Microsoft Purview compliance portal: Data Loss Prevention – Matched items in audit logs

Coming soon to general availability is Microsoft Purview Data Loss Prevention (DLP) capability that will show you the exact cause of a flagged DLP policy violation. We’ve extended our support to show matched conditions across workloads (Exchange, Teams, SharePoint, OneDrive, Endpoint), rules, and conditions.

This message is associated with Microsoft 365 Roadmap ID 117488

[When this will happen:]

Standard Release: Rollout will begin in mid-August and is expected to be complete by late August.

[How this will affect your organization:]

When a DLP rule match occurs, the configured action for that rule (e.g., Block, Audit) is enforced. 

  • To view this event in the Alerts dashboard, click on the Events tab and select the entry you want to investigate. Click on Details to view the exact condition and its corresponding matched value.

view dashboard

  • You can also view this information in Activity Explorer. Click on DLP rule matched event to investigate. Scroll to the bottom of the panel to find Other conditions matched, which will show you the condition and respective matched value. 

[What you need to do to prepare:]

Verify that auditing is enabled for your tenant and turn on advanced classification for Endpoint DLP. Refer to advanced classification scanning and protection

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *