*For this entry exists the more relevant or more recent entry MC1148528
check before: 2025-11-01
Product:
Purview Communication Compliance, Purview Data Loss Prevention
Platform:
Web, World tenant
Status:
In development
Change type:
Links:
Details:
User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-08-30
updated:
2025-08-30
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
Imagine you're a librarian managing a busy library. Every time someone returns a book late, you get a notification. If multiple people return books late on the same day, you receive a separate notification for each one. This can be overwhelming and time-consuming to manage. Now, imagine if you could group these notifications by the person who returned the books late. Instead of receiving ten separate alerts for ten different late returns, you get one alert per person, summarizing all their late returns. This way, you can quickly see who frequently returns books late and address the issue more efficiently.
This is similar to what Microsoft Purview's User-Based Alert Aggregation does for Data Loss Prevention (DLP). In the digital world, organizations have rules to prevent sensitive information from being shared inappropriately. When these rules are broken, alerts are generated. Traditionally, each rule violation by any user would create a separate alert, which could lead to a flood of notifications for administrators to handle.
With User-Based Alert Aggregation, alerts are consolidated by user identity within a specified time frame. If a single user violates the same rule multiple times, these are grouped into one alert. This makes it easier for administrators to identify patterns of behavior, such as repeated policy violations by the same user, and respond more effectively. It's like getting a single, comprehensive report on a person's late book returns rather than a scattered collection of individual notifications. This approach allows for quicker triage and remediation, helping organizations maintain compliance and protect sensitive information more efficiently.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago ago
