Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

contextual summary in DLP alerts

Brass Contributor

Hello All,


Please let me know is there any possibility of getting contextual summary apart from incident reports in DLP for exchange workload.


I am able to see the contextual summary in incident reports, However, would like to know is there any other option where we can see Contextual summary, including matched sensitive content and surrounding characters. DLP alerts does not have details.







2 Replies
best response confirmed by Afsar_Shariff (Brass Contributor)

Hi, @Afsar_Shariff 


You can also get the contextual summary through Activity Explorer in the Microsoft Purview Admin Portal. To simplify your search in Activity Explorer, there are plenty of filter options available.


For instance, if I wanted to see more data about activity that matches DLP Rules, I can filter activity explorer to look only for DLP rule matches:




Then in my list, I notice an activity for Exchange that is listed as matching based on the message body:





Once I click on the activity, on the details page that appears, many details appear, including what matched the rule and what sensitive info types were involved. If I click on those sensitive info types, a detailed summary appears.







Now, when you perform your investigations, if you select the alert in the Purview portal and select the "View details" option, on the new page when you select "Events", you will see the option to select "Classifiers" which will give you an overview of the sensitive info types, a contextual summary, and trainable classifiers in the matching file/email.






Hope this helps!



Thank you