Data Loss Prevention in O365

1. Data Loss Prevention in O365:The Basics
An overview of the data loss prevention offerings from Microsoft to help your
business stay secure in today's challenging digital world.
Don Daubert
Covenant Technology Partners
Twitter @sharepointroxs
ddaubert@mailctp.com

2. Gold Sponsors
SHAREPOINT SATURDAY ST.LOUIS 2018
Silver Sponsors
Bronze Sponsors

3. What is Data Loss Prevention?
• Data loss prevention (DLP) is a strategy for
making sure that users do not send sensitive or
critical information outside the enterprise.
• As part of that strategy a softwarecloud solution
is usually implemented that uses policies or
business rules to protect data.
• Data at Rest – File Shares, Archives, Storage,
Backups.
• Data In Motion – Across Network, Email, Sharing.
• Data In Use – CopyPaste, Printing, Faxing, Screen
Capture.
• How? – Data Matching, Rule Matching, Regex,
Metadata.

4. Who should implement a DLP Strategy?
• Everyone 
• Financial Institutions, Educational Institutions, Health
Care
• Types of information to protect
• HIPPA
• PII
• PHI
• Why - http://focus.forsythe.com/articles/19/10-
Reasons-Why-Your-Organization-Needs-Data-Loss-
Prevention
• Auditing, Compliance, Security, Financial, Prevention
• DLP Deployment Tips -
https://www.csoonline.com/article/2134517/it-
strategy/strategic-planning-erm-7-strategies-for-a-
successful-dlp-strategy.html
45%

5. DLP vs RMS + SharingIntune
• Together - Both provides a comprehensive way in which customers can protect their data in during the
lifecycle of that data including data in motion, at rest and in use.
• DLP – Files and sensitive types must match rules.
• DLP – Prevent accidentalintentional sharing and email communication.
• Some sharing features assist with this
• Intune Conditional Access policies assist with MDM
• RMS - Prevent sensitive information from being printed, forwarded, or copied by unauthorized people.
• Access and permissions stored in file
• OneDrive For Business and SharePoint Sharing Security -
https://techcommunity.microsoft.com/t5/OneDrive-Blog/Introducing-a-new-secure-external-sharing-
experience/ba-p/112624
• Intune – Secure Devices, Access policies
• Microsoft 365 – O365, Windows 10, EMS (Enterprise Mobility & Security) - https://www.microsoft.com/en-
us/microsoft-365/enterprise/home

6. What is Data Loss Prevention in O365?
• Discovery and protection of sensitive data in the enterprise.
• Risk Mitigation.
• An automated process to simplify security.
• Common policies across the enterprise.
• File protection during lifecycle for data at rest and in motion.
• In use (Other methods ie RMS, Windows Policies, Internet Policies)- Copy to
USB, Screeenshot sharing, Exposure to Dropbox, GoogleDrive
• Must have E3 or E5 Plan - https://technet.microsoft.com/en-
us/library/office-365-plan-options.aspx

7. Deeper Dive…O365
• Identify sensitive information across many locations.
• Exchange Online
• SharePoint Online
• OneDrive For Business
• Policies apply to each or across all
• Prevent accidental or intentional sharing of
sensitive data
• Works in the Desktop versions of Word 2016, Excel
2016, Outlook 2016, PowerPoint 2016.
• Works in Mobile versions of Office Products – OD4B,
Outlook, SharePoint.
• Help users stay compliant – Policy tips.
• Reporting of incidents.
• Implement in “test” or “monitor” mode to watch
false +- and ensure actions are accurate before
deployment.
• Works hand in hand with O365 Message Encryption.

8. Under The Hood…Information Sensitive Types
• Manage from Office 365 Security & Compliance
Center.
• Exchange Online Transport rules and DLP can be created
in EXO Admin but will not appear in Security &
Compliance.
• Policies for all (SPO, EXO, OD4B) must be created here.
• Out Of The Box
• Information Sensitive Types Definitions
• SSN, Phone, Drivers License, Credit Card #, Bank Account #.
• Can create Custom Sensitive Types with .xml and
Powershell.
• Customization - https://support.office.com/en-
us/article/create-a-custom-sensitive-information-type-
82c382a5-b6db-44fd-995d-b333b3c7fc30

9. ... Policies
• Policies contain rules.
• Where – Location of content to protect. SharePoint Online, Exchange Online,
OneDrive For Business.
• SPO - All or select
• OD4B – All or Select
• EXO – All (Cannot chose individual MB’s yet)
• Rules – These enforce your business requirements.
• Conditions – The content must match before the rule is enforced -- for example, look
only for content containing Social Security numbers that's been shared with people
outside your organization.
• Actions - that you want the rule to take automatically when content matching the
conditions is found -- for example, block access to the document and send both the
user and compliance officer an email notification.
• Out Of The Box Templates
• Simple and Advanced Settings
• User Notification and Overrides – Business Justification.

10. • Policy Tips – User education and compliance.
Outlook 2013 + and Outlook Web
SPO & OD4B
Excel 2016, Word 2016. Powerpoint 2016 stored on site included in DLP
policy
Can create and upload custom policies with Powershell.
• Grouping and Logical Operators
• Group sensitive information types.
• Choose the logical operator between the sensitive information types
within a group and between the groups themselves.
• Examples – And, Or, Any Of These
• Rule Priority
• Set in order of creation
• Rule Tuning
• Adjust for false + or false –
• Match Accuracy - Percentage of accuracy
• Labels
• Can use Labels as a condition for rule matching
• Publish – Users manually apply Labels
• Auto-Apply

11. • Deployment - If you’re creating DLP policies with a large potential
impact, this sequence is recommended:
• Start in test mode without Policy Tips and then use the DLP reports and
any incident reports to assess the impact. You can use DLP reports to
view the number, location, type, and severity of policy matches. Based
on the results, you can fine tune the rules as needed. In test mode, DLP
policies will not impact the productivity of people working in your
organization.
• Move to Test mode with notifications and Policy Tips so that you can
begin to teach users about your compliance policies and prepare them
for the rules that are going to be applied. At this stage, you can also ask
users to report false positives so that you can further refine the rules.
• Start full enforcement on the policies so that the actions in the rules
are applied and the content’s protected. Continue to monitor the DLP
reports and any incident reports or notifications to make sure that the
results are what you intend.
• Reporting
• Focus on specific time periods and understand the reasons for spikes and trends.
• Discover business processes that violate your organization’s compliance policies.
• Understand any business impact of the DLP policies
• Fine tuning policies and rules

12. How it Works?
• That’s Level 200 
• EXO - Once created, syncs to EXO, Outlook Web, Desktop
• SPO & OD4B – Search

13. Questions?Time For Demo?