In this webinar, we will walk-through Data Loss Prevention in Office 365. We will see how to create DLP policy with Labels as a condition. We will also go through Document fingerprint in Exchange Online DLP and DLP reports.
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Presentation used for the sessie "Get to know the new Office 365 Security & Compliance center" at SharePoint Saturday. It contains a lot of example slides covering the functions of this center.
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance Albert Hoitingh
In this session I discussed the storage locations for the Microsoft Teams components and how to use eDiscovery to get there. I also discussed information protection and information compliance.
Azure Information Protection - Taking a Team ApproachJoanne Klein
There's a lot more to implementing Azure Information Protection(AIP) than meets the eye simply because it goes far beyond the technical implementation of labels. In this practical session, we'll walk thru some steps to help set your organization up for a successful AIP rollout. These steps include:
how to plan your organization's AIP labels
how to configure them for your tenant
how to ensure information workers in your organization have adopted their use.
Each step is critical to the overall success of your AIP program and the reason why it cannot be done by the IT-Pro alone. Joanne and Charmaine team up for this session to share some practical advice and creative tips and tricks for rolling out AIP and will cover topics for the IT Pro, Information Manager, and Adoption specialist – all required resources on an AIP rollout team! You might even see an AIP bot!
In this webinar, we will walk-through Data Loss Prevention in Office 365. We will see how to create DLP policy with Labels as a condition. We will also go through Document fingerprint in Exchange Online DLP and DLP reports.
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Presentation used for the sessie "Get to know the new Office 365 Security & Compliance center" at SharePoint Saturday. It contains a lot of example slides covering the functions of this center.
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance Albert Hoitingh
In this session I discussed the storage locations for the Microsoft Teams components and how to use eDiscovery to get there. I also discussed information protection and information compliance.
Azure Information Protection - Taking a Team ApproachJoanne Klein
There's a lot more to implementing Azure Information Protection(AIP) than meets the eye simply because it goes far beyond the technical implementation of labels. In this practical session, we'll walk thru some steps to help set your organization up for a successful AIP rollout. These steps include:
how to plan your organization's AIP labels
how to configure them for your tenant
how to ensure information workers in your organization have adopted their use.
Each step is critical to the overall success of your AIP program and the reason why it cannot be done by the IT-Pro alone. Joanne and Charmaine team up for this session to share some practical advice and creative tips and tricks for rolling out AIP and will cover topics for the IT Pro, Information Manager, and Adoption specialist – all required resources on an AIP rollout team! You might even see an AIP bot!
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Communication Compliance in Microsoft 365Joanne Klein
Communication Compliance is part of the Insider Risk solution set in Microsoft 365. Its purpose is to monitor communication methods used both within and outside of the Microsoft 365 cloud to help identify insider non-compliant and risky communication. In the modern workplace today, communication methods are vast and varied and all can be a potential channel for non-compliance. The Communication Compliance tool has been purpose-built to help identify potential areas of non-compliance across these communication methods and remediation actions that can be taken depending on the severity of the activity.
IRMS UG Principles of Retention in Microsoft 365Joanne Klein
There's only 4 of them, but they're important. Really important.
This session will talk about why it's essential for Records Managers and Information Management teams to have an authoritative understanding of the principles. They inform the retention and deletion processes and actions which are the technical underpinning of your Information Governance/Records Management (IG/RM) implementation. This is what ultimately determines the retention and deletion actions taken on each piece of content.
Understanding the principles of retention is an important prerequisite to a holistic IG/RM design and implementation. It can help ensure you are deleting content when you no longer need/require it and retaining content for as long as you are required to meet your corporate governance requirements and your legal, business, and regulatory obligations.
M365 Virtual Marathon: Retention in Office 365 - the Where What and HowJoanne Klein
Presentation from the M365 Virtual Marathon. Session was all about Retention and answers the many questions surrounding it suggesting deep knowledge before you can start.
M365 Records Management Community WebinarDrew Madelung
Information governance is necessary for enterprises. The management of content lifecycles is needed to be compliant and secure. Records management in M365 has many new features and capabilities that we will highlight in this webinar. We will also have real-world conversations on use cases of moving to modern records management in M365 and the challenges, opportunities, and overall guidance for this process. Bring your questions to this exciting webinar!
