This document provides an overview of Microsoft Office 365 Data Loss Prevention (DLP). It defines DLP as a practice to protect sensitive data from loss or sharing. It describes how Office 365 DLP works by detecting sensitive content, defining policies to monitor activities, and taking protective actions. It also outlines how to configure DLP policies by specifying monitoring targets, locations, conditions, and actions. Finally, it discusses best practices for planning, preparing, testing and deploying DLP policies within an organization.
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
Office 365 DLP Guide: Protect Sensitive Data Anywhere
1. Title: [Review] Microsoft Office 365 Data Loss Prevention Policy Guide
Keywords: office 365 data lossprevention,datalosspreventionoffice 365, data lossprevention
policy,whatisdata lossprevention,datalosspreventiontechnology
Description: What’s Office 365 data loss prevention (DLP)? How does DLP function? How to
configure and deploy DLP? What else you can do to protect data besides DLP?
URL: https://www.minitool.com/backup-tips/office-365-data-loss-prevention.html
Summary: This article composed by MiniTool Technology introduces you with a Microsoft 365
service called data loss prevention. It elaborates its definition, function, configuration, and
deployment. And more related information to be found when you start reading.
About Office 365 Data Loss Prevention
What Is Data Loss Prevention?
Data Loss Prevention(DLP) isapractice that protectssensitive datalike financialdata(creditcard
numbers),social securitynumbers,andproprietarydatacontrolledbyorganizationsandreduces
data lossrisk.For example,awayis neededtopreventusersinorganizationsfrominappropriately
sharingsensitivedatawithotherswhoare not expectedtohave it.
By definingandapplyingdatalosspreventionpolicies,youcanapplyDLPin MicrosoftOffice 365.
Witha DLP policy,youare able to identify, monitor,andprotectsensitive dataautomaticallyacross
manyapplicationsandservicesasbelow.
Microsoft365 servicesincluding Exchange,Teams,SharePoint,andOneDrive.
Office appslike Word,Excel,andPowerPoint.
Windows10 endpoints.
Non-Microsoftcloudapps.
2. On-premisesSharePointandon-premisesfile shares.
Office 365 DLP isjustone of the Microsoft365 Compliance tools thatavailable toprotectyour
sensitivedatawhereveryoulive ortravel.
How Does Data Loss Prevention Office 365 Work?
MS 365 detectssensitive itemsrelyingonbothsimple textscananddeepcontentanalysis.Content
isanalyzedforprimarydata matchesto keywords,byregularexpressionevaluation,byinternal
functionvalidation,andbysecondarydatamatchesthat are inproximitytothe primarydatamatch.
Besides, Microsoftdataloss preventionalsotakesadvantage of machine learningalgorithmsand
otherwaysto detectcontentthat matchesyourDLP policies.
Microsoft365 DLP policiesare howyoumonitorthe activitiesthatuserstake onsensitive itemsat
rest,intransit,or in use and take protective actions.If auserviolatesthe rulesandtryto share a
sensitiveitemwithsomeoneunauthorized,DLPwill:
Showa pop-uppolicytiptothe userwarninghimthathe maybe tryingto share a sensitive
iteminappropriately.
Blockthe sharing,allowthe usertooverride the blockviaapolicytip,andcapture the user’s
justification.
Blockthe sharingwithoutthe overrideoption.
Lock and move the sensitiveitemtoasecure quarantine location.(Fordataatrest)
Displaythe sensitive info.(ForTeamschat)
All data losspreventionmonitoredactivitieswill be recordedtothe Microsoft365 Auditlogby
defaultandroutedtoActivityexplorer.Whenausercarriesout an actionthat meetsthe criteriaof a
DLP policy,if youhave alertsconfigured,DLPprovidesalertsinthe DLPalertmanagement
dashboard.
https://www.minitool.com/news/exchange-online-protection.html
How to Configure Your DLP Policy?
There isflexibilityinhowtocreate andconfigure DLPpolicies.Youcan beginwitha predefined
template andcreate a policyinjusta few clicks.Or,you can designyourown style policyfromthe
groundup. Yet,no matterwhichwayyou create yourpolicy,youhave to specifythe below aspects.
1. Monitor Target
In the firstplace,youneedtodecide whatyouwantto monitor.
For predefined datalosspreventionpolicytemplates,Office 365 containsmanyincludingprivacy
data for variouscountriesandregions,financial data,aswell asmedical andhealthdata.
As forcustom policy,itusesthe availablesensitive infotypes,retentionlabels,andsensitivitylabels.
2. Monitor Location
Then,youshouldselectwhere tomonitorwithOffice 365 data losspreventionpolicy.Justpickone
or multiple locations fromthe below list.
MicrosoftTeamschat andchannel messages
Windows10 devices
On-premisesrepositories
Exchange Online emails
3. SharePointOnline sites
OneDrive accounts
MicrosoftCloudAppSecurity
3. Policy Application Condition
Thirdly,choose the conditionsthatmustbe matchedfor a policytobe implementedtoanitem.You
can accept the pre-configuredconditionsorconfigure yourones.Some of the pre-configured
conditionsare listedbelow.
