M365 Archive

RM501786 - Microsoft Purview compliance portal: Data Loss Prevention: User based alert aggregation

Microsoft 365 Roadmap

Roadmap ID

501786

View in M365 Roadmap

Status

Launched

Release

General Availability
Preview

Last Updated

Dec 9, 2025

Published Aug 29, 2025

Platforms

Web

Service

Microsoft Purview

Tag

Launched
General Availability
Preview
Worldwide (Standard Multi-Tenant)

Cloud

Worldwide (Standard Multi-Tenant)

Summary

User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.

Description

User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.

GA date: November CY2025

Preview date: September CY2025