This post is for people who manage multiple Office 365 tenants where DLP (Data Loss Prevention) is enabled. Using the GUI you are not allowed to sent an incident report to an e-mail address as you have to select a user. You can create a mailbox for a user and forward these incident reports to a shared mailbox or you can use PowerShell to update the DLP policy with an e-mail address.
Change DLP incident report notification with PowerShell
You will need to use the new Microsoft Exchange Online PowerShell module which can be installed via the Exchange admin center.
First connect to the compliance center with “Connect-IPPSSession”
Then use the following command to get a list of all available DLP policies with “Get-DlpComplianceRule | select name, guid, generateincidentreport”
Then update the required DLP policy with the GUID provided with the previous command.
You can use the following command “Set-DlpComplianceRule –Identity <GUID> –GenerateIncidentReport <Email>”
You can now view the DLP policy if the mail address is present
