Data Loss Prevention Incident Response with Microsoft

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • The Data Loss Prevention Incident Response with Microsoft provides a core framework to import Data Loss Prevention (DLP) incidents from multiple sources such as Microsoft preview apps (Microsoft Teams, Exchange Online, SharePoint Online, OneDrive for Business) and other event types as well. Endpoint devices enable remediation workflow involving end users, managers, and  DLP  operations team with automated incident assignment and escalations.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Key Features

    Use the key features of this integration to do the following actions:
    • Create multiple profiles for different accounts.
    • Automate the creation of DLP IR incidents.
    • Map the Microsoft DLP IR event fields to DLP IR incident fields.
    • Filter Microsoft DLP IR events.
    • Schedule the ingestion of DLP IR events that create DLP IR incidents periodically.
    • Store the matching content of each Microsoft DLP event in external cloud storage.
    • Delete matching content at external cloud storage upon the deletion of the DLP IR incident in ServiceNow.
    • Download files for DLP IR incidents of type Exchange, OneDrive, and SharePoint.
      Note:
      This integration doesn’t support the events closure or status updates as the DLP events doesn’t contain the State field within the Microsoft portal.

    Learn about this integration

    Document identifier Document title
    Microsoft product documentation website Microsoft Product Documentation website
    ServiceNow product documentation website ServiceNow Product Documentation website