Forum Discussion
Incorrect alert information for DLP incidents being displayed
HaraldRau Thanks Harald, this is exactly what we are experiencing but with and/or statements. Yours is only with a single classifier?? thats crazy. Hopefully this can be resolved sooner than later.
When did you start seeing this? we have been seeing this issue since June
Paul_Doucette The issue started on May 14th. Microsoft had reported an issue in the health portal with ID MP793009:
Affected services: Purview - Description: The impacted activities are Microsoft Entra group administration activities and user administration activities including, but not limited to, the following, Audit log searches, Data gathered from the Audit Management API, Audit based alerts, ...
It was reported to be fixed on May 16th:
We've fully reverted the offending service update and we're moving to begin replaying the affected data to remediate the residual impact.
However, the information which SIT/TC actually triggered an DLP rule match event has been either missing or incomplete ever since.