Managing DLP violations in Microsoft Defender for Cloud Apps- Microsoft SC-400 Certification
By Isabella Morgan / March 10, 2022 / No Comments / IBM and Microsoft Exams
If you configure the location of the DLP policy as Microsoft Defender for Cloud Apps in the compliance center, then the matches will show in the standard DLP report.
If you configure a file policy in Microsoft Defender for Cloud Apps, the matched conditions and actions will be logged in Microsoft Defender for Cloud Apps rather than in the DLP report.
Let’s use an example in which you have configured a file policy in Microsoft Defender for Cloud Apps to detect files that include tax ID numbers that are shared with users outside your organization from either OneDrive or SharePoint Online. The file policy is also configured to automatically move them into the trash and block external access.
To review any matches for this policy, you will need to open the Microsoft Defender for Cloud Apps portal, https://portal.cloudappsecurity.com, and complete these steps:
- Underneath the Control setting, click on Policies:

Figure 9.10 – Microsoft Defender for Cloud Apps policies
2. Look for the policy you want to evaluate:

Figure 9.11 – Reviewing policies
3. Click on Open matches from the Count column on the policy you want to evaluate.
4. You should notice that there are three tabs at top of the page:
- Matching now enables you to view current matches for the file policy. You can then utilize the filters at the top to enhance the results.
- Quarantined enables you to view files that have been quarantined due to a file policy governance action.
- History enables you to view historical matches to the policy that were resolved due to a change to either the file or the policy:

Figure 9.12 – Matching now, Quarantined, and History tabs
It is recommended to utilize this page to find patterns in the match and decide on whether or not to act. Imagine a scenario where you notice an increased number of matches, however, they all come from one user. You can inspect the matches and discover whether the user has a legitimate business reason for creating these matches.
You should now understand how to manage DLP violations in Microsoft Defender for Cloud Apps. This brings an end to this chapter; now, let’s finish off by summarizing what we have covered in this chapter.
Summary
Within this chapter, we have covered a number of different topics, including managing and responding to DLP policy violations, reviewing and analyzing DLP reports, managing permissions for DLP reports, and managing DLP violations in Microsoft Defender for Cloud Apps. By the end of this chapter, you have completed multiple lab exercises; if you have not followed any of these, I strongly recommend that you do so before moving on to the next chapter.
The next chapter will focus on configuring retention policies and labels.
Section 4: Implementing Information Governance
This part of the book will focus on how to plan and implement information governance solutions in Microsoft 365.
This section comprises the following chapters:
- Chapter 10, Configuring Retention Policies and Labels
- Chapter 11, Managing Data Retention in Microsoft 365
- Chapter 12, Implementing Records Management in Microsoft 365