SOLVED

DLP Alerts

Contributor

Hi Has anyone noticed or aware of a backend change, that has altered the behaviour of 365 Defender behaviour towards DLP policy breaches?  We use DLP and whilst alerts will trigger, only rarely was it triggered all the way through to Sentinel.  Now we've got Sentinel going bananas over incidents which it didn't seem to care about before.  I figure either "someone" has altered a setting or there's an infrastructure change.  There were changes in the interface last week as we had "Take a tour, see what's new" dialogue.  Obvs, I've asked the right people internally if anyone has made any changes (which resulted in a resounding "NO!".

Somethings' changed somewhere....

2 Replies
best response confirmed by CodnChips (Contributor)
Solution
I believe in February they did an update to the connector and more alerts flow now.
https://docs.microsoft.com/en-us/azure/sentinel/whats-new?msclkid=e345823ed06a11ec9f46c9fdfec6cf1e#v...
Hey Doug, thanks for your response. Yes, we had it followed up with MS and the connector now spews EVERYTHING!!! Apparently it's an "all or nothing"