New DLP alerts management dashboard in Microsoft 365 compliance center

You will soon see a new Data loss prevention (DLP) alert management experience within the Microsoft 365 compliance center. The DLP alerts dashboard is currently in preview.

This message is associated with Microsoft 365 Roadmap ID 72206.

When this will happen

  • Standard release rollout begins mid-April and is expected to be complete by the end of April.

How this will affect your organization

The new DLP alerts dashboard experience makes it possible for admins to review, investigate, and manage DLP policy match events, related content, and associated metadata. Admins can also edit alert configuration options as a part of the DLP policy authoring experience. The dashboard shows alerts for DLP policies that are enforced on these workloads: Exchange, SharePoint, OneDrive, Teams, and Devices.​

To access the new DLP alerts dashboard, navigate to Data loss prevention in the Microsoft 365 compliance center, then select the Alerts tab.

Alerts dashboard with item selected
View image in new tab

After selecting View details for a selected event, you will see a new overview page for the alert (image 1 below).

After subsequently selecting the Events tab, you will see the following two new features (image 2 below).

  • Sensitive information types: View instances of sensitive content that violates the DLP policy. You will also be able to view up to 300 characters surrounding the detected sensitive content to provide contextual clarity. This information will be available within the following workloads:
    • Exchange (email body and attachments)
    • OneDrive
    • SharePoint
    • Teams
  • Source view: View, within the dashboard experience, the email or file that triggered the DLP alert. Source preview in the DLP alerts dashboard will be available for the following workloads:
    • Exchange (email body only)
    • OneDrive
    • SharePoint

Note: The DLP alerts management dashboard will surface policy alerts for all DLP solutions that your tenant has configured, based on your license eligibility. For example, if you have configured Endpoint DLP or Teams DLP policies, those policy alerts will also appear within the DLP alerts management dashboard.

What you need to do to prepare

Before anyone can access Source view and Sensitive information types, you must assign users to the Content Explorer Content Viewer role group; it is not accessible by default. This role group pre-assigns the role Data Classification Content Viewer.

Learn more

1. After you select View details for an event on the Overview tab, you will see the status of matched sensitive content and the Manage alert pane.
Matched sensitive content in Overview tab
View image in new tab

2. From the Events tab view: after you select an event, the flyover pane provides access to Source view, Details, Sensitive info types, and Metadata.

Matched sensitive content in Events tab
View image in new tab

Message ID: MC249618

No comments yet

Leave a Reply

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: