By Vivian Ma

Protecting your business-critical data is of the utmost importance in today’s digital landscape. Within the last 12 months, 74% of organizations have had business data exposed during a data security incident, 65% saw operational data compromised, and 58% experienced personal data being made vulnerable [1]. However, protecting that data can seem like a daunting charter for many security teams. Between the boundless volumes of data created and transformed daily by modern organizations and the difficulty of scaling legacy data loss prevention (DLP) strategies, proper prevention, investigation, and remediation of data security incidents can be an uphill climb. Simultaneously, the breakneck adoption of Generative AI is not only an exponential multiplier of organizational data, but also a new frontier of risk that we must learn to secure. Now is the time for organizations to take a comprehensive approach to data security that supports the pace of work today and adapts as your business transforms for the future.  

Microsoft Purview Data Loss Prevention (Microsoft Purview DLP) provides a unified and cloud-native DLP that prevents sensitive data loss with minimal impact to business continuity. As part of our commitment to helping security teams build resilient and adaptable data security, we are excited to announce several new Microsoft Purview DLP capabilities that enable: 

1. Efficient investigation: Capabilities that empower admins to find, interpret, and act on key DLP incidents, including context-rich email alerts, support for custom email templates as policy actions, and new rich filters for DLP alerts in Microsoft Defender XDR.
2. Strengthened protection: Capabilities that aim to maximize both protection of sensitive data and employee productivity, including automatic pause and resume of user actions, improvements to device onboarding, and the addition of application allowlists.
3. Extended protection: Capabilities that protect your sensitive data across multiple workloads, including support for file type and file extension-based policy conditions and allowed domain groups for macOS.

Easier triage and investigation of DLP alerts

As the volume of data created, processed, and transmitted by modern business proliferates, so do the risks. In 2023, organizations experienced an average of 59 data security incidents over the previous 12 months [2]. With data security incidents growing more frequent and costly, it's critical to contain these incidents as quickly as they arise, mitigating downstream financial and infrastructural impact.  

One way Microsoft Purview DLP is streamlining investigations for admins is by enriching email alerts with more robust metadata. These email alerts will inform the admin when a policy has been violated and provide more actionable context and evidence, including severity level, user, policy details, device details, and more. This insight enables you to understand and take appropriate action on a potential incident as soon as it occurs — from both your inbox and the Microsoft Purview Portal. This capability is now in general availability. 

Figure 1: New context-rich email alerts for Microsoft Purview DLP admins.

Read the full post here: Maximize data protection & minimize business disruption with Microsoft Purview Data Loss Prevention