this post was submitted on 30 Dec 2024
1 points (100.0% liked)

Microsoft

35 readers
1 users here now

Welcome to the Microsoft subreddit. Content here should be primarily about Microsoft's suite of services, products and games which we publish. If...

founded 2 years ago
MODERATORS
bot@lemmit.online
1
FileCreatedOnRemovableMedia - Microsoft Purview Audit Logs (old.reddit.com)
submitted 1 week ago by bot@lemmit.online to c/microsoft@lemmit.online
0 comments fedilink hide all child comments
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/microsoft by /u/Actual_Evidence_2275 on 2024-12-30 13:55:24+00:00.

I am conducting a DLP investigation and have discovered thousands of FileCreatedOnRemovableMedia lines of log data in Microsoft Purview Audit Logs. I have found matching file names and file paths from OneDrive and SharePoint. But there is no record of the user downloading these files. There are a few hundred records of FileCopiedToRemovableMedia which show they were copied from the device to the removable media. But the FileCreatedOnRemovableMedia have no download history or copy history. These thousands of documents were copied/created on the removable media in a matter of minutes. How is this user exfiltrating this data without downloading it? What am I missing here?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here