Organizations need to protect all its sensitive information and have to prevent its unintentional or careless disclosure. The sensitive information can be financial data, credit card numbers, social security numbers, health records or any particular data. The organization wants to prevent such information from leaking outside. With Office 365 Security and Compliance Center including the Data Loss Prevention (DLP) policy, one can prevent the leakage. As it can identify, monitor, protect information across Office 365. We will see some of the basics of DLP in Office 365.
What is Data Loss Prevention Policy?
DLP helps in the following:
- Identifies sensitive information: One can identify any document containing sensitive information such as credit card number which might be stored in any OneDrive for Business site. This identifying sensitive information can be across SharePoint Online or OneDrive for Business. One can also create a DLP policy in the Exchange admin center and can be applied to emails and other mailbox items.
- Prevent accidental sharing: One can automatically block access to sensitive documents for everyone except the site administrator, document owner and the person who last modified the content.
- Helps to stay compliant without interruptions: One can educate users about DLP policies and help the to remain compliant without blocking their work. DLP policy can send email notification and show them a policy tip.
- Even the Office 2016 desktop programs can include these capabilities like SharePoint Online and OneDrive for Business.
- DLP reports: To get an idea how one’s organization is complying with a DLP policy, one can see how many matches each policy and rule has over time.
What does a DLP policy contain?
DLP contains the content location to be protected. That is, where to protect the content. A location such as SharePoint online, OneDrive for business sites.
Sensitive information across Office 365 can be protected by a DLP policy. The information location can be OneDrive for Business or SharePoint Online site.
It also contains information on when and how to enforce rules for protecting the content.
- Conditions the content must match for the rule to be enforced.
- Actions you set the rule to take automatically when the content matching condition is met.
One can use a rule to meet a specific protection requirement, for this use a DLP policy to group together common protection requirements, such as all of the rules needed to comply with a specific regulation.
Setting up DLP policies:
Admins can now easily set up DLP policies for SharePoint Online, OneDrive for Business from the Office 365 compliance center. Admins can get started with any of the existing out of the box templates for a simple construct of conditions, actions, and exceptions. For DLP policies for email, one can go to the Exchange admin center.
DLP Policy Tips on OneDrive mobile apps
Now with many people working and collaborating with others on their mobile devices, it has become harder to secure organization’s sensitive data.
To help organizations empower their employees to work anywhere at any time, Microsoft has extended the Office 365 DLP Policy Tips to OneDrive mobile apps for Android, iOS, and Universal Windows.
Policy tips are contextual, user-facing notifications that educate people when they’re about to send, share or work with sensitive data. Now with the availability of them on mobile, it will complement what is already available on web and Office 2016 clients including Outlook.
A mobile user will see a policy tip for documents that contain sensitive information. The tip depending on the policies and user action will provide information about what triggered a policy violation. It will also provide an option to override and submit a false positive report.
Policy tips displayed on Android devices:
Policy Tips in OneDrive Universal Windows desktop app are also displayed thus:
With this, data will be better protected with a consistent DLP policy tips experience across OneDrive for Business web, Office 2016 clients and mobile.