Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together a couple of scenarios for you to follow.
Important
These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the following topics when you need to work with DLP policies in general situations:
Scenario: Discover files matching DLP rules
Data from DLP surfaces in several areas
Activity explorer
DLP reports rule matches are available in Activity Explorer.
Microsoft 365 Audit log
The DLP rule matches are also available in the Audit log UI (see Search the audit log) and are accessible via PowerShell through theSearch-UnifiedAuditLog.
Information protection scanner
Discovery data is available in a local report in .csv format and is stored under:
%localappdata%\Microsoft\MSIP\Scanner\Reports\DetailedReport_%timestamp%.csv report.
Look for the following columns:
- DLP Mode
- DLP Status
- DLP Comment
- DLP Rule Name
- DLP Actions
- Owner
- Current NTFS Permissions (SDDL)
- Applied NTFS Permissions (SDDL)
- NTFS permissions type
Scenario: Enforce DLP rule
If you want to enforce DLP rules on scanned files, enforcement must be enabled both on the content scan job and at the policy level in DLP.
Configure DLP to enforce policy actions
- Sign in to the Microsoft Purview portal
- Navigate to Data loss prevention > Policies.
- Select the DLP policy that is targeted to the on-premises location repositories you have configured for the scanner.
- Edit the policy.
- On the Policy Mode page, select Turn the policy on immediately.
- Choose Next and then choose Submit.
- Choose Done.