Microsoft Purview | Data Loss Prevention: Decoupling policy tips and email notifications for SharePoint and OneDrive

Originally posted by Microsoft May 8, 2024 Uncategorized 0 Comments

Microsoft Purview | Data Loss Prevention will soon allow separate configuration of policy tips and user email notifications for SharePoint and OneDrive, aligning with Microsoft Exchange behavior. Admins can enable either or both features, or neither. Rollout begins mid-May 2024 for Public Preview and mid-June 2024 for General Availability. Configuration can be done via PowerShell or DLP settings post-rollout.

Coming soon to Microsoft Purview | Data Loss Prevention: When an admin wants to enable user email notifications, policy tips also need to be enabled and vice versa. After this rollout, notifications and policy tips will be decoupled, and admins can configure the following rules to enable:

  1. Only a user email notification
  2. Only a policy tip
  3. A user email notification and a policy tip
  4. No policy tips or user email notifications

After this rollout, policy tips and user email notifications will align with the behavior currently available with Microsoft Exchange.

This message is associated with Microsoft 365 Roadmap ID 394279.

When this will happen:

Public Preview: We will begin rolling out mid-May 2024 and expect to complete by late May 2024.

General Availability Worldwide: We will begin rolling out mid-June 2024 and expect to complete by late June 2024.

How this will affect your organization:

After rollout, to configure policy tips and user email notifications, you can use PowerShell or Purview | Data Loss Prevention.

In PowerShell

After rollout, use the new parameter called -NotifyUserType with the cmdlets New-DlpComplianceRule and Set-DlpComplianceRule.

Use New-DlpComplianceRule to create a new rule. Use Set-DlpComplianceRule to update an existing rule.

  • Default value: NotSet
  • To enable a policy tip: PolicyTip
  • To enable a user email notification: Email
  • To enable a user email notification and a policy tip: Email,PolicyTip

Example 1: New-DlpComplianceRule -Name "PT rule" -Policy "Policy Name" -ContentContainsSensitiveInformation @{Name="India Unique Identification (Aadhaar) Number"} -NotifyUserType PolicyTip -NotifyUser SiteAdmin,LastModifier,Owner

Example 2: Set-DlpComplianceRule -Identity "Rule Name" -NotifyUserType Email

To check that the value is set correctly, check the following and check the parameter value for NotifyUserType:

Get-DlpComplianceRule -Identity "Rule Name" | fl

In Data Loss Prevention (DLP)

Before rollout:

admin settings
View image in new tab

After rollout:

admin settings
View image in new tab

DLP examples

Rule 1: Configured to only trigger a user email notification:

admin settings
View image in new tab

Rule 2: Configured to only trigger a policy tip:

admin settings
View image in new tab

Rule 3: Configured to trigger a user email notification and a policy tip:

admin settings
View image in new tab

admin settings
View image in new tab

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to update any relevant documentation as appropriate.

Message ID: MC791114

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: