Microsoft Purview compliance portal: Data Loss Prevention - Decoupling of Policy tips and Email notifications while configuring rules on Data Loss Prevention for Sharepoint and Onedriv

🚨 The Signal: Admins can now independently enable or disable policy tips and email notifications for Data Loss Prevention (DLP) rules in SharePoint and OneDrive. This provides granular control over how users are alerted about policy violations, improving DLP effectiveness.

The Impact

Security teams and compliance officers are affected, gaining better control over DLP user communication, which can reduce alert fatigue or ensure critical policy violations are noticed.

• Security Teams: Risk of missed critical alerts if email notifications are not configured for high-severity DLP policies.
• Compliance Officers: Risk of non-compliance if user awareness via policy tips is insufficient for specific data types.
• End Users: Risk of alert fatigue if both policy tips and emails are overused, potentially leading to ignored warnings.
• Admins: Risk of misconfiguration leading to either over-alerting or under-alerting users on DLP violations.

The Action

1. Navigate to Microsoft Purview compliance portal > Data loss prevention > Policies.
2. Edit existing DLP policies or create new ones targeting SharePoint and OneDrive.
3. In the 'User notifications' section, configure 'Policy tips' and 'Email notifications' independently.
4. Review and update existing DLP policies to leverage the new decoupled notification options based on data sensitivity and user impact.
5. Communicate changes to relevant stakeholders, including security operations and compliance teams.

Domain: Purview · Impact: medium · Workload: Microsoft Purview