Data Loss Prevention – Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender
This post provides information about how to use out-of-box advanced hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender. With this tool, organizations can select from a list of pre-populated queries for common scenarios such as determining if a file is shared externally or identifying participants of Teams meetings. The rollout is set for late November to early December and will be complete by that time.
To access the tool, users must have access to the CloudAppEvents table, which contains Microsoft Purview data, by following a set of steps to integrate with Microsoft 365. They can then click the "Go Hunt" dropdown from the DLP alert page in the Microsoft Defender XDR portal and select an appropriate query. After selecting the query, the tool opens a new window in "Advanced Hunting" with the query pre-populated and only requires users to click "Run query" to see the results.
The post also provides a message ID and a link to learn more about Advanced Hunting for Microsoft Purview Data Loss Prevention incidents in the Microsoft Community Hub. Organizations should note that there are no prerequisites for preparing for this tool, as the "Go Hunt" option will be available in the DLP alerts experience in the Microsoft Defender XDR portal.
Overall, this post aims to help organizations leverage data loss prevention technology more effectively with Microsoft 365 Defender, making it easier for them to respond to security incidents and protect their data.
The post Data Loss Prevention – Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender appeared first on M365 Admin.
Published on:
Learn more
Related posts
Microsoft Copilot (Microsoft 365): Data Loss Prevention – Gain comprehensive summary of Data Loss Prevention alerts with Copilot for Security
Microsoft Copilot for Security is a powerful tool that can help accelerate data security investigations. It is embedded in Data Loss Preventio...
Microsoft Purview compliance portal: Data Loss Prevention – Expand investigation pane to full screen for Data Loss Preventions alerts in Microsoft 365 Defender
Microsoft has added a key usability feature to its investigation experience in Microsoft 365 Defender to expand the investigation pane to full...
Threat Protection report page retirement
Microsoft has announced the retirement of the Threat Protection report page that is accessed through Reports > Endpoints > Threat Protection. ...
Microsoft Purview compliance portal: Data Loss Prevention- Expand Investigation Pane to Full Screen for Data Loss Preventions alerts in Microsoft 365 Defender
Microsoft has improved the investigation experience for Data Loss Prevention incidents or alerts in Microsoft 365 Defender. Users can now expa...
Microsoft Purview compliance portal: Data Loss Prevention- Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Defender
Microsoft Purview compliance portal has introduced Out-of-box Advanced Hunting queries for Data Loss Prevention incidents in Microsoft 365 Def...
Configuration Change – Microsoft Defender for Cloud Apps threat protection policies
Microsoft is making changes to the default threat protection policies for Microsoft Defender for Cloud Apps. These policies will now be disabl...
Microsoft Defender for Cloud Apps: Behaviors
Microsoft 365 Defender Advanced Hunting has introduced a new data type called "Behaviors". This addition will enable the security teams to pri...
Microsoft Defender for Office 365: 100 Admin Submission at once
Microsoft Defender for Office 365 admins can now submit up to 100 emails for analysis at once from advanced hunting, threat explorer, and user...
Advanced Threat Hunting with Microsoft 365 Defender
In this podcast episode, Michael and Michael dive into the world of advanced threat hunting using Microsoft 365 Defender. Joining the conversa...