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Microsoft Teams in the Modern WorkplaceJoanne Klein
Joanne Klein delves into Microsoft Teams to give a glimpse of its features, its underlying architecture, and what’s in it for the modern worker and the data protection, data retention, and legal/compliance teams across your organization.
Information management and data governance in Office 365Joanne Klein
Learn the basics about AIP, Retention labels and DLP in Office 365 and how it can be used to protect our data. This presentation is from SharePoint Unite 2017 in Haarlem, Netherlands.
Azure Information Protection - Taking a Team Approach - SPS MontrealJoanne Klein
Take a team approach to implementing AIP in your organization. This slide deck walks thru the planning, configuration and some examples of how to use it in the real world.
We are living a complete digital transformation where people are not restricted by apps or devices or even location. Work can be done anywhere and on any device which leads to greater security concerns regarding this business data living on mobile devices and shared with external (sometimes not trusted users). Microsoft Unified Labeling protection leverages the power of the cloud and ease of use (a few clicks for implementation) to provide a complete Information Protection solution. Now with the new unified Azure label client, users can administer the labels from one location while being integrated across the whole Microsoft platform. Attendees will learn how to configure Unified labels with real case scenarios.
Empowering the business for eDiscovery in Office 365 - BRK2112Joanne Klein
45 minute breakout session from Microsoft Ignite 2019. Practical session covering 3 must-have skills for business teams to "self-serve" on their own eDiscovery requests.
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
Starting from May 25, 2018 all European businesses and all worldwide businesses that are trading partners of European businesses will have to adhere to the new General Data Protection Regulation (GDPR). In this session, learn what are the main requirements of GDPR, from an IT perspective, and what are the out-of-the-box capabilities of Microsoft Office 365 and of SharePoint Online that can help you to be compliant with the GDPR rules.
Moreover, see a sample project, based on SharePoint Online, that you can use as a starter kit to satisfy the GDPR basic requirements.
Paolo Pialorsi, Microsoft Certified Master in SharePoint, MVP and SharePoint PnP Core Team Member, joined us in this webinar to talk about how GDPR is affecting your Office 365.
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
CollabDaysBenelux2020 - Building a remarkable onboarding experience for new e...Corinna Lins
It's a familiar scenario: You just started a new job in a company and you can't find your way around. You need to find information, documents, people, buildings, maps etc.
Office 365 offers us the ideal conditions to build our own onboarding process according to the needs of our company. And here one of the biggest challenges is to figure out what does the onboarding process look like? What information and tasks does a new employee actually need? And what tools do you have to implement the process?
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
Are you protecting your data at rest and in transit?
In this session we will go through all the different types of DLP in Microsoft Purview including endpoint, Exchange, Teams, SharePoint, OneDrive, and more. We will discuss the configuration options, why it is important, and the best practices to get started while going through a collection of demos.
You will leave this sessions with a deeper understanding of the technology and how it can impact your employee's experience
March 2023 CIAOPS Need to Know WebinarRobert Crane
Slides from CIAOPS March 2023 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on Microsoft 365 Information Protection best practices. Video recording is available at www.ciaopsacademy.com
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Communication Compliance in Microsoft 365Joanne Klein
Communication Compliance is part of the Insider Risk solution set in Microsoft 365. Its purpose is to monitor communication methods used both within and outside of the Microsoft 365 cloud to help identify insider non-compliant and risky communication. In the modern workplace today, communication methods are vast and varied and all can be a potential channel for non-compliance. The Communication Compliance tool has been purpose-built to help identify potential areas of non-compliance across these communication methods and remediation actions that can be taken depending on the severity of the activity.
IRMS UG Principles of Retention in Microsoft 365Joanne Klein
There's only 4 of them, but they're important. Really important.
This session will talk about why it's essential for Records Managers and Information Management teams to have an authoritative understanding of the principles. They inform the retention and deletion processes and actions which are the technical underpinning of your Information Governance/Records Management (IG/RM) implementation. This is what ultimately determines the retention and deletion actions taken on each piece of content.
Understanding the principles of retention is an important prerequisite to a holistic IG/RM design and implementation. It can help ensure you are deleting content when you no longer need/require it and retaining content for as long as you are required to meet your corporate governance requirements and your legal, business, and regulatory obligations.
