Clicky

Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

Microsoft 365 Curtain Reveal Tech Bulletin Header

Written by Brad

Categories: Microsoft 365 Suite

September 6, 2022

Blog Home

Microsoft Purview Data Loss Prevention: Incident management in Microsoft 365 Defender portal (GA)

Microsoft 365 Suite, Microsoft 365 Experts

From Microsoft Corporation
Technical Bulletin MC424903 · Published Sep 2, 2022

Message Summary

Currently available in public preview (MC387638), we’re rolling out a new unified incident management experience for Microsoft Purview Data Loss Prevention (DLP) in the Microsoft 365 Defender portal along with native integration with Microsoft Sentinel through the Microsoft 365 Defender connector in Sentinel.

This message is associated with Microsoft 365 Roadmap ID 93322.

When this will happen:

Rollout will begin in mid-September and is expected to be complete by mid-October. 

How this will affect your organization:

This feature delivers a new and comprehensive DLP investigation experience that is native to the Microsoft 365 Defender portal and provides a singular view for incident management. Admins can also import all DLP incidents, alerts, and underlying audit activities into Sentinel to extend correlation, detection, and investigation across additional Microsoft and non-Microsoft data sources and extend automated orchestration flows using native SOAR capabilities. Features coming soon to general availability:

  • View all your DLP alerts grouped under incidents in the Microsoft 365 Defender incident queue
  • View intelligent inter-solution (DLP-Microsoft Defender for Endpoint, DLP-Microsoft Defender for Office 365) and intra-solution (DLP-DLP) correlated alerts under a single incident 
  • Hunt for compliance logs along with security under Advanced Hunting 
  • In-place admin remediation actions on user (i.e., mark as compromised, require sign-in), file (i.e., apply sensitivity label, retention label, unshare), and device 
  • Associate custom tags to DLP incidents and filter by them 
  • Filter unified incident queue by DLP policy name, tag, date, service source, incident status, or user 
  • Leverage the Microsoft 365 Defender connector in Sentinel to pull DLP incidents into Sentinel for investigation and remediation 

Please note that the DLP alerts dashboard in the Microsoft Purview compliance portal will continue to work as expected.

What you need to do to prepare:

To import DLP alerts into Microsoft 365 Defender:

  1. Ensure that you have turned on alerts for all your DLP policies in the Microsoft Purview compliance portal, then navigate to Microsoft 365 Defender portal and click on Incidents in the left navigation menu or go directly to Incident Queue.
  2. Click on Filters on top right and choose Service Source: Data Loss Prevention to view all incidents with DLP alerts and take desired actions to investigate or remediate alerts. 


View image in new tab

To import DLP alerts into Sentinel:

  1. Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable CloudAppEvents event connector to pull all Office 365 audit logs into Sentinel. 
  2. You can see your DLP incidents in Sentinel once the connector is setup. 


View image in new tab

Learn more: Learn about data loss prevention

Additional information

TECHNICAL BULLETIN END

QuixTec provides this and other technical bulletins unaltered from Microsoft. As an authorized Microsoft Partner, we ensure that all our solutions we deliver to you include the latest Microsoft updates.

ABOUT US: QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization with experience in a plethora of IT Software Languages.  As a Microsoft Partner, we specialize in Discounted Microsoft Software Licensing, Microsoft SharePoint, Microsoft365 and HTML5 technologies for small to enterprise-sized organizations. Our dedication to IT excellence is evidenced through our PECB ISO Certification training center. The only PECB ISO authorized center in Washington State. QuixTec, implements and provides training for upcoming open-source digital marketing services that are taking the industry by storm. This solution, used by over 100,000 businesses, provides enterprise level marketing capabilities at startup rates. The founder, Richard, has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory, and the U.S. Air Force, to name a few.  QuixTec is in the Seattle area. Phone today for a free consultation and project estimate.

(425) 367-9025

LEARN MORE

SharePoint Development ServicesSharePoint Development - Custom Software Development - Microsoft 365 Experts - Microsoft 365 - IT Staffing Services - IT Staffing - WordPress Development Services - Form Email Validation - Microsoft Licensing - Mautic Open Source MarketingBest IT Staffing AgenciesIT Staffing Company  - PECB ISO Training and Certification

You May Also Like…

New features available in Microsoft Whiteboard

New features available in Microsoft Whiteboard

Microsoft 365 Suite, Microsoft 365 Experts From Microsoft CorporationTechnical Bulletin MC427764 · Published Sep 8, 2022 Message Summary Microsoft Whiteboard has recently rolled out new capabilities that are available for your...