In this webinar, Mike Miller shared how to configure your Microsoft 365 tenant to better meet industry compliance standards.

1. Data Loss Prevention and Compliance in
Microsoft 365: Safeguarding Your Tenant
Account
Presented: June 2023

2. 2 © TechSoup Global. All Rights Reserved.
• Use the Chat function to type in your questions and comments.
• For Closed Captioning, please click and then "Turn on Live Captioning."
Housekeeping

3. 3 © TechSoup Global. All Rights Reserved.
Guest Panelist
I began my IT career as a database admin in the Marine Corps
in 2014. After getting out of the Marines in 2018, I have focused
almost entirely on implementing the entire Microsoft 365 E5
security and compliance suite , working for multiple Microsoft
Gold partner consulting companies for SMBs and Enterprise
clients, as well as an internal position with an SMB. More
recently, I have joined Navy Federal Credit Union as a Microsoft
Purview Administrator on a contract and have created and am
working on growing my own consulting company called Cloudy
Security, LLC.
I can be found and contacted at:
•Email: Mike@cloudy-sec.com
•LinkedIn: https://www.linkedin.com/in/mike-miller34/
•Website: https://www.cloudy-sec.com/

4. 4 © TechSoup Global. All Rights Reserved.
Today’s Agenda
• Introduce Our Guest Panelist
• Understanding Data Loss Prevention (DLP_
• Classification & Sensitivity Labels
• Policies and Rules
• Compliance Requirements & Center
• Data Retention, Insider Threats & ‘Leakage’
• Best Practices
• Q&A

5. Understanding Microsoft DLP
• DLP is a security solution offered by Microsoft that can identify sensitive information and then help prevent
unsafe or unauthorized sharing, transfer, or use of that data. DLP has many different locations that you can
target, which is based on your license level.
• Exchange Online
• SharePoint Online
• OneDrive for Business
• Microsoft Teams Chat and Channel Messages
• Devices
• 3rd-party apps through Microsoft Defender for Cloud Apps
• On-premises File Repositories
• Power BI
• DLP sets blocking (or auditing) actions on files and messages based on the conditions that you define. Each
DLP location has it's own set of conditions and actions specific to that location.
• If you select multiple locations, you will only see the options that are available for each location

6. 6 Copyright © TechSoup Global. All Rights Reserved.
Sensitivity
Labels Overview
• What is a sensitivity label?
§ A sensitivity label is a tag that gets applied to file or email. This tag will stay with the file or
email for the entire lifecycle of the file or email.
o Labels can also be applied to containers, such as M365 Groups, Microsoft Teams sites, or
SharePoint sites.
• How do labels get applied to files and emails?
§ The three primary ways are:
o Manual
Ø User selects the label will creating or modifying a file or email
o Recommended
Ø The system will detect predetermined content, based on Sensitive Information Types
(SITs) or Trainable Classifiers, and recommend a specific label be applied
o Automatic
Ø The system will apply a specific label based on predetermined content
• Licensing requirements
§ Manual and requiring a default label:
o E3/A3/G3/F3/F1
§ Automatic and Recommended labeling:
o E5/A5/G5

7. 7 Copyright © TechSoup Global. All Rights Reserved.
What can
Sensitivity
Labels do?
•
§
o
Ø
Ø
Ø
o
o
Ø
Ø
Ø
Ø
Ø
o
§
o
o
o
§
•
§
o
Ø
Ø
Ø
o
§
o
Ø
Ø
Ø
Ø
o
Ø
Ø
Ø
o
Ø

8. Demo

9. Content Contains
Sensitive Information Types
Trainable Classifiers
§ Sample Content
§ Test
§ Validate
§ Publish
Out of Box
§ Credit Card
§ SSN
§ License
§ More
Custom
§ RegEx
§ Dictionary
§ Fingerprint
§ EDM
Sensitivity or Retention Labels
Cloud DLP (SharePoint/OneDrive)
Conditions
Content shared
internally/externally
Document name contains
words/phrases
Document name contains
matches patterns
Document property
Document size (equal to or
greater than)
Document created by
Document created by
member of
File Extensions
.tsv files
PDF files
Excel files
PowerPoint files
Word files
.csv files
.txt files
.rtf files
.c files
.class files
.cpp files
.cs files
.h files .java files
Additional Conditions
Actions
Block everyone Block only external
Block, allow
override
Conditions matched and user shares the file, you
may apply certain actions
When actions are taken, you may configure end-
user and admin notifications
Block “anyone with
the link” access
Notifications
§ Policy tips
§ User or Group
email notifications
§ Incident reports
Compliance Admins may investigate policy
matches in the Microsoft Purview Admin portal >
Data loss prevention > Activity explorer
Public
Confidential
Internal
Secret
7 Year Delete 5 Year Delete
Document is shared (OD4B
Exclusive)

