Microsoft Purview: Data Loss Prevention-User based alert aggregation

Microsoft 365 Roadmap ID: 537276

Status In development

Product Microsoft Purview compliance portal

Cloud Instances GCC GCC High DoD

Release Phase General Availability

Platforms Web

Expected Release February 2026

Description

User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.

Change History

Published: December 10, 2025

Last Updated: December 10, 2025

No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

View Full Details Sign Up Free