Release : 15.8+

In the case of Office 365 Outlook the message is split up into several messages, one per a recipient and this may be sent to different DLP Network Prevent for Email detection servers which results is duplicate incidents however these would normally be reconciled into one incident but are not because an issue caused by Microsoft (MS) having released MPIP (Purview) with some specific features that change the email workflow and content.

The feature causing the issue is the MPIP Custom Branding, that changes the original behaviour from sending ".RPMSG" encrypted messages, into sending an email informative email body to the recipient with a link pointing to the actual message to view, the user clicking the link will access the unencrypted message originally sent, but that link is unique, it differs for every recipient, and this causes Symantec DLP and probably other vendors to see it as a unique message, and therefore duplicating it as many times as many recipients receive it.

For information on Incident Reconciliation please see: Enabling incident reconciliation

Related articles: 

Article ID: 159907 - If Symantec DLP catches an email twice, is an additional incident created?

NPE analyzing duplicate emails (broadcom.com)

Email incidents take 5 minutes longer to process with Incident Reconciliation (broadcom.com)