DLP Alerts
Monitor and investigate Data Loss Prevention policy matches and incidents across Microsoft 365 services.
Alert Dashboard
- Total alerts — All DLP alerts in the selected period
- High severity — Critical policy violations
- Pending review — Alerts awaiting investigation
- Resolved — Investigated and closed alerts
Alert Details
| Field | Description |
|---|---|
| Policy | DLP policy that triggered the alert |
| Rule | Specific rule within the policy |
| Severity | High, Medium, Low |
| User | User who triggered the match |
| Content | File, email, or message with sensitive data |
| Action taken | Blocked, notified, or logged |
Investigation Workflow
- Review alert details and matched content
- Verify true positive or false positive
- Take action (escalate, dismiss, or remediate)
- Update alert status and add notes
API Reference
GET /api/security/dlp/alerts— List DLP alertsPUT /api/security/dlp/alerts/:id— Update alert status
Last updated on