I am reviewing some stuff related to Microsoft Purview and I created some DLP policies.
I noted that inside the file: C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-xxx.log
some values inside the logs are not documented. For example when a DLP policy is triggered, I get logs like:
[RTP] [DLP-filter] Denied access to sensitive file '\Users\<myuser>\OneDrive\jup.pdf' for Process '\Device\HarddiskVolume4\Program Files\Microsoft OneDrive\OneDrive.exe' (pid = 0x1d28), reason: 1
or
[RTP] [DLP-filter] Denied access to sensitive file '\Users\<myuser>\OneDrive\blank.pdf' for Process '\Device\HarddiskVolume4\Program Files\Microsoft OneDrive\OneDrive.exe' (pid = 0x1d28), reason: 10
There is no documentation that explains the meaning of "reason: 1", "reason: 10" and other possible values.
Can you please create a Microsoft document about it?
Thanks
I am reviewing some stuff related to Microsoft Purview and I created some DLP policies.
I noted that inside the file: C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-xxx.log
some values inside the logs are not documented. For example when a DLP policy is triggered, I get logs like:
or
There is no documentation that explains the meaning of "reason: 1", "reason: 10" and other possible values.
Can you please create a Microsoft document about it?
Thanks