Microsoft Purview: Data Loss Prevention-User based alert aggregation

Originally posted by Microsoft Dec 10, 2025 Uncategorized 0 Comments

User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.

Product
Release phase General Availability
Release date February CY2026
Platform Web
Cloud Instance GCC, GCC High, DoD
Created 2025-12-10 00:15:49Z
Roadmap ID 537276
Roadmap Link https://www.microsoft.com/microsoft-365/roadmap?id=537276

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

Trending Posts

%d bloggers like this: