Deploy and Configure DLP Alert Triage Agent

Implementation Effort: Medium – Requires Microsoft Security Copilot onboarding with security compute units (SCUs) provisioned, Microsoft Purview plug-in activation, agent identity configuration, and policy scope definition; ongoing SCU consumption monitoring is needed.
User Impact: Low – Admin and analyst activity; the Triage Agent automates alert categorization and can optionally send remediation reminders to users via Microsoft Teams for SharePoint and OneDrive policy violations.

Overview

As DLP policies for AI interaction locations generate a growing volume of alerts, security teams face the challenge of triaging each alert manually — reviewing sensitive information types detected, assessing exfiltration risk, checking policy mode and rule actions, and deciding whether an alert requires immediate attention or can be deprioritized. The Microsoft Purview Triage Agent in Data Loss Prevention automates this process by evaluating each alert against multiple risk factors and categorizing it as "Needs Attention," "Less Urgent," or "Not Categorized." The agent runs on Microsoft Security Copilot and consumes security compute units (SCUs) for each alert it processes. It supports alerts from Exchange, Teams, OneDrive, SharePoint, and endpoint (devices) locations, covering the same workloads where AI-related DLP policies generate policy matches.

The Triage Agent prioritizes alerts based on content risk (sensitive information types, trainable classifiers, and sensitivity labels found in the content), exfiltration risk (whether sensitive data was shared externally), and policy risk (the policy mode and rule actions in effect when the alert was generated). This multi-factor prioritization replaces the manual effort of an analyst reading through each alert's details and making a subjective severity judgment. The agent also supports custom instructions in natural language — security teams can tell the agent to focus on alerts involving specific classifiers, deprioritize alerts containing certain file types, or apply organization-specific definitions for how classifiers should be weighted. These custom instructions are translated into structured classification logic that the agent applies consistently across all future alerts, reducing the variability that occurs when multiple analysts triage alerts with different criteria.

Beyond categorization, the Triage Agent includes a remediation capability for SharePoint and OneDrive alerts classified as "Needs Attention." When enabled, the agent sends a Microsoft Teams message to the last user who modified the flagged file, asking them to remove the sensitive information. Reminders are sent daily and continue for a configurable duration. This closes the loop between detection and remediation without requiring a security analyst to manually contact the file owner for each alert. Analysts can also provide feedback on triaged alerts — reclassifying an alert from "Less Urgent" to "Needs Attention" or vice versa — and the agent incorporates this feedback into future triage decisions for the same user and policy combination, improving accuracy over time.

This activity supports Assume Breach by ensuring that the growing volume of DLP alerts from AI workloads is systematically evaluated rather than left uninvestigated — an untriaged alert backlog is functionally equivalent to having no detection at all. It supports Verify Explicitly by using multiple risk factors and custom instructions to make evidence-based triage decisions rather than relying on static severity thresholds. It supports Use Least Privilege Access because the agent can be deployed with its own agent identity rather than an administrator's credentials, limiting the permissions scope of the automated triage process to only what is required. Without the Triage Agent, security teams must manually review every DLP alert from AI interaction locations — a workload that scales linearly with AI adoption and quickly exceeds the capacity of most security operations teams. Unreviewed alerts allow data exfiltration through AI channels to persist, and the lack of systematic triage makes it impossible to distinguish high-risk incidents from policy noise.

Reference

• Microsoft Purview data security and compliance protections for generative AI apps
• Security Copilot Agents in Microsoft Purview overview
• Get started with the Microsoft Purview Triage Agent in Data Loss Prevention
• Learn about investigating data loss prevention alerts
• Get started with the data loss prevention Alerts dashboard
• Get started with Microsoft Security Copilot
• Evidence collection for file activities on devices
• Microsoft Purview service description — licensing