Data Loss Prevention – Admin Units support for DLP alerts in Microsoft 365 Defender portal

Originally posted by Microsoft Nov 14, 2023 Uncategorized 0 Comments

We’re recently released a new GA capability that enables admins to delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC) via Azure Active Directory Administrative Units. For example, German Admin Unit investigators would be able to investigate alerts and audit events for only German users.

With the GA rollout of this new feature, we are extending the Admin Units capability currently available in Microsoft Purview Information Protection and Data Loss Prevention (DLP) to DLP alerts in the Microsoft 365 Defender portal.

This message is associated with Microsoft 365 Roadmap ID 162292

When this will happen:

Rollout will begin in mid-November and is expected to be complete by end of November. 

How this will affect your organization:

If you choose to not use this Admin Units feature, there is no impact to your organization. If your organization requires delegations of tasks based on users in specific regions or organization units, please follow the steps to set up this capability:

1. Set up Administrative Units (AU) in Azure Portal

2. Ring-fence Purview Admin Permissions to Administrative Unit scopes

3. Create and manage Admin Unit scoped MIP/DLP policies

4. Investigate user scoped DLP Alerts, Incidents, and Logs in Purview and/or M365 Defender

5. Investigate user scoped Activities and events in Activity Explorer in Purview and/or Advanced Hunting in M365 Defender

View image in new tab

What you need to do to prepare:

Get started with Information Protection and Data Loss Prevention in the Microsoft Purview compliance portal 

and Investigate data loss alerts with Microsoft 365 Defender | Microsoft Learn 

Learn more: Permissions in the Microsoft Purview compliance portal

Message ID: MC689499