From your DLP dashboard (https://protection.office.com/insightdashboard), you will be able to view many metrics in one place. You'll find three DLP-specific charts among them. If you select one of them, you will see the remaining two under Related reports. You can drill down into a selected chart to get more details regarding any matches, incidents, or false positives that appear.
Policy matches and incident reports are broken down by location (SharePoint, OneDrive, and so on). False positives and overrides are displayed by name. In the following screenshot, you can see the following information:
- Filter reports
- Export reports
- The ability to schedule the emails of reports (weekly or monthly):
Note that, in order to view these reports, you must be a member of one of the following groups (with default settings applied). If you're not a member of one of these groups that include them, you must have one of the three roles indicated with * assigned to you:
- Exchange admin center:
- Organization management group
- Security reader group
- Security reader role (automatically applied to members of the previous two groups)*
- Compliance management group
- View-only organization management group
- View-only recipients (automatically applied to members of the previous two groups and the organization management group)*
- Security & Compliance Center:
- Compliance administrator group
- Organization management group
- Security administrator group
- Security reader group
- View-only DLP compliance management role (automatically applied to members of the previous four groups)*
In the next and final section, we'll explore managing DLP exceptions in terms of policy triggers that should be ignored.