check before: 2026-05-01
Product:
Defender, Microsoft 365 Apps, Microsoft Graph, Purview, Purview Communication Compliance, Purview Data Loss Prevention
Platform:
Developer, Online, Web, World tenant
Status:
In development
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Purview DLP event details will be integrated into Microsoft Graph Security APIs alongside Defender alerts, simplifying correlation, reporting, and SIEM integration. Public preview starts late May 2026; general availability begins late June 2026. This affects admins using these APIs for DLP-related alert data.
Details:
[Introduction]
To help security and compliance teams more easily correlate Microsoft Purview Data Loss Prevention (DLP) activity with Microsoft Defender alerts, we're enriching Microsoft Graph security APIs so DLP event (rule match) details can be retrieved alongside Defender alert data. This simplifies exporting data to SIEM tools, building automated workflows, and generating custom reports without needing to stitch together data from multiple APIs.
This message is associated with Microsoft 365 Roadmap ID 558681.
[When this will happen:]
Public Preview: Rollout begins in late May 2026 and is expected to complete early June 2026.
General Availability (Worldwide): Rollout begins in late June 2026 and is expected to complete early July 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-05-14
updated:
2026-05-14
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Integration Complexity
Without preparation, admins may face challenges in integrating DLP event data with existing systems, leading to potential delays in incident response and reporting.
- roles: Admins, Security Engineers
- references: https://learn.microsoft.com/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=558681
Data Access Issues
If the new API is not properly configured or tested, admins may encounter access issues to DLP event data, impacting their ability to monitor and respond to security incidents effectively.
- roles: Admins, Developers
- references: https://learn.microsoft.com/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=558681
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago ago
