Data Loss Prevention: Turning on DLP analytics

News Informatique

Data Loss Prevention: Turning on DLP analytics

In Microsoft Purview, Data Loss Prevention (DLP) analytics is a feature that enables you to analyze data protection challenges, gaps, policy, and posture enhancement possibilities in the organization. Use intelligent Purview features to explore these challenges and resolve them in a few easy steps.

After you turn on analytics, you can review analytics and recommendations will be generated each week on the overview page of DLP. The two prioritized cards show top recommendations. View all recommendations shows all generated recommendations and their status, which enables admins to take action. 

When this will happen:

Microsoft will begin rolling out mid-February 2024 and expected to complete by late February 2024.

How this will affect your organization:


  • Analytics provides reports on top risks, blind spots, and policy improvement opportunities based on past 30 days data and one-click recommendations to mitigate these risks.
  • New recommendations each week.
  • Recommendations are also based upon recommended industry practices.

To turn on Analytics

Step 1: In Purview, go to Data loss prevention on the left navigation and select Overview

The task pane shows an option to turn on Analytics, as shown in screenshot 1. 

Please note after turning on Analytics, it takes up to seven days to generate recommendations. This feature leverages Purview’s intelligent capabilities to understand the logs and telemetry like classification, activity, user profile, policy configuration, alerts, and incident information to generate recommendations. 

admin controls

Step 2: Seven days after turning on Analytics, prioritized cards will be generated.

The two categories of recommendations include:

  1. Risk Spotlighting: Reveals the top risks in your tenant that need mitigation through a new policy. 
  2. Policy finetuning: Provides policy improvement opportunities. 

When you select View detection details, a side card opens that provides more details on risks found (screenshot 2). Use View activities to review supporting evidence. The side pane has a preconfigured policy for mitigating risk with the right configurations (screenshot 3). You can create a new policy or update the preconfigured policy with a few clicks. 

Analytics uses an intelligent algorithm that examines your tenant, identifies blind spots or risks that require urgent attention, and suggests suitable mitigations. The recommendations are prioritized by highest impact. The top two recommendations are shown as cards and the rest are available as a prioritized list for admins to take necessary actions. 

admin controls

admin controls

Step 3: View all recommendations generated for your tenant and take actions.

Recommendations are generated at a weekly cadence and persist in the queue for four weeks unless admins action or dismiss them. 

For policy improvement recommendations that require an update to existing policies, a copy of the policy is automatically created when an admin actions the recommendation.

admin controls

Disabling Analytics

From the Task pane on the DLP overview page, you can disable Analytics in the Manage settings pane. After you disable Analytics, it might take up to 24 hours for the analytics to stop running. 

What you need to do to prepare:

No action is needed from you to prepare for this rollout. You may want to notify your users about this change and update any relevant documentation as appropriate.

To learn more: Get started with data loss prevention analytics | Microsoft Learn

No Comments

Add your comment