Your organization uses Microsoft Purview and Microsoft Defender XDR to analyze sensitive data activity. A data loss prevention (DLP) policy is configured to detect when employees upload financial records to personal cloud storage.
You're a security analyst reviewing the following situation:
- A user triggered an alert after uploading a file named "Budget_2025.xlsx" to a personal Dropbox account.
- The alert appears in both Microsoft Purview and Defender XDR.
- In Microsoft Defender XDR, the alert is grouped with others showing the same user downloaded multiple files from SharePoint earlier that day.
- The Sensitive info types tab confirms the file contained financial account numbers.
Insider Risk Management is enabled. The user's user activity summary shows a pattern of exfiltration attempts over the last 60 days.