10. 1
0
Conditions
Sensitive Information Types
Trainable Classifiers
§ Sample Content
§ Test
§ Validate
§ Publish
Out of Box
§ Credit Card
§ SSN
§ License
§ More
Custom
§ RegEx
§ Dictionary
§ Fingerprint
§ EDM
Sensitivity Labels
Content not
Labeled
Word
Processing
Spreadsheet
Presentation Archive
Mail
File Type File Extensions
.tsv files
PDF files
Excel files
PowerPoint files
Word files
.csv files
.txt files
.rtf files
.c files
.class files
.cpp files
.cs files
.h files .java files
Copy/Paste
USB Drive Network Share
Print
App Control
Cloud Upload
Create Item
(Audit)
Rename Item
(Audit)
User Activities
Notifications
§ Policy tips
§ User or Group
email notifications
§ Incident reports
When conditions are met and the following
activities are performed, you may enable certain
actions
Endpoint DLP
When actions are taken, you may configure end-
user and admin notifications
Actions
Block Action
Block, allow
override
Audit Activity
Compliance Admins may investigate policy
matches in the Microsoft Purview Admin portal >
Data loss prevention > Activity explorer
Conditions
Public
Confidential
Internal
Secret
Update
theme

11. 11
Teams Chat/Channel Message DLP
Content Contains
Sensitive Information Types
Trainable Classifiers
§ Sample Content
§ Test
§ Validate
§ Publish
Out of Box
§ Credit Card
§ SSN
§ License
§ More
Conditions
Sender is Sender domain is
Recipient is Recipient domain is
Content shared
internally/externally
Additional Conditions
Actions
Block message
from sending
Block only external
Block, allow
override
Conditions matched and user sends a Teams
chat or channel message, you may apply certain
actions
Notifications
§ Policy tips
§ User or Group
email notifications
§ Incident reports
Compliance Admins may investigate policy
matches in the Microsoft Purview Admin portal >
Data loss prevention > Activity explorer
Sender Notification
Recipient Notification
When actions are taken, you may configure end-
user and admin notifications
Update
theme

12. 12
Exchange DLP
Trainable Classifiers
§ Sample Content
§ Test
§ Validate
§ Publish
Out of Box
§ Credit Card
§ SSN
§ License
§ More
Custom
§ RegEx
§ Dictionary
§ Fingerprint
§ EDM
Public
Confidential
Internal
Secret
Conditions
Sensitive Information Types Sensitivity Labels
Content shared
internally/externally
Additional Conditions
Sender / Recipient is / is member
of distribution group
Sender / Recipient domain is
Sender IP Address is Sender has overridden policy
Content received
internally/externally
Sender / Recipient address
contains words
Sender / Recipient address
matches patterns
Sender / Recipient AD Attribute
contains words or phrases
Sender / Recipient AD Attribute
matches patterns
File Extensions
.tsv files
PDF files
Excel files
PowerPoint files
Word files
.csv files
.txt files
.rtf files
.c files
.class files
.cpp files
.cs files
.h files .java files
Attachments could not be
scanned / did not complete scan
Attachments is password
protected
Document name contains words
or phrases / matches patterns
Document property is
Document size equals or is
greater than
Document content contains words
or phrases / matches patterns
Subject contains words or
phrases / matches patterns
Subject or body contains words or
phrases / matches patterns
Content character set contains
words
Header contains words or
phrases / matches patterns
Message size equals or is greater
than
Message type is
Message importance is
Conditions matched and the email is
sent/received, you can apply the following
actions
Actions
Block everyone Block only external
Block, allow override
Restrict access or encrypt content
Encrypt message
(sensitivity label)
Additional Actions
Set / Remove
headers
Redirect to specific
users
Forward for approval
to manager / set user
Add recipient to the
To / Cc / Bcc box
Add sender’s
manager as recipient
Remove OME and
rights protection
Prepend email subject Add HTML disclaimer
Modify subject
Deliver message to
hosted quarantine
Notifications
§ Policy tips
§ User or Group
email notifications
§ Incident reports
When actions are taken, you may configure end-user
and admin notifications
Compliance Admins may
investigate policy matches in the
Microsoft Purview Admin portal >
Data loss prevention > Activity
explorer
Content is not labeled
Update
theme

13. 13 © TechSoup Global. All Rights Reserved.
Questions & Answers

14. 14 Copyright © TechSoup Global. All Rights Reserved.
Learn Connect
Digital Transformation Forum
https://bit.ly/3ASktwF
Digital Skills Center
Training Courses
https://bit.ly/3xV72dp
Resources
Connect
Monthly Virtual Office Hours
Save the date! Keep your eye open for our
next Office Hours on July 20th – Grant
Writing with a Purpose
Microsoft Cloud: Getting
Started Guide
https://bit.ly/3C30n3c
Community
Get
Started

15. 15 Copyright © TechSoup Global. All Rights Reserved.
Additional Resources
Resources:
• Schedule a Free Consultation
• Utilization Requirements for Donated Microsoft Cloud
Licenses and How to Access the Usage Report
• Digital Assessment Tool - analyze the current state of
your organization's technology. The tool will
provide recommend products, services, and
resources to make your systems and processes work
better for you in service of your mission.
• TechSoup Product Catalog
Blogs:
• Microsoft Cloud Licenses Pricing Changes
• The Right Microsoft 365 and Office 365 for Your
Nonprofit
• What You Need to Know About Microsoft 365
Nonprofit

16. Thank You!
customersuccess@techsoup.org