Use the data loss prevention on-premises repositories location

To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together a couple of scenarios for you to follow.


These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the following topics when you need to work with DLP policies in general situations:

Scenario: Discover files matching DLP rules

Data from DLP surfaces in several areas

Activity explorer

DLP reports rule matches are available in Activity Explorer.

Microsoft 365 Audit log

The DLP rule matches are also available in the Audit log UI (see Search the audit log in the Microsoft Purview compliance portal) and are accessible via PowerShell through theSearch-UnifiedAuditLog.


Discovery data is available in a local report in .csv format and is stored under:

%localappdata%\Microsoft\MSIP\Scanner\Reports\DetailedReport_%timestamp%.csv report.

Look for the following columns:

  • DLP Mode
  • DLP Status
  • DLP Comment
  • DLP Rule Name
  • DLP Actions
  • Owner
  • Current NTFS Permissions (SDDL)
  • Applied NTFS Permissions (SDDL)
  • NTFS permissions type

Scenario: Enforce DLP rule

If you want to enforce DLP rules on scanned files, enforcement must be enabled both on the content scan job and at the policy level in DLP.

Configure DLP to enforce policy actions

  1. Open the Data loss prevention page and select the DLP policy that is targeted to the on-premises location repositories you have configured in AIP.
  2. Edit the policy.
  3. On the Simulate or turn on the policy page, select Yes, turn it on right away.


If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

See also