Investigate data loss prevention alerts in Microsoft Purview

Completed

To view DLP Alerts from DLP Policies created in Microsoft Purview use the following steps:

Important

The current Microsoft Purview compliance portal https://compliance.microsoft.com, is being retired in 2024. The new Microsoft Purview portal https://purview.microsoft.com is available. We recommend you become familiar with the steps to navigate to and manage Data loss prevention alerts in the new Microsoft Purview portal. In either portal you must have the correct permissions assigned to use DLP.

1. In the new https://purview.microsoft.com portal, on the left navigation menu select the Solutions icon and select Data loss prevention.

   Note

   Once you select a solution in the new Microsoft Purview portal, an icon for that solution is displayed in the navigation menu.

   

2. Select Alerts from the Data Loss Prevention menu.

3. Choose filters to refine the list of alerts. Choose Customize columns to list the properties you want to see. You can also choose to sort the alerts in ascending or descending order in any column.

4. Select an alert to see details.

5. Select the Events tab to view all of the events associated with the alert. You can choose a particular event to view its details.

6. Select an Event with the Sensitive info in label and then select the View details button.

7. Select the Overview tab for the alert and expand the Manage alert section. Under the Assign tab, you can change the status (Active, Investigating, Dismissed, or Resolved). You can also add comments and assign the alert to someone in your organization.

8. After you take the required actions for the alert, set the status of the alert to Resolved.

9. To see the history of workflow management, choose the Management log tab.