Identifying Blocked Messages by DLP Policy | Microsoft 365 DLP Report

B.

The report that should be recommended to the Exchange administrator to identify how many messages were blocked based on each DLP policy is the "DLP incidents" report.

The DLP incidents report provides information on DLP policy matches that occurred in Exchange Online, SharePoint Online, and OneDrive for Business. This report shows the number of incidents, users involved, and the specific DLP policies that were matched.

In this scenario, the Exchange administrator can use the DLP incidents report to see how many messages were blocked based on each DLP policy. They can filter the report by date range, policy type, and severity level to get a better understanding of the scope and impact of the DLP policies.

The other options provided in the answers are not relevant to the scenario described.

• The "Third-party DLP policy matches" report is used to track incidents that match third-party DLP policies, which are not applicable in this case.
• The "DLP policy matches" report provides information on the number of policy matches for each DLP policy, but it does not provide information on the number of messages that were blocked based on each policy, which is what the Exchange administrator needs.
• The "False positive and override" report provides information on the number of false positives and overrides for each DLP policy, which is not relevant to the Exchange administrator's needs in this scenario.