Jaa


Use the data loss prevention on-premises repositories location

To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together a couple of scenarios for you to follow.

Important

These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the following topics when you need to work with DLP policies in general situations:

Scenario: Discover files matching DLP rules

Data from DLP surfaces in several areas

Activity explorer

DLP reports rule matches are available in Activity Explorer.

Microsoft 365 Audit log

The DLP rule matches are also available in the Audit log UI (see Search the audit log) and are accessible via PowerShell through theSearch-UnifiedAuditLog.

Information protection scanner

Discovery data is available in a local report in .csv format and is stored under:

%localappdata%\Microsoft\MSIP\Scanner\Reports\DetailedReport_%timestamp%.csv report.

Look for the following columns:

  • DLP Mode
  • DLP Status
  • DLP Comment
  • DLP Rule Name
  • DLP Actions
  • Owner
  • Current NTFS Permissions (SDDL)
  • Applied NTFS Permissions (SDDL)
  • NTFS permissions type

Scenario: Enforce DLP rule

If you want to enforce DLP rules on scanned files, enforcement must be enabled both on the content scan job and at the policy level in DLP.

Configure DLP to enforce policy actions

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal
  2. Navigate to Data loss prevention > Policies.
  3. Select the DLP policy that is targeted to the on-premises location repositories you have configured for the scanner.
  4. Edit the policy.
  5. On the Policy Mode page, select Turn the policy on immediately.
  6. Choose Next and then choose Submit.
  7. Choose Done.

Tip

Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.

See also