Microsoft Purview: Data Loss Prevention - Enriched Audit Data for Matched Rules
DLP audit records in Exchange Online will now include enriched data beyond Sensitive Information Type matches, including sender domain, subject keywords, attachment type, and recipient information. This data will be visible in alerts and Activity Explorer to improve compliance monitoring and incident investigation.
Key dates
- — preview (Feature in development, no GA date announced)
Microsoft's description
When DLP rules detect policy violations in Exchange Online, they generate audit records that administrators rely on for compliance monitoring, incident investigation, and policy tuning. Previously, these records only showed Sensitive Information Type matches. This feature aims to extend that to sender domain, subject keywords, attachment type, or recipient information. Now they will be visible in alerts and Activity Explorer providing data enrichment to the administrators.