Share via

Unable to use processContent and compute to use with my Entra Registered App, it always gives evaluateOffline

sarath business1 0 Reputation points
2026-04-06T16:33:54.09+00:00

In purview, I have set of policies in DLP, where I have registered to block the US SSN in the text contents and I have created different policies in all of them

I have selected the available locations:

  1. Exchange email - All accounts
  2. SharePoint sites
  3. OneDrive accounts - All accounts
  4. Teams chat and channel messages - All accounts
  5. Devices - All accounts
  6. Microsoft Defender for Cloud Apps
  7. On-premises repositories

And selected action as block all, in all of them for the rule and enabled the rule (not in simulation mode)

Now, I have the app registered in Entra and I try to use the following API's

  1. https://learn.microsoft.com/en-us/graph/api/userprotectionscopecontainer-compute?view=graph-rest-1.0
  2. https://learn.microsoft.com/en-us/graph/api/userdatasecurityandgovernance-processcontent?view=graph-rest-1.0&tabs=http

But whenever I use the compute api I can see i'm only getting

curl -X POST https://graph.microsoft.com/v1.0/users/5fd51e08-c5f1-4298-b79b-a357eaa414ff/dataSecurityAndGovernance/protectionScopes/compute\
    -H 'Authorization: Bearer <ACCESS_TOKEN>'\
    -H 'Content-Type: application/json' -d '{
    "activities": "uploadText,downloadText"
}'



{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.policyUserScope)",
    "value": [
        {
            "activities": "uploadText,downloadText",
            "executionMode": "evaluateOffline",
            "locations": [
                {
                    "@odata.type": "#microsoft.graph.policyLocationApplication",
                    "value": "b48106d9-1cdb-4d90-9485-fe2b6ee78acf"
                }
            ],
            "policyActions": []
        }
    ]
}

I don't know why it always gives 'evaluteOffline' and policyActions is always empty array

Also, I can see my Entra registered app is showing up here in the value of the locations

And when I use the processContent api , I always get modified in the response and nothing else like below:

curl -XPOST https://graph.microsoft.com/v1.0/users/5fd51e08-c5f1-4298-b79b-a357eaa414ff/dataSecurityAndGovernance/processContent \
    -H 'Authorization: <ACCESS TOKEN>'\
    -H 'Content-Type: application/json' -d '{
  "contentToProcess": {
    "contentEntries": [
      {
        "@odata.type": "microsoft.graph.processConversationMetadata",
        "identifier": "07785517-9081-4fe7-a9dc-85bcdf5e9075",
        "content": {
          "@odata.type": "microsoft.graph.textContent",
          "data": "Please process this application for John VSmith, his SSN is 121-98-1437 and credit card number is 4532667785213500"
        },
        "name": "Postman message",
        "correlationId": "d63eafd2-e3a9-4c1a-b726-a2e9b9d9580d",
        "sequenceNumber": 0,
        "isTruncated": false,
        "createdDateTime": "2026-04-06T00:23:20",
        "modifiedDateTime": "2026-04-06T00:23:20"
      }
    ],
    "activityMetadata": {
      "activity": "uploadText"
    },
    "deviceMetadata": {
      "operatingSystemSpecifications": {
        "operatingSystemPlatform": "Windows 11",
        "operatingSystemVersion": "10.0.26100.0"
      },
      "ipAddress": "127.0.0.1"
    },
    "protectedAppMetadata": {
      "name": "Postman",
      "version": "1.0",
      "applicationLocation": {
        "@odata.type": "microsoft.graph.policyLocationApplication",
        "value": "b48106d9-1cdb-4d90-9485-fe2b6ee78acf"
      }
    },
    "integratedAppMetadata": {
      "name": "Postman",
      "version": "1.0"
    }
  }
}'

In the above request I have mentioned some sample US Security SSN, but the response I get is


{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.processContentResponse",
    "protectionScopeState": "notModified",
    "policyActions": [],
    "processingErrors": []
}

But Ideally I want to see whether I can get the content is valid or not, for example in the above request, it has SSN, so ideally I should get restrictAction or something right?

