The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Data Loss Prevention Policies (DLP) in Microsoft 365

Download Windows Speedup Tool to fix errors and make PC run faster

Organizations need to protect all their sensitive information and have to prevent its unintentional or careless disclosure. The sensitive information can be financial data, credit card numbers, social security numbers, health records or any particular data. The organization wants to prevent such information from leaking outside. With Microsoft 365 Security and Compliance Center including the Data Loss Prevention (DLP) policy, one can prevent leakage. As it can identify, monitor, protect information across Office 365. We will see some of the basics of DLP in Microsoft 365.

What is DLP policy in Office 365?

A data loss prevention (DLP) policy is a practice used by organizations and is one of the tools of Microsoft Purview. This practice helps organizations to prevent their users from inappropriately sharing their sensitive data which may include data related to their health, credit cards, etc., to unwanted people. With a DLP Policy, you can protect sensitive items to Microsoft 365 services which include SharePoint, OneDrive accounts, Exchange, etc.

DLP helps in the following:

  • Identifies sensitive information: One can identify any document containing sensitive information such as a credit card number which might be stored in any OneDrive for Business site. This identifying sensitive information can be across SharePoint Online or OneDrive for Business. One can also create a DLP policy in the Exchange admin center and can be applied to emails and other mailbox items.
  • Prevent accidental sharing: One can automatically block access to sensitive documents for everyone except the site administrator, document owner and the person who last modified the content.
  • Helps to stay compliant without interruptions: One can educate users about DLP policies and help them to remain compliant without blocking their work. DLP policy can send email notifications and show them a policy tip.
  • Even the Office desktop programs can include these capabilities like SharePoint Online and OneDrive for Business.
  • DLP reports: To get an idea of how one’s organization is complying with a DLP policy, one can see how many matches each policy and rule has over time.

Where are DLP Policies in Office 365?

When you create a DLP policy, it is created, stored, and maintained in Microsoft Purview Center. When the policy is stored, it is synced to sources such as Word, PowerPoint, and other Office desktop programs, Exchange Online, Microsoft Teams channels, etc.

What does a DLP policy contain?

DLP contains the content location to be protected. That is, where to protect the content. A location such as SharePoint Online, OneDrive for business sites.

Sensitive information across Office 365 can be protected by a DLP policy. The information location can be OneDrive for Business or SharePoint Online site.

Data Loss Prevention Policies

It also contains information on when and how to enforce rules for protecting the content.

  • Conditions the content must match for the rule to be enforced.
  • Actions you set the rule to take automatically when the content matching condition is met.

One can use a rule to meet a specific protection requirement, for this use a DLP policy to group together common protection requirements, such as all of the rules needed to comply with a specific regulation.DLP02

Setting up DLP policies:

Admins can now easily set up DLP policies for SharePoint Online, OneDrive for Business from the Office 365 compliance center. Admins can get started with any of the existing out-of-the-box templates for a simple construct of conditions, actions, and exceptions. For DLP policies for email, one can go to the Exchange admin center.DLP03

DLP Policy Tips on OneDrive mobile apps

Now with many people working and collaborating with others on their mobile devices, it has become harder to secure an organization’s sensitive data.

To help organizations empower their employees to work anywhere at any time, Microsoft has extended the Office 365 DLP Policy Tips to OneDrive mobile apps for Android, iOS, and Universal Windows.

Policy tips are contextual, user-facing notifications that educate people when they’re about to send, share or work with sensitive data. Now with the availability of them on mobile, it will complement what is already available on web and Office 2016 clients including Outlook.

A mobile user will see a policy tip for documents that contain sensitive information. The tip depending on the policies and user action will provide information about what triggered a policy violation. It will also provide an option to override and submit a false positive report.

Policy tips displayed on Android devices:

DLPpolicyTipsAndroid

Policy Tips in OneDrive Universal Windows desktop app are also displayed thus:

DLPPolicyTipsWindowsDesktop

With this, data will be better protected with a consistent DLP policy tips experience across OneDrive for Business web, Office clients and mobile.

You can read more on microsoft.com.

Vasudev@TWC

The author has been a Microsoft MVP awardee in various Windows categories (2006-2016) and currently a Windows Insider MVP. A Technology Enthusiast, interested in anything technical and is committed to Microsoft technologies and products. He is actively associated with various Microsoft online communities, forums, Newsgroups and has been actively involved in Beta testing various Microsoft products and bug submissions.