@JoanneCKlein Yes, all the data under the retention policy/legal hold will be kept for the duration of the policy/hold and be accessible via eDiscovery search per usual.

@EricaToelle I mean if a user's OD has a retention policy/label/hold applied and they depart the org (acct deleted), will their OD be archived for the remainder of the retention/hold (after 90 days)? If Purview doesn't do license checks, it sounds like it will be archived. Is this right?

Sure, your company data is an asset - but it's also a liability! @JoanneCKlein talks on RunAsRadio at runasradio.com/Shows/Show/942 about the role of Microsoft Purview in helping with the governance of company data - mitigating risk while also taking advantage of its value!

Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language. Since I am a professional C++ programmer, let me decode this stack trace dump for you.

New @tekkigurus "Guardians of #M365 #Governance" about #Purview Records Management with @EricaToelle, @buckleyplanet and me. Tune in here: ragnarheil.de/the-ins-and-ou… #GOM365Gov

🌟 Explore the power of Microsoft Purview with @buckleyplanet, @ragnarh, & @EricaToelle on TODAY'S Guardians of M365 Governance live stream at 8am Pacific! Learn how to manage your content's lifecycle from creation to retirement effectively.✨ #GoM365gov tekkigurus.com/guardians-of-m…

Guardians of M365 Governance, Ep.6: The Ins and Outs of Data Governance with Purview tekkigurus.com/guardians-of-m… Join the live stream w/ Ragnar Heil (@ragnarh) & Christian Buckley (@buckleyplanet) + guest Erica Toelle (@EricaToelle) on June 19th at 8am Pacific

@JoanneCKlein @IRMSConference You are amazing 💗

Mission accomplished! It was a couple of firsts for me and I was so scared to do it. I somehow worked thru the nerves and pushed forward. Thank you to the @IRMSConference and IM Tech Summit teams for 2 great back-to-back events! Grateful beyond words. 🙏😊☑️

@dougsbaker Not yet. Coming soon but we aren't quite ready to post timelines on the public roadmap.

@EricaToelle in my Team's chat policies, is there a way to target copilot interactions for their own specific retention? I guess I also have the same question for Cloud attachment retention as well. Trying to think through better management of copilot history.