Use the data loss prevention on-premises repositories location
To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together a couple of scenarios for you to follow.
These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the following topics when you need to work with DLP policies in general situations:
Scenario: Discover files matching DLP rules
Data from DLP surfaces in several areas
DLP reports rule matches are available in Activity Explorer.
Microsoft 365 Audit log
The DLP rule matches are also available in the Audit log UI (see Search the audit log in the Microsoft Purview compliance portal) and are accessible via PowerShell through theSearch-UnifiedAuditLog.
Discovery data is available in a local report in .csv format and is stored under:
Look for the following columns:
- DLP Mode
- DLP Status
- DLP Comment
- DLP Rule Name
- DLP Actions
- Current NTFS Permissions (SDDL)
- Applied NTFS Permissions (SDDL)
- NTFS permissions type
Scenario: Enforce DLP rule
If you want to enforce DLP rules on scanned files, enforcement must be enabled both on the content scan job and at the policy level in DLP.
Configure DLP to enforce policy actions
- Open the Data loss prevention page and select the DLP policy that is targeted to the on-premises location repositories you have configured in AIP.
- Edit the policy.
- On the Simulate or turn on the policy page, select Yes, turn it on right away.
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.