To identify impacted entities in an aggregated DLP alert within the Microsoft 365 compliance center, reviewing the Events tab of the alert is crucial. This tab provides detailed information about the specific incidents that triggered the Data Loss Prevention (DLP) alert, highlighting the entities involved. It outlines the actions taken, the users who were affected, and other pertinent details regarding the triggering event. This clarity allows security analysts to assess the extent of potential data leakage and to respond appropriately.
Understanding the Events tab is essential for effectively managing DLP alerts, as it aggregates information across multiple incidents. This enables the identification of trends or repeated occurrences that may indicate a more significant underlying issue.
In contrast, the Sensitive Info Types tab focuses on the types of sensitive information detected rather than the entities impacted. The Details tab provides general information about the alert, such as when it was created and its category, but does not offer a breakdown of affected entities. The Management log is used for administrative tracking and does not pertain directly to the specifics of the DLP incidents. Thus, the Events tab is the most relevant when determining which entities are impacted by the aggregated alert.