Use the data loss prevention on-premises scanner
Note
Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. For more information about Microsoft Purview, see the blog announcement.
To help familiarize you with Microsoft Purview Data Loss Prevention on-premises features and how they surface in DLP policies, we've put together some scenarios for you to follow.
Important
These DLP on-premises scenarios are not the official procedures for creating and tuning DLP policies. Refer to the below topics when you need to work with DLP policies in general situations:
Scenario: Discover files matching DLP rules
Data from DLP on-premises scanner surfaces in several areas
Activity explorer
Microsoft DLP for on-premises detects DLP rule matches and reports them to Activity Explorer.
Microsoft 365 Audit log
The DLP rule matches are available in Audit log UI, see Search the audit log in the Microsoft Purview compliance portal or accessible by Search-UnifiedAuditLog PowerShell.
AIP
Discovery data is available in a local report in csv format which is stored under:
%localappdata%\Microsoft\MSIP\Scanner\Reports\DetailedReport_%timestamp%.csv report.
Look for the following columns:
- DLP Mode
- DLP Status
- DLP Comment
- DLP Rule Name
- DLP Actions
- Owner
- Current NTFS Permissions (SDDL)
- Applied NTFS Permissions (SDDL)
- NTFS permissions type
Scenario: Enforce DLP rule
If you want to enforce DLP rules on the scanned files, enforcement must be enabled on both the content scan job in AIP and at the policy level in DLP.
Configure DLP to enforce policy actions
- Open the Data loss prevention page and select the DLP policy that is targeted to the on-premises location repositories you have configured in AIP.
- Edit the policy.
- On the Test or turn on the policy page, select Yes, turn it on right away.
See also
Povratne informacije
Pošalјite i prikažite povratne informacije za