View the Reports for Data Loss Prevention

Created by Baijnath Kumar, Modified on Wed, 16 Oct, 2019 at 6:47 PM by Baijnath Kumar

Text Box

 

View the reports for data loss prevention 

After you create your data loss prevention (DLP) policies, you'll want to verify that they're working as you intended and helping you to stay compliant. With the DLP reports in the Office 365 Security & Compliance Center, you can quickly view: 

  • DLP policy matches: This report shows the count of DLP policy matches over time. You can filter the report by date, location, policy, or action. 

  • DLP incidents: This report also shows policy matches over time, as the policy matches the report. However, the policy matches report shows matches at a rule level; for example, if an email matched three different rules, the policy matches the report shows three different line items. By contrast, the incidents report shows matches at an item level; for example, if an email matched three different rules, the incidents report shows a single line item for that piece of content. 

  • DLP false positives and overrides: If your DLP policy allows users to override it or report a false positive, this report shows a count of such instances over time. You can filter the report by date, location, or policy. 

All DLP reports can show data from the most recent four-month time period. The most recent data can take up to 24 hours to appear in the reports. 

To find these reports, follow these steps: 

  1. Sign in to Office 365 account. 

  1. Click on Reports. 

  1. Click on Dashboard to view the reports. 

 

 

View the justification submitted by a user for an override 

If your DLP policy allows users to override it, you can use the false positive and override report to view the text submitted by users in the policy tip. 

 

Take action on insights and recommendations 

Reports can show insights and recommendations where you can click the red warning icon to see details about potential issues and take possible remedial action. 

 

Permissions for DLP reports 

To view DLP reports in the Security & Compliance Center, you have to be assigned the: 

  • Security Reader role in the Exchange admin center. By default, this role is assigned to the Organization Management and Security Reader role groups in the Exchange admin center. 

  • View-Only DLP Compliance Management role in the Security & Compliance Center. By default, this role is assigned to the Compliance Administrator, Organization Management, Security Administrator, and Security Reader role groups in the Security & Compliance Center. 

  • View-Only Recipients role in the Exchange admin center. By default, this role is assigned to the Compliance Management, Organization Management, and View-Only Organization Management role groups in the Exchange admin center. 

 

 

 

SOURCE: 

 

Page Break 

ShapeText BoxText BoxText BoxText BoxText Box 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article