2. Brought to you by:
Community for Azure, Microsoft 365 & SharePoint
3. Join the aMS Quiz to win Prizes !
Attend the aMS
sessions for 2 days
Answer as many
questions as you can
Highest scorers get
rewarded!
Throughout the 2 days aMS sessions, we will share this QR code with you
to participate on a quiz to win some prizes.
Answers can be found in every speaker’s session.
Submit your quiz latest by 11.59pm on the 16th Oct 2021.
◀ Scan for
Feedback & Quiz
Join as many session as you can to get
the hints on the correct answer of the quiz!
5. Session Objectives
During this session we will:
Talk about data loss prevention in Microsoft 365
Discuss the different ways to detect information
Look at data loss prevention policies
Take a peek at endpoint DLP
6. Data is
exploding
It’s created, stored, and
shared everywhere
Cloud
Electronic
medical
records
Administrative
data
Platforms
Patient
communications
Interoperability
Corporate
Claims
Vendors
Care
coordination Genetic and
genomic data
Drug
discovery
Research
8. Introduction | DLP
(un)Intentional loss of sensitive data
This can be privacy sensitive, intellectual property or
other classified/sensitive information. Either by losing
the data, sharing it or storing it on unmanaged
environments.
Examples?
Automatic forwarding of e-mails, storing
documents on personal cloud environments,
using non-encrypted USB-drives, sharing from
OneDrive.
9. Templates
You can use build-in templates, sensitive information
types or configure your own rules and processes to stop
data loss. Information is detected automatically (using
sensitive information types) or manually using labels.
Actions include blocking access, notifying compliance
officers and logging.
Introduction | DLP
What does Microsoft 365 DLP provide?
Protects against unwanted (internal/external) sharing of
information used in SharePoint Online | Microsoft Teams
| Exchange Online | OneDrive for Business | Endpoints |
On-premises
What’s not part of the deal?
Encrypting information is not part of Microsoft 365 DLP
.
DLP does not offer insider risk management but is part of
that solution.
12. Search
DLP uses the Microsoft 365 (search) indexing method to
find and classify information. Any new added item
cannot be shared before it has been added to the index.
Data Loss Prevention in Microsoft 365
Several options to configure
Data loss prevention policies
Configure a policy to set different rules for several
Microsoft 365 platforms
Sensitive Information Types
Use the build-in types and templates or create your own
to detect sensitive information.
Retention labels/sensitivity labels
Create a policy which uses a label (in-use) to detect the
sensitive content.
14. Microsoft 365 Data Loss Prevention | Finding information
What are these types?
Sensitive information types are used for
automatic detection of information. Examples
include credit card number and IBAN.
Are accurate are these types?
These are very accurate. But if you want specific
accuracy, then look at creating your own.
How to configure these?
Microsoft supplies and manages a long list of
types. These cannot be modified. You can add
your own or look at trainable classifiers.
15. Microsoft 365 Data Loss Prevention | Finding information
What are these types?
These classifiers use machine learning to detect
specific content.
What’s the difference with a custom
sensitive type?
A sensitive information type uses accuracy,
keywords, proximity windows and more options to
configure. But these classifiers use the content to
determine the type.
18. Microsoft 365 Data Loss Prevention | Policies
Policy components
• What locations are to be protected?
• What is considered sensitive?
• What actions have to be checked?
• Is there a difference in accuracy or number of hits required?
• What are the required actions and notifications?
How to create a policy?
• Use the build-in templates or
• Create your own (more advanced)
19. Microsoft 365 Data Loss Prevention | Conditions
Exchange Online
Many specific conditions. Sender, recipient,
subject, and even the header of an e-mail
message.
Microsoft Teams
Both content focused (shared within a
conversation) as well as conversation/chat based.
SharePoint Online and OneDrive for
Business
Information focused and aimed at protecting
sharing activity.
Beware: combining locations can limit the number of actions you
can select!
22. Reporting and alerts
Keep an insight into activities
Alerts
A DLP rule may trigger an alert, which can be accessed
through the portal.
Dashboards
DLP comes with a specific dashboard which shows you all DLP
activity in a specific timeframe.
E-mails
Standard part of the DLP policy is to use e-mail to inform a
security officer (for example) of a DLP policy match.
26. Microsoft 365 Data Loss Prevention | Enhanced
On-premises DLP
• Uses the AIP Scanner functions
• SharePoint on-premises and network shares
• Detect “over-exposed” locations
Endpoint DLP
• Windows 10
• Azure AD joined or hybrid joined
• Microsoft 365 E5 Compliance (!)
• Devices need to be onboarded
28. Microsoft 365 Data Loss Prevention | Enhanced
What does this platform do?
MCAS is a Cloud Access Security Broker platform. It’s
a platform to monitor access and use of cloud
applications, including Microsoft 365. It can detect
the use of cloud applications and set rules. For
example: data loss prevention, but also data
encryption and deny of downloads.
Your organization from any
location
App connectors
Cloud discovery
Proxy
Access +
Session
License types
• Microsoft 365 E5 (Microsoft 365 Cloud App Security)
• Microsoft 365 E5 (full features)
• Add-on license
30. Sensitivity labels
These can be used within a DLP policy. But are not
available for a policy tip in Exchange. And are limited to
Office file-types
Final thoughts | DLP
Policy tips and Outlook
Specific versions of Outlook on the desktop/mobile work
differently with policy tips!
Not want to wait?
DLP for SharePoint Online/OneDrive for Business relies on the content search
engine. If you want to be sure that any document “waits” for the DLP rule to be
checked, then use this PowerShell cmdlet: Set-SPOTenant-
MarkNewFilesSensitiveByDefault BlockExternalSharing
31. Final thoughts: Know Your Data
Identify exposure & risks; guide policy configuration
Understand volume, scope and location of sensitive
information
Visibility into sensitive information types detected
across documents and emails
Identify oversharing, mismanagement or misuse of
important documents
Act on recommendations to enable policies to better
protect and govern data
Helps inform taxonomy and policies for sensitivity
labeling and retention labeling
33. Join the aMS Quiz to win Prizes !
Attend the aMS
sessions for 2 days
Answer as many
questions as you can
Highest scorers get
rewarded!
Throughout the 2 days aMS sessions, we will share this QR code with you
to participate on a quiz to win some prizes.
Answers can be found in every speaker’s session.
Submit your quiz latest by 11.59pm on the 16th Oct 2021.
◀ Scan for
Feedback & Quiz
Join as many session as you can to get
the hints on the correct answer of the quiz!
34. Brought to you by:
Community for Azure, Microsoft 365 & SharePoint
Thank You
Do join us for other sessions in different tracks !