Introduction
In Microsoft 365 environments where multiple data loss prevention (DLP) policies coexist, it can sometimes be difficult to understand why a rule is not working as expected. Fortunately, Microsoft Purview's DLP Diagnostics tool simplifies the process and allows IT administrators to verify policy configurations quickly and efficiently.
Good to know
This diagnostic can resolve issues related to policy synchronization, missing rules for a user or location, or even configuration conflicts.
Introduction to Microsoft Purview Diagnostics DLP
Microsoft Purview's DLP Diagnostics tool is a built-in feature for troubleshooting DLP policy issues. It extracts relevant configurations directly from the Microsoft Purview portal and analyzes expected behaviors.
Among its capabilities, you will find:
- Quick analysis of DLP policy configuration.
- Verification of common issues such as propagation delays or scope conflicts.
- Resolution suggestions based on targeted analysis.
Requirements
To use these diagnostics, you must have an administrator role with "Organization Configuration" permission. Also ensure you are familiar with multi-workload DLP configurations before getting started.
Scenarios covered by DLP Diagnostics
Microsoft Purview provides six main diagnostic scenarios to address specific issues.
1. A DLP rule is not applied to a user
This scenario checks why a DLP rule appears not to be applied to a given user.
Enter the required information
Specify the data source (e.g., Exchange, Teams, OneDrive) and the user's principal name.
Launch the diagnostic
This tool returns all active DLP policies for that user or location and identifies potential conflicts.
2. Endpoint DLP is not working
Ideal diagnostic for analyzing the status of policies on devices.
Information to provide:
- Policy name.
- Device in question.
Tip
Use this diagnostic to quickly identify if policy synchronization is delayed.
3. Missing alert for a DLP rule
If an expected alert was not generated, this diagnostic is your first point of check. You can:
- Enter the rule name.
- Specify the approximate time when the alert should have been triggered.
4. Verification of SharePoint and OneDrive files
This diagnostic determines whether a file in SharePoint or OneDrive actually matches a specific DLP policy.
Steps:
- Provide the path to the file and the data source.
- Launch the analysis to find out the current DLP status.
5. Policy tips unavailable in Outlook Web
When a DLP policy tip does not display in Outlook on the web (OWA), analysis via a HAR file can reveal the causes.
Capturing a HAR file
- Open the developer tools (Ctrl + Shift + I).
- Record network activity while reproducing the issue.
- Export and attach the HAR file to the diagnostic or support ticket.
Additional Features
The Diagnostics tool is not limited to the scenarios above. It also facilitates:
- Troubleshooting sensitivity labels.
- Analysis of multi-workload configurations such as email encryption and auto-labeling.
Warning
The use of this tool requires prior activation by an administrator.
Comparison: GUI vs PowerShell commands
| Graphical Interface (GUI) | PowerShell | Use case |
|---|---|---|
| Accessible and simplified | Technical and granular | Common diagnostics |
| Fast | More steps | High complexity |
Conclusion
Whether you are working on DLP policies in Exchange, SharePoint, Teams or on endpoints, Microsoft Purview Diagnostics offers a centralized and efficient approach to problem resolution.
Take the time to familiarize yourself with this tool to optimize your security processes and minimize interruptions.
