Today, Microsoft is deprecating support for endpoint sensitive data alerts in the Microsoft Defender portal. Starting today, organizations must transition to Microsoft Purview DLP to receive alerts, enforce policies, and investigate sensitive data activity on devices. After today, current Defender alert policies will no longer work, so it’s important to take action.
Today, Microsoft is deprecating support for endpoint sensitive data alerts in the Microsoft Defender portal. Starting today, organizations must transition to Microsoft Purview DLP to receive alerts, enforce policies, and investigate sensitive data activity on devices. After today, current Defender alert policies will no longer work, so it’s important to take action.
In an announcement in the Microsoft 365 admin center, the Windows developer notes: "We are deprecating the ability to create alert policies and generate DLP alerts for sensitive data actions on endpoints in the Microsoft Defender portal. This change unifies data leak detection and alerting (DLP) across devices within Microsoft Purview DLP, providing organizations with a more consistent experience and access to advanced control and investigation capabilities in Microsoft Defender XDR."
Today marks the final end of DLP alerts for sensitive data on endpoints through Defender. The decommissioning process began on February 16, when the sensitive data action options were removed from the policy creation menu in the Microsoft Defender portal. Starting today, existing policies that use these activity types will also stop generating alerts, Neowin writes .
This change applies to organizations that use alert policies in Microsoft Defender XDR to monitor sensitive data activity on endpoints, as well as administrators who create or manage these policies in the Microsoft Defender portal.
To prepare, you should review your current Microsoft Defender alert policies and identify those that use the features that are being deprecated. You should then recreate the required alerts using Microsoft Purview DLP policies. It is also recommended that you communicate these changes to your SecOps and support teams and update your internal documentation to reference the Defender alert policies.
You can learn more about these changes in the Microsoft 365 admin center under Message ID MC1217649 . We recommend that you act quickly, as the feature is being permanently retired today.
