MC921917 - Microsoft Purview | Data Loss Prevention: Turning on Data Loss Prevention analytics

Service

Microsoft Purview

Published

Oct 30, 2024

Tag

New feature
Admin impact

Summary

Microsoft Purview's Data Loss Prevention analytics feature will be available mid-October 2024, providing weekly recommendations to enhance data protection. Users can turn on analytics, which generates recommendations after 7 days, spotlighting risks and fine-tuning policies. Recommendations stay in the queue for 4 weeks, and analytics can be disabled if needed.

More information

In Microsoft Purview, Data Loss Prevention (DLP) analytics is a feature that helps you to analyze data protection challenges, gaps, policy, and posture enhancement possibilities in your organization.

After you turn on DLP analytics, recommendations are generated weekly. There are two new cards that show prioritized recommendations, while View all recommendations shows all generated recommendations.

When this will happen:

General Availability (GCC, GCC High, DoD): We will begin rolling out mid-October 2024 and expect to complete by late October 2024.

How this will affect your organization:

DLP analytics provides details on risks, blind spots, and policy improvement opportunities based on the past 30 days' data with one-click recommendations. Also, new recommendations will be available each week.

Turn on Analytics

Step 1:

In Purview, go to Data loss prevention on the left navigation and select Overview.

The task pane shows an option to Turn on analytics.

After turning on analytics, it takes up to 7 days to generate recommendations. This feature leverages Purview’s capabilities to understand logs and telemetry like classification, activity, user profile, policy configuration, alerts, and incident information to generate recommendations.


Step 2:

Seven days after turning on analytics, recommendations will be generated.

The two categories of recommendations include:

  1. Risk spotlighting: Reveals top risks that need mitigation through a new policy.
  2. Policy finetuning: Provides policy improvement opportunities.

When you select View detection details, a side card opens that provides more details on found risks.


Use View activities to review supporting evidence. The side pane has a preconfigured policy for mitigating risk with the right configurations.

 

You can create a new policy or update the preconfigured policy with a few clicks by opening the recommendation, reviewing, and applying the recommendations. 

The analytics algorithm examines your tenant, identifies blind spots or risks that require attention, and suggests mitigations. The recommendations are prioritized by highest impact. The top two recommendations are shown as cards and the rest are available as prioritized lists for admins to take necessary actions. 

Step 3:

View all recommendations and take actions.

Recommendations are generated weekly and will remain in the queue for 4 weeks unless admin actions are taken.

For policy improvement recommendations that require an update to policies, a copy of the policy is created when the admin takes action.


Disabling Analytics

From the Task pane on the DLP overview page, you can disable analytics in the Manage settings pane. After you disable analytics, it might take up to 24 hours for it to stop running.

 What you need to do to prepare:

This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate.

To learn more, visit Get started with data loss prevention analytics | Microsoft Learn.