DLP Policy Notification keeps resetting

Shim Kwan 261 Reputation points
2022-06-10T04:13:23.547+00:00

Hi,
We have 6 different DLP Policies.

In the Advanced Rules, we have (on multiple occasions) setup the "Send email alerts to these people (optional) and "Send Notifications to these people" and have manually added a list of DLP/AIP Admins.

210126-dlpnotifybug1.png

However, after a few short minutes all of our Policies revert to the following:

210114-dlpnotifybug.png

All 6 DLP Policies just keep resetting to SiteAdmin for Notifications (and no one for the first notification option).
Nor is anything recorded in the DLP Alerts dashboard (in Compliance Portal).
All DLP Policies are ON.

Has anyone else experienced this, or is this a bug with DLP?

Thank you,
SK

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
397 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 11,751 Reputation points Microsoft Employee
    2022-06-13T08:58:43.49+00:00

    @Shim Kwan Apologies for the delay in answering this post.

    I wanted to test this behavior in my lab ( DLP Policy Notification keeps resetting ).

    Tested this behavior in my lab, I don't see my DLP policies getting reset to default settings. Also would like to know how frequently you can repro this issue ?

    However you can find the information in audit logs about the changes made to DLP Compliance Policy and DLP Compliance Rule

    Connect to Security & Compliance PowerShell, execute the following command ( change the time stamp convert to utc according to your environment ).

    Search-AdminAuditLog -Cmdlets Set-DlpComplianceRule -StartDate "2022-06-13 08:25:00z" -EndDate "2022-06-13 08:28:00z"

    210736-image.png

    Look for caller information object id as shown in the screenshot above, is the one who made changes to the DLP Compliance Rule.

    Further you can run this command Search-AdminAuditLog -Cmdlets Set-DlpComplianceRule -StartDate "2022-06-13 08:25:00z" -EndDate "2022-06-13 08:28:00z" | select -ExpandProperty modifiedproperties | FL to get new value and old value information of the modified properties attribute.

    Let me know if you have any further questions or if you need further help we can connect offline to discuss further.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    No comments