Itemhas a specifiedsensitivitylabel.
An itemwithsensitiveinfoissharedinternallyorexternally.
An itemcontainingaspecifiedtype of sensitive infoisbeingusedinanunallowedsituation.
https://www.minitool.com/news/microsoft-teams-vs-slack-which-is-better.html
4. Action to Take When the Policy Conditions are Met
Please note thatthe actionscan be takenwhenthe specifiedconditionsare metbutdependingon
the locationwhere the activityishappening.
In TeamsChat and Channel,youcanblocksensitiveinformationfrombeingsharedinthe chator
channel.
In Exchange,SharePoint,orOneDrive,youare allowedtoblockpeopleoutsideyourorganization
fromaccessingthe contentwhile showingthe usersatipand sendthema mail notice tellingthem
that theyare performinganactionprohibitedbythe DLPpolicy.
In the Office apps,youare enabledtoshow a popupinformingthe userthattheyare engagingin
riskybehavior.Meanwhile,blockthemwhile allowingwithoverrideorwithout.
In Windows10 devices,youare able toauditor restrictcopyinga sensitive itemtoa removable USB
device.
While inon-premisesfile shares,youcanmove the file fromitsoriginationtoaquarantine place.
Tip: The monitorconditionsand blockactionsare defined in an objectnamed a Rule.
Once you have createdan Office 365 data lossprevention policyinthe Compliance Center,itwill be
savedina central policystore and thensyncedtovariouscontentsourcesincluding:
From Exchange Online toOutlookandOutlookonthe web.
Office desktopapps:Word,Excel,andPowerPoint.
MicrosoftTeamschat andchannel.
SharePointOnline sites.
OneDrive forBusinesssites.
Eventually,whenthe policyissyncedtothe rightlocations,itwill begintoevaluate the contentsand
enforce actions.
Lifecycle of Data Loss Prevention
In general,there are three phasesduringthe implementationof DLP.
4. 1. Plan for Data Loss Prevention
MS 365 DLP monitoringandprotectionare native tothe appsthat usersuse everyday.So, evenif
your usersare unaccustomedtodata losspreventionthinkingandpractices,itcan still protectyour
organizations’sensitive datafromriskyactivities.
If your organizationandusersare newto DLP practices,itmay needa change to yourbusiness
processestoadoptDLP. There will be a culture shiftforyourusers.However, byproperplanning,
testing,andtuning,yourDLP policieswill protectyoursensitive datawhileminimizinganypotential
businessprocessdisruptions.
Data Loss PreventionTechnologyPlanning
Again,as a technology,DLPcanmonitorand protectsensitivedataat rest,inuse,and inmotion
across Microsoft365 services,Windows10devices,on-premisesSharePoint,andon-Promisesfile
shares.There are planningimplicationsforthe differentlocations,targetdatatype,andthe actions
to be takenwhena policymatchoccurs.
DLP BusinessProcessesPlanning
Data losspreventionblocksprohibitedactionssuchassharingsensitive dataviaemail
inappropriately.WhenyouplanyourDLPpolicies,you have toidentifythe businessprocessesthat
touch yoursensitive items.
Then,howto identifybetweenappropriate andinappropriate userbehaviors?Don’tworry.The
businessprocessownerswill helpyou. Youneedtoplanyourpoliciesanddeploythemin testmode.
Whenintest mode,evaluate the impactsof the DLPpoliciesthroughactivityexplorer.Finally,apply
those policiestomore restrictivemodes.
DLP Organizational Culture Planning
A successful DLPimplementationdependsongettingyouruserstrainedandacclimatedto Office
365 data losspreventionpracticesthe same asonwell-plannedandtunedpolicies.Youare
recommendedtorelyonpolicytipstoraise awarenesswithyourusersbefore changingthe policy
enforcementfromtestmode tomore restrictive modes.
https://www.minitool.com/backup-tips/microsoft-office-wont-open.html
2. Prepare for Data Loss Prevention
You can implementDLPpoliciestodataat rest, inuse,and inmotioninlocations mentionedabove.
For sensitivedatainthe above locations,eachhasdifferentpre-requisites.Insome locationssuchas
Exchange Online,sensitiveitemscanbe protectedbyDLPby justconfiguringanappliedpolicy. In
otherlocationslike on-premisesfilerepositories,anAzure InformationProtection(AIP) scanneris
required.Youneedtoprepare yourenvironmentandcode draftpoliciesandtestthemcompletely
before activatinganyblockingoperations.
3. Deploy DLP Policies in Production
Generally,there are fourstepstodeployyourdatalosspreventionpoliciesinproduction.
Step 1. Design YourDLP Policies
Firstof all,define yourcontrol objectivesandhow theyimplementacrosseachrespective workload.
Then,drafta policythatembodiