Customers rely on Microsoft Data Loss Prevention(DLP) to enforce policies that identify and prevent risky or inappropriate sharing, transfer or use of sensitive information across cloud, on-premise and endpoints. Alerts, which can be configured as a part of the DLP policy authoring experience are an effective tool for customers to get notified whenever a DLP policy is violated.
Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across :
Advance alert configuration options are available in the existing DLP policy configuration flow. These provide eligible DLP customers with the ability to tailor how they organize DLP policy alerts along with exhaustive information that they need to investigate and address DLP policy violations quickly. Historical workflow information for alerts is available in the Management log.
The alerts dashboard provides a list view of all DLP alerts and clicking on an alert will display the relevant details.
Figure 1 : Data Loss Prevention Alerts Dashboard
Clicking on ‘View Details’ will display the alert page with exhaustive information associated with the DLP policy violation, ability to change alert status (Active, Investigating, Dismissed or Resolved), include additional comments and define workflow actions such as assigning alerts to individuals for follow up.
Figure 2 : Alert details with manage alert options
Clicking on the ‘Events’ tab will display the actual user activity along with details including :
This feature is available only for licenses in the following subscriptions :
- Microsoft 365 (E5)
- Office 365 (E5)
- Advanced Compliance (E5) add-on
- Microsoft 365 E5/A5 Info Protection & Governance
- Microsoft 365 E5/A5 Compliance
For both features : Source View and Matched sensitive terms and context, the role group “Content Explorer Content Viewer” should be assigned. This role group has the role “data classification content viewer” pre-assigned.
Figure 3 : Exhaustive metadata for each user event
Figure 4 : View the content of the email(body) or file
Figure 5 : View matched sensitive terms and surrounding characters
Microsoft’s DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started today.
Additional resources:
Thank you,
The Microsoft Information Protection Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.