M365 Virtual Marathon: Retention in Office 365 - the Where What and HowJoanne Klein
Presentation from the M365 Virtual Marathon. Session was all about Retention and answers the many questions surrounding it suggesting deep knowledge before you can start.
M365 Records Management Community WebinarDrew Madelung
Information governance is necessary for enterprises. The management of content lifecycles is needed to be compliant and secure. Records management in M365 has many new features and capabilities that we will highlight in this webinar. We will also have real-world conversations on use cases of moving to modern records management in M365 and the challenges, opportunities, and overall guidance for this process. Bring your questions to this exciting webinar!
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
Vast amounts of your organization's sensitive data are accessible, stored, and used by authorized employees and partners on a host of devices and servers. Protecting that data where ever it is stored or travels is a top priority.
Microsoft Teams in the Modern WorkplaceJoanne Klein
Joanne Klein delves into Microsoft Teams to give a glimpse of its features, its underlying architecture, and what’s in it for the modern worker and the data protection, data retention, and legal/compliance teams across your organization.
Information management and data governance in Office 365Joanne Klein
Learn the basics about AIP, Retention labels and DLP in Office 365 and how it can be used to protect our data. This presentation is from SharePoint Unite 2017 in Haarlem, Netherlands.
Azure Information Protection - Taking a Team Approach - SPS MontrealJoanne Klein
Take a team approach to implementing AIP in your organization. This slide deck walks thru the planning, configuration and some examples of how to use it in the real world.
We are living a complete digital transformation where people are not restricted by apps or devices or even location. Work can be done anywhere and on any device which leads to greater security concerns regarding this business data living on mobile devices and shared with external (sometimes not trusted users). Microsoft Unified Labeling protection leverages the power of the cloud and ease of use (a few clicks for implementation) to provide a complete Information Protection solution. Now with the new unified Azure label client, users can administer the labels from one location while being integrated across the whole Microsoft platform. Attendees will learn how to configure Unified labels with real case scenarios.
Empowering the business for eDiscovery in Office 365 - BRK2112Joanne Klein
45 minute breakout session from Microsoft Ignite 2019. Practical session covering 3 must-have skills for business teams to "self-serve" on their own eDiscovery requests.
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
Starting from May 25, 2018 all European businesses and all worldwide businesses that are trading partners of European businesses will have to adhere to the new General Data Protection Regulation (GDPR). In this session, learn what are the main requirements of GDPR, from an IT perspective, and what are the out-of-the-box capabilities of Microsoft Office 365 and of SharePoint Online that can help you to be compliant with the GDPR rules.
Moreover, see a sample project, based on SharePoint Online, that you can use as a starter kit to satisfy the GDPR basic requirements.
Paolo Pialorsi, Microsoft Certified Master in SharePoint, MVP and SharePoint PnP Core Team Member, joined us in this webinar to talk about how GDPR is affecting your Office 365.
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
CollabDaysBenelux2020 - Building a remarkable onboarding experience for new e...Corinna Lins
It's a familiar scenario: You just started a new job in a company and you can't find your way around. You need to find information, documents, people, buildings, maps etc.
Office 365 offers us the ideal conditions to build our own onboarding process according to the needs of our company. And here one of the biggest challenges is to figure out what does the onboarding process look like? What information and tasks does a new employee actually need? And what tools do you have to implement the process?
Deep dive into Microsoft Purview Data Loss PreventionDrew Madelung
Are you protecting your data at rest and in transit?
In this session we will go through all the different types of DLP in Microsoft Purview including endpoint, Exchange, Teams, SharePoint, OneDrive, and more. We will discuss the configuration options, why it is important, and the best practices to get started while going through a collection of demos.
You will leave this sessions with a deeper understanding of the technology and how it can impact your employee's experience
March 2023 CIAOPS Need to Know WebinarRobert Crane
Slides from CIAOPS March 2023 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on Microsoft 365 Information Protection best practices. Video recording is available at www.ciaopsacademy.com
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
Recently, Microsoft introduced Microsoft 365, which brings together Office 365, Windows 10, and Enterprise Mobility + Security. We’ll explore what this combination of products means for an organisation looking to ensure GDPR compliance and additional Office 365 products that you can layer to help you meet your obligations.
