Search

MC424903 – Microsoft Purview Data Loss Prevention: Incident management in Microsoft 365 Defender portal (GA) (archived)

cloudscout.one Icon

check before: 2022-09-16

Product:

Defender, Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, Microsoft 365 suite, Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention, Purview Information Protection

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

New feature, User impact

Links:

(MC387638)
93322

Details:

Currently available in public preview (MC387638), we're rolling out a new unified incident management experience for Microsoft Purview Data Loss Prevention (DLP) in the Microsoft 365 Defender portal along with native integration with Microsoft Sentinel through the Microsoft 365 Defender connector in Sentinel.
This message is associated with Microsoft 365 Roadmap ID 93322.
[When this will happen:]
Rollout will begin in mid-September and is expected to be complete by mid-October.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability, Preview

Created:
2022-09-03

updated:
2022-09-15

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2022-09-15MC prepareTo import DLP alerts into Microsoft 365 Defender:
Ensure that you have turned on alerts for all your DLP policies in the Microsoft Purview compliance portal, then navigate to Microsoft 365 Defender portal and click on Incidents in the left navigation menu or go directly to Incident Queue.

Click on Filters on top right and choose Service Source: Data Loss Prevention to view all incidents with DLP alerts and take desired actions to investigate or remediate alerts.





To import DLP alerts into Sentinel:
Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable CloudAppEvents event connector to pull all Office 365 audit logs into Sentinel.

You can see your DLP incidents in Sentinel once the connector is setup.





Learn more: Learn about data loss prevention
ps://compliance.microsoft.com/datalossprevention?viewid=dlpaler
ps://docs.microsoft.com/azure/sentinel/connect-microsoft-365-defender?tabs=MDE
ps://docs.microsoft.com/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-world
ps://purview.microsoft.com/compl
ps://security.microsoft.com/
ps://security.microsoft.com/incidents-q
ps://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=933
To import DLP alerts into Microsoft 365 Defender:
Ensure that you have turned on alerts for all your DLP policies in the Microsoft Purview compliance portal, then navigate to Microsoft 365 Defender portal and click on Incidents in the left navigation menu or go directly to Incident Queue.

Click on Filters on top right and choose Service Source: Data Loss Prevention to view all incidents with DLP alerts and take desired actions to investigate or remediate alerts.





To import DLP alerts into Sentinel:
Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable CloudAppEvents event connector to pull all Office 365 audit logs into Sentinel.

You can see your DLP incidents in Sentinel once the connector is setup.





Learn more: Learn about data loss prevention
https://compliance.microsoft.com/datalossprevention?viewid=dlpalerts
https://docs.microsoft.com/azure/sentinel/connect-microsoft-365-defender?tabs=MDE
https://docs.microsoft.com/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
https://purview.microsoft.com/compliance
https://security.microsoft.com/
https://security.microsoft.com/incidents-queue
https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93322

*starting April 2022

Last updated 8 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!