Enhanced incident communication with DLP email templates

News Informatique

Enhanced incident communication with DLP email templates

Coming soon for Microsoft Purview Data Loss Prevention (DLP): Enhance your DLP incident management with the new send email notification remediation action and customize email templates in Purview DLP and Defender. Use dynamic variables and tokens to easily create and maintain consistent and efficient email communications, complete with an audit trail.

Utilize these email templates to take actions such as:

  • Informing end-users or their managers about incidents, severity, or the analyst’s recommendations.
  • Managing remediation efforts by sending follow-up notifications to end users with due dates.
  • Keeping analysts informed about incident updates and assignments.
  • Notifying approvers of pending items with ease.

When this will happen:

Public Preview: Microsoft will begin rolling out late May 2024 and expect to complete by mid-June 2024.

General Availability: Microsoft will begin rolling out late June 2024 and expect to complete by mid-July 2024.

How this will affect your organization:

1. Go to DLP Settings (on top right on any DLP Overview or Policies or Alerts pages in Microsoft Purview -> Email templates

2. Create an email template. Leverage tokens for email body and subject as much as possible.

Figure 1:

3. You can click on the template name to see the details on the right side.

Figure 2:

4. Go to DLP Alert in Microsoft Purview or Microsoft Defender -> Event -> Actions-> Send email notification -> Create a new template or choose an existing email template -> Preview & send


5. Click on “Send email” or Save changes & Send email

6. Email recipients will receive an email


7. You can also find audit trails for below actions in the Audit

a. Template triggered: DLP Info -> Remediation Activity

b. New-CustomDlpEmailTemplate

c. Set-CustomDlpEmailTemplate

d. Remove-CustomDlpEmailTemplate

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.

No Comments

Add your comment