SPSTC18 Laying Down the Law - Governing Your Data in O365David Broussard
Have you ever wanted to tell your users "I am the LAW!" when they ask why they have to tag a file in SharePoint? This session looks at what governance is, why its important, why our data is like laundry, and what tools Microsoft gives us to help you rein in your users and lay down the law!
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...Jasper Oosterveld
Although Microsoft Teams is an incredibly powerful solution, it comes with a challenge around data security. The data generated and stored within Microsoft Teams is unfragmented and different in nature. Varying from chat & channel messages, documents, images, recordings, and meetings. Combining this with the ever-changing regulations, organizations have a serious compliance risk on their hands. Microsoft understands these risks and with the help of Microsoft Purview offers comprehensive solutions to help protect and govern your sensitive data.
Jasper Oosterveld, Microsoft MVP and Modern Workplace Consultant is going to focus on Microsoft Purview Information Protection and Data Loss Prevention. Combining his real world experience, ensuring you can successfully implement these solutions with your customers or internal organization.
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have their own privacy and breach reporting laws including Georgia, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network setups
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
Everyone throws around the word compliance but how do you actually achieve that? In this free, 60-minute webinar Sam Chenkin from Tech Impact discusses achievable goals for the nonprofit community to keep their data safe with the Microsoft Cloud. We explore account security like two-factor authentication, data security like encryption, and how to make sure only compliant devices can access your data.
Ensure your compliance in Microsoft Teams with Information Protection and Gov...Jasper Oosterveld
Microsoft Teams enables organizations to stay connected and access shared content any time to learn, plan, and innovate—together. Although these advantages improve internal and external collaboration, organization have serious concerns around being and staying compliant.
Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to discuss the available Microsoft Information Protection and Governance toolset to ensure and maintain your organizational compliance while working with Microsoft Teams.
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have privacy and breach reporting laws, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network Configs,
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
International Workshop on Artificial Intelligence in Software Testing
Data Loss Prevention in O365
1. Data Loss Prevention in O365:The Basics
An overview of the data loss prevention offerings from Microsoft to help your
business stay secure in today's challenging digital world.
Don Daubert
Covenant Technology Partners
Twitter @sharepointroxs
ddaubert@mailctp.com
3. What is Data Loss Prevention?
• Data loss prevention (DLP) is a strategy for
making sure that users do not send sensitive or
critical information outside the enterprise.
• As part of that strategy a softwarecloud solution
is usually implemented that uses policies or
business rules to protect data.
• Data at Rest – File Shares, Archives, Storage,
Backups.
• Data In Motion – Across Network, Email, Sharing.
• Data In Use – CopyPaste, Printing, Faxing, Screen
Capture.
• How? – Data Matching, Rule Matching, Regex,
Metadata.
4. Who should implement a DLP Strategy?
• Everyone
• Financial Institutions, Educational Institutions, Health
Care
• Types of information to protect
• HIPPA
• PII
• PHI
• Why - http://focus.forsythe.com/articles/19/10-
Reasons-Why-Your-Organization-Needs-Data-Loss-
Prevention
• Auditing, Compliance, Security, Financial, Prevention
• DLP Deployment Tips -
https://www.csoonline.com/article/2134517/it-
strategy/strategic-planning-erm-7-strategies-for-a-
successful-dlp-strategy.html
45%
5. DLP vs RMS + SharingIntune
• Together - Both provides a comprehensive way in which customers can protect their data in during the
lifecycle of that data including data in motion, at rest and in use.
• DLP – Files and sensitive types must match rules.
• DLP – Prevent accidentalintentional sharing and email communication.
• Some sharing features assist with this
• Intune Conditional Access policies assist with MDM
• RMS - Prevent sensitive information from being printed, forwarded, or copied by unauthorized people.
• Access and permissions stored in file
• OneDrive For Business and SharePoint Sharing Security -
https://techcommunity.microsoft.com/t5/OneDrive-Blog/Introducing-a-new-secure-external-sharing-
experience/ba-p/112624
• Intune – Secure Devices, Access policies
• Microsoft 365 – O365, Windows 10, EMS (Enterprise Mobility & Security) - https://www.microsoft.com/en-
us/microsoft-365/enterprise/home
6. What is Data Loss Prevention in O365?
• Discovery and protection of sensitive data in the enterprise.
