Forum Discussion
Purview DLP Override Email Notification for Admins
We know that our admins can go into the alerts in Purview and see if a user has chosen to override a DLP policy, but is there a way to set up email notification to individuals when a user clicks Over...
Hi,
It is possible to set up email notifications for administrators when a user overrides a DLP policy in Microsoft Purview.
To do this, go to the Microsoft Purview Compliance Center and select Data Loss Prevention (DLP) from the Solutions section on the left-hand side. In the DLP section, navigate to Alerts (or directly to Alert Policies). If there isn’t already an alert policy for DLP overrides, click + Create Alert Policy to define a new one.
In this step, name the alert policy (for example, "DLP Override Notifications") and set the category as Data Loss Prevention. Choose a severity level (e.g., High, Medium) depending on how critical the override action is for your organization, and define the users or groups to which the policy should apply. For the activity, specify that the alert should trigger when users override DLP policy tips, ensuring that the action is set to Override. In the Notification Recipients section, enter the email addresses of the individuals or groups (such as security admins) who should receive email alerts whenever a user overrides a DLP policy.
Next, configure the notification frequency, and for real-time alerts, select the "Notify immediately" option. After configuring all the details, save the alert policy. From this point on, whenever a user chooses to override a DLP block, the specified admins will receive an email notification with the event details.
Best Regards,
Ali Koc
It is possible to set up email notifications for administrators when a user overrides a DLP policy in Microsoft Purview.
To do this, go to the Microsoft Purview Compliance Center and select Data Loss Prevention (DLP) from the Solutions section on the left-hand side. In the DLP section, navigate to Alerts (or directly to Alert Policies). If there isn’t already an alert policy for DLP overrides, click + Create Alert Policy to define a new one.
In this step, name the alert policy (for example, "DLP Override Notifications") and set the category as Data Loss Prevention. Choose a severity level (e.g., High, Medium) depending on how critical the override action is for your organization, and define the users or groups to which the policy should apply. For the activity, specify that the alert should trigger when users override DLP policy tips, ensuring that the action is set to Override. In the Notification Recipients section, enter the email addresses of the individuals or groups (such as security admins) who should receive email alerts whenever a user overrides a DLP policy.
Next, configure the notification frequency, and for real-time alerts, select the "Notify immediately" option. After configuring all the details, save the alert policy. From this point on, whenever a user chooses to override a DLP block, the specified admins will receive an email notification with the event details.
Best Regards,
Ali Koc
This is answer is AI slop and false.
"specify that the alert should trigger when users override DLP policy tips" - this does not exist.