Or is that evaluateInline is not available or something?

Please tell me what I'm missing

Microsoft Security | Microsoft Purview
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. sarath business1 0 Reputation points
    2026-04-07T08:53:02.3233333+00:00

    Thanks for the reply @Manoj Kumar Boyini But when you said this,

    To enable DLP enforcement (for example, detecting or restricting SSN content), you need to configure a Microsoft Purview policy that explicitly targets your Entra-registered application using the supported app/AI integration model. Once such a policy is in place, the APIs can return enforcement actions when matching content is detected.

    I was not able to do this in purview actually. I'm not seeing that option at all

    Whenever I choose to create a Policy in DLP , I got two options
    Screenshot 2026-04-07 at 2.11.49 PM

    And Lets say I choose Enterprise applications & devices, what happens is in the Locations, I'm seeing only these as the options

    Screenshot 2026-04-07 at 2.11.17 PM

    Screenshot 2026-04-07 at 2.11.24 PM

    If I choose the "Inline Traffic", i'm seeing only these options

    Screenshot 2026-04-07 at 2.09.56 PM

    In Unmanaged, I'm seeing the followingScreenshot 2026-04-07 at 2.17.08 PM

    And in the Enforcement Options, I have the following :
    Screenshot 2026-04-07 at 2.10.07 PM

    And in the "Advanced DLP rules" I'm seeing only these

    Screenshot 2026-04-07 at 2.10.20 PM

    Screenshot 2026-04-07 at 2.10.32 PM

    Screenshot 2026-04-07 at 2.10.41 PM

    So, can you tell me the exact steps in the Purview suite, I couldn't where to mention the Entra registered App, I searched and I couldn't find one

    But in the compute endpoint, https://learn.microsoft.com/en-us/graph/api/userprotectionscopecontainer-compute?view=graph-rest-1.0

    I'm getting my app but only with "evaluateOffline" and with that ETag, If I use the processContent Api, its not giving anything except as I mentioned above in the post

    So, please help me with exact steps, its unclear, the links are not helping or let me know If I should get on a call with you guys

    0 comments
  2. Manoj Kumar Boyini 11,355 Reputation points Microsoft External Staff Moderator
    2026-04-06T22:20:11.98+00:00

    Hi sarath business1

    The behavior you are seeing is due to policy scope mismatch between Microsoft Purview DLP and your Entra-registered application. Your DLP policies are currently configured for Microsoft 365 workloads such as Exchange, SharePoint, OneDrive, Teams, and Devices. These policies are enforced only within those workloads and are not automatically applied to content sent through Microsoft Graph APIs like compute and processContent from a custom or Entra-registered app.

    Because no Purview DLP policy is targeting your application, the Graph APIs do not find any applicable rules during evaluation. As a result, the response consistently shows executionMode: "evaluateOffline", policyActions: [], and protectionScopeState: "notModified" even when the content includes sensitive information like SSNs. This does not indicate a failure in detection; it indicates that no applicable policy is evaluating your app’s content.

    The compute API determines which protection scopes and execution modes apply, but it does not enforce DLP actions. The processContent API evaluates content against applicable policies and returns actions such as restrictAccess only when a matching policy exists for the application. In your current setup, since the policies are not scoped to your Entra app, no enforcement is triggered.

    To enable DLP enforcement (for example, detecting or restricting SSN content), you need to configure a Microsoft Purview policy that explicitly targets your Entra-registered application using the supported app/AI integration model. Once such a policy is in place, the APIs can return enforcement actions when matching content is detected.

    Helpful References:
    https://learn.microsoft.com/en-us/purview/ai-entra-registered
    https://learn.microsoft.com/en-us/graph/api/userprotectionscopecontainer-compute?view=graph-rest-1.0
    https://learn.microsoft.com/en-us/graph/api/userdatasecurityandgovernance-processcontent?view=graph-rest-1.0&tabs=http
    https://learn.microsoft.com/en-us/purview/developer/use-the-api
    https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp

    Hope this helps. Please let us know if you have any questions or concerns. If this solves your issue, kindly click “Accept Answer” so it can help others in the community.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.