• Risk Mitigation.
• An automated process to simplify security.
• Common policies across the enterprise.
• File protection during lifecycle for data at rest and in motion.
• In use (Other methods ie RMS, Windows Policies, Internet Policies)- Copy to
USB, Screeenshot sharing, Exposure to Dropbox, GoogleDrive
• Must have E3 or E5 Plan - https://technet.microsoft.com/en-
us/library/office-365-plan-options.aspx
7. Deeper Dive…O365
• Identify sensitive information across many locations.
• Exchange Online
• SharePoint Online
• OneDrive For Business
• Policies apply to each or across all
• Prevent accidental or intentional sharing of
sensitive data
• Works in the Desktop versions of Word 2016, Excel
2016, Outlook 2016, PowerPoint 2016.
• Works in Mobile versions of Office Products – OD4B,
Outlook, SharePoint.
• Help users stay compliant – Policy tips.
• Reporting of incidents.
• Implement in “test” or “monitor” mode to watch
false +- and ensure actions are accurate before
deployment.
• Works hand in hand with O365 Message Encryption.
8. Under The Hood…Information Sensitive Types
• Manage from Office 365 Security & Compliance
Center.
• Exchange Online Transport rules and DLP can be created
in EXO Admin but will not appear in Security &
Compliance.
• Policies for all (SPO, EXO, OD4B) must be created here.
• Out Of The Box
• Information Sensitive Types Definitions
• SSN, Phone, Drivers License, Credit Card #, Bank Account #.
• Can create Custom Sensitive Types with .xml and
Powershell.
• Customization - https://support.office.com/en-
us/article/create-a-custom-sensitive-information-type-
82c382a5-b6db-44fd-995d-b333b3c7fc30
9. ... Policies
• Policies contain rules.
• Where – Location of content to protect. SharePoint Online, Exchange Online,
OneDrive For Business.
• SPO - All or select
• OD4B – All or Select
• EXO – All (Cannot chose individual MB’s yet)
• Rules – These enforce your business requirements.
• Conditions – The content must match before the rule is enforced -- for example, look
only for content containing Social Security numbers that's been shared with people
outside your organization.
• Actions - that you want the rule to take automatically when content matching the
conditions is found -- for example, block access to the document and send both the
user and compliance officer an email notification.
• Out Of The Box Templates
• Simple and Advanced Settings
• User Notification and Overrides – Business Justification.
10. • Policy Tips – User education and compliance.
Outlook 2013 + and Outlook Web
SPO & OD4B
Excel 2016, Word 2016. Powerpoint 2016 stored on site included in DLP
policy
Can create and upload custom policies with Powershell.
• Grouping and Logical Operators
• Group sensitive information types.
• Choose the logical operator between the sensitive information types
within a group and between the groups themselves.
• Examples – And, Or, Any Of These
• Rule Priority
• Set in order of creation
• Rule Tuning
• Adjust for false + or false –
• Match Accuracy - Percentage of accuracy
• Labels
• Can use Labels as a condition for rule matching
• Publish – Users manually apply Labels
• Auto-Apply
11. • Deployment - If you’re creating DLP policies with a large potential
impact, this sequence is recommended:
• Start in test mode without Policy Tips and then use the DLP reports and
any incident reports to assess the impact. You can use DLP reports to
view the number, location, type, and severity of policy matches. Based
on the results, you can fine tune the rules as needed. In test mode, DLP
policies will not impact the productivity of people working in your
organization.
• Move to Test mode with notifications and Policy Tips so that you can
begin to teach users about your compliance policies and prepare them
for the rules that are going to be applied. At this stage, you can also ask
users to report false positives so that you can further refine the rules.
• Start full enforcement on the policies so that the actions in the rules
are applied and the content’s protected. Continue to monitor the DLP
reports and any incident reports or notifications to make sure that the
results are what you intend.
• Reporting
• Focus on specific time periods and understand the reasons for spikes and trends.
• Discover business processes that violate your organization’s compliance policies.
• Understand any business impact of the DLP policies
• Fine tuning policies and rules
12. How it Works?
• That’s Level 200
• EXO - Once created, syncs to EXO, Outlook Web, Desktop
• SPO & OD4B – Search