*For this entry exists the more relevant or more recent entry MC1169572
check before: 2025-11-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention
Platform:
Web, World tenant
Status:
Launched
Change type:
Links:
Details:
This feature introduces the ability to classify DLP alerts directly in the Purview portal. In addition to assigning a status, customers can now categorize alerts as True Positive, False Positive, or Benign Positive. This capability helps security teams better organize, track, and manage alerts, enabling more accurate reporting and efficient incident handling.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-10-08
updated:
2025-12-18
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
Imagine you're managing a large library. Every day, books are being checked out, returned, and sometimes misplaced. To keep everything in order, you have a system that alerts you whenever a book is missing or not where it should be. However, not all alerts require the same level of attention. Some might be false alarms, like when a book is simply on the wrong shelf, while others might indicate a more serious issue, like a lost book.
In the world of IT, Microsoft Purview's Compliance Portal is like that library system, but for data. It helps organizations keep track of their data and ensures that sensitive information doesn't end up where it shouldn't. One of the features of this system is Data Loss Prevention (DLP), which alerts the security team whenever there's a potential issue with data handling.
With the new update, the Purview portal allows users to classify these alerts more effectively. Think of it as adding labels to your library alerts. You can now mark an alert as a "True Positive," meaning it's a real issue that needs attention, like a genuinely lost book. A "False Positive" is like a false alarm, where the book is just misplaced but not lost. Lastly, a "Benign Positive" is an alert that isn't a serious problem, similar to a book that was checked out and returned late but is now back on the shelf.
By categorizing alerts this way, security teams can better organize and prioritize their work. It helps them focus on real issues, track trends, and report more accurately on what's happening. Just like a librarian who can now spend more time finding genuinely lost books rather than chasing down every minor alert, IT teams can handle incidents more efficiently and ensure that their organization's data remains secure.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-12-18 | RM Status | Rolling out | Launched |
| 2025-12-05 | RM Status | In development | Rolling out |
Last updated 4 weeks ago ago
