This post is for people who manage multiple Office 365 tenants where DLP (Data Loss Prevention) is enabled. Using the GUI you are not allowed to sent an incident report to an e-mail address as you have to select a user. You can create a mailbox for a user and forward these incident reports to a shared mailbox or you can use PowerShell to update the DLP policy with an e-mail address.

Change DLP incident report notification with PowerShell

You will need to use the new Microsoft Exchange Online PowerShell module which can be installed via the Exchange admin center.

image

First connect to the compliance center with “Connect-IPPSSession”

image

Then use the following command to get a list of all available DLP policies with “Get-DlpComplianceRule | select name, guid, generateincidentreport”

image

Then update the required DLP policy with the GUID provided with the previous command.
You can use the following command “Set-DlpComplianceRule –Identity <GUID> –GenerateIncidentReport <Email>

image

You can now view the DLP policy if the mail address is present

image

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.