Microsoft Purview compliance portal: Data Loss Prevention – Matched items in audit logs

Originally posted by Microsoft Aug 23, 2023 Uncategorized 0 Comments

Coming soon to general availability is Microsoft Purview Data Loss Prevention (DLP) capability that will show you the exact cause of a flagged DLP policy violation. We’ve extended our support to show matched conditions across workloads (Exchange, Teams, SharePoint, OneDrive, Endpoint), rules, and conditions.

This message is associated with Microsoft 365 Roadmap ID 117488

When this will happen:

Standard Release: Rollout will begin in mid-August and is expected to be complete by late August.

How this will affect your organization:

When a DLP rule match occurs, the configured action for that rule (e.g., Block, Audit) is enforced. 

  • To view this event in the Alerts dashboard, click on the Events tab and select the entry you want to investigate. Click on Details to view the exact condition and its corresponding matched value.

view dashboardView image in new tab

  • You can also view this information in Activity Explorer. Click on DLP rule matched event to investigate. Scroll to the bottom of the panel to find Other conditions matched, which will show you the condition and respective matched value. 

View image in new tab

What you need to do to prepare:

Verify that auditing is enabled for your tenant and turn on advanced classification for Endpoint DLP. Refer to advanced classification scanning and protection

Message ID: MC669739

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: