Free Consultancy

Microsoft Purview Data Loss Prevention: Incident management in Microsoft 365 Defender portal (GA)

  • Home |
  • Microsoft Purview Data Loss Prevention: Incident management in Microsoft 365 Defender portal (GA)
Microsoft 365 Curtain Reveal Tech Bulletin Header

Microsoft 365 Suite, Microsoft 365 Experts

From Microsoft Corporation
Technical Bulletin MC424903 · Published Sep 2, 2022

Message Summary

Currently available in public preview (MC387638), we’re rolling out a new unified incident management experience for Microsoft Purview Data Loss Prevention (DLP) in the Microsoft 365 Defender portal along with native integration with Microsoft Sentinel through the Microsoft 365 Defender connector in Sentinel.

This message is associated with Microsoft 365 Roadmap ID 93322.

When this will happen:

Rollout will begin in mid-September and is expected to be complete by mid-October. 

How this will affect your organization:

This feature delivers a new and comprehensive DLP investigation experience that is native to the Microsoft 365 Defender portal and provides a singular view for incident management. Admins can also import all DLP incidents, alerts, and underlying audit activities into Sentinel to extend correlation, detection, and investigation across additional Microsoft and non-Microsoft data sources and extend automated orchestration flows using native SOAR capabilities. Features coming soon to general availability:

  • View all your DLP alerts grouped under incidents in the Microsoft 365 Defender incident queue
  • View intelligent inter-solution (DLP-Microsoft Defender for Endpoint, DLP-Microsoft Defender for Office 365) and intra-solution (DLP-DLP) correlated alerts under a single incident 
  • Hunt for compliance logs along with security under Advanced Hunting 
  • In-place admin remediation actions on user (i.e., mark as compromised, require sign-in), file (i.e., apply sensitivity label, retention label, unshare), and device 
  • Associate custom tags to DLP incidents and filter by them 
  • Filter unified incident queue by DLP policy name, tag, date, service source, incident status, or user 
  • Leverage the Microsoft 365 Defender connector in Sentinel to pull DLP incidents into Sentinel for investigation and remediation 

Please note that the DLP alerts dashboard in the Microsoft Purview compliance portal will continue to work as expected.

What you need to do to prepare:

To import DLP alerts into Microsoft 365 Defender:

  1. Ensure that you have turned on alerts for all your DLP policies in the Microsoft Purview compliance portal, then navigate to Microsoft 365 Defender portal and click on Incidents in the left navigation menu or go directly to Incident Queue.
  2. Click on Filters on top right and choose Service Source: Data Loss Prevention to view all incidents with DLP alerts and take desired actions to investigate or remediate alerts. 


View image in new tab

To import DLP alerts into Sentinel:

  1. Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable CloudAppEvents event connector to pull all Office 365 audit logs into Sentinel. 
  2. You can see your DLP incidents in Sentinel once the connector is setup. 


View image in new tab

Learn more: Learn about data loss prevention

Additional information

Tags:

Recent Posts

Recent Comments

No comments to show.

Archives

Categories

Recent Posts

Microsoft 365 Curtain Reveal Tech Bulletin Header
New Outlook for Windows: Auto-reading emails with Microsoft Windows Narrator
October 14, 2024
Microsoft 365 Curtain Reveal Tech Bulletin Header
(Updated) Microsoft Purview: Minor encrypted message portal design updates, URL to remain the same
October 14, 2024
Microsoft Exchange Curtain Reveal Tech Bulletin Header
(Updated) Microsoft Defender for Office 365: Tenant Allow/Block List will support IPv6 allow and block entries
October 14, 2024

Archives

Testimonials

Client Feedback

Our greatest reward is satisfaction from a job well done. If you have worked with QuixTec, LLC, we’d love to hear from you about your experience.

Richard is an excellent project manager and educator and has been invaluable as we learn to navigate owning and operating our own business. He helped us to build a beautiful, properly functioning website while keeping costs manageable, alerting us to avoidable pitfalls, and keeping us on task to push through the more difficult phases of branding, site speed, SEO, and many other issues we never could have figured out if not for his guidance. Richard is honest, communicative, detail-oriented, and quick to respond to questions and offer suggestions to improve site performance and enhance our messaging. We have recommended him and his company to others and will continue to do so with enthusiasm. He truly wants the best outcome for his clients and puts in the work to make it happen while being mindful of budget and value-add opportunities. We are grateful for his knowledge, his patience, and the team he has put together. There is no-one we would rather have guiding our tech processes!

Darien Grove Co-owner PTNW

"Richard’s www.quixtec.com team is awesome. I highly recommend anyone trying to grow their marketing and sales efforts (in a way that is budget friendly yet massively efficient) Originally I looked into Constant Contact, Mailchimp type services but quickly found that they nickel and dime you for email campaigns, charge thousands for marketing automation features and at the end of the day you have no ownership of the toolset. QuixTec was quite efficient at setting up my cloud toolset. Richard personally helped me daily and allowed me to drive when possible as this helps me learn long term. Getting the first email template built was a breeze with their hands-on guidance. They walked me through every step of building and kicking off our first automated campaign. Within 1-2 days I was seeing site visits and contact form submissions leading to immediate sales. I now own a very extensive toolkit in emailing and market automation and I know how to use it."

Eric Larson Founder, Actrion-CS

We were given a very hard task of completing a real estate project management and real estate asset management data base technology platforms and QuixTec has delivered on time, under budget with great results. I highly recommend and endorse QuixTec for all your technology needs. They’re the best!

Vahak Agojian World Vision International

When the idea for our business first came about, researching and finding out the many faces of owning and operating a business were a given. The most difficult and terrifying—yes, for me, terrifying, aspect was the one of Technology. Not just Technology, but everyyything that goes with that term! Building a website delayed the dream, because my insecurity about how to even begin, was overwhelming at the time. Many options were available, and we decided on Richard, because of his knowledge in all applications of the technical side, he knew the lingo required and where it needed to be, his connections and background, his patience and common sense. We are, thanks to Richard and his expertise, fully functional and integrated for where we need to be at this point in our business, confidently knowing that the “Technical” side of things show well, provide an easy experience for our customers, and as we grow, Richard is several steps ahead of us on how to apply what’s needed next. Thank you, Richard Quatier, for all you have done for us to take the worry out of this part of running a business!

Lee Grove Co-Owner PTNW
QuixTec is a Microsoft Certified Partner located in Seattle. Our services fit any sized organization.
Quick Links
Other Pages
Connect with us

(425) 367-9025

contactus@quixtec.com

Copyright & Design By @Quixteck- 2025

Facebook Linkedin Linkedin