New DLP alerts management dashboard in Microsoft 365 compliance center
You will soon see a new Data loss prevention (DLP) alert management experience within the Microsoft 365 compliance center. The DLP alerts dashboard is currently in preview.
This message is associated with Microsoft 365 Roadmap ID 72206.
When this will happen
- Standard release rollout begins mid-April and is expected to be complete by the end of April.
How this will affect your organization
The new DLP alerts dashboard experience makes it possible for admins to review, investigate, and manage DLP policy match events, related content, and associated metadata. Admins can also edit alert configuration options as a part of the DLP policy authoring experience. The dashboard shows alerts for DLP policies that are enforced on these workloads: Exchange, SharePoint, OneDrive, Teams, and Devices.​
To access the new DLP alerts dashboard, navigate to Data loss prevention in the Microsoft 365 compliance center, then select the Alerts tab.
After selecting View details for a selected event, you will see a new overview page for the alert (image 1 below).
After subsequently selecting the Events tab, you will see the following two new features (image 2 below).
- Sensitive information types: View instances of sensitive content that violates the DLP policy. You will also be able to view up to 300 characters surrounding the detected sensitive content to provide contextual clarity. This information will be available within the following workloads:
- Exchange (email body and attachments)
- Source view: View, within the dashboard experience, the email or file that triggered the DLP alert. Source preview in the DLP alerts dashboard will be available for the following workloads:
- Exchange (email body only)
Note: The DLP alerts management dashboard will surface policy alerts for all DLP solutions that your tenant has configured, based on your license eligibility. For example, if you have configured Endpoint DLP or Teams DLP policies, those policy alerts will also appear within the DLP alerts management dashboard.
What you need to do to prepare
Before anyone can access Source view and Sensitive information types, you must assign users to the Content Explorer Content Viewer role group; it is not accessible by default. This role group pre-assigns the role Data Classification Content Viewer.
- Configure and view alerts for DLP polices (preview)
- Review licensing requirements for data loss prevention solutions in Microsoft 365.
1. After you select View details for an event on the Overview tab, you will see the status of matched sensitive content and the Manage alert pane.
2. From the Events tab view: after you select an event, the flyover pane provides access to Source view, Details, Sensitive info types, and Metadata.
Message ID: MC249618