Microsoft Purview: Data Loss Prevention-User based alert aggregation

User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior. Product Release phase General Availability Release date February CY2026 Platform Web Cloud Instance GCC, GCC High, DoD Created 2025-12-10 00:15:49Z Roadmap ID 537276 Roadmap Link https://www.microsoft.com/microsoft-365/roadmap?id=537276

The post Microsoft Purview: Data Loss Prevention-User based alert aggregation appeared first on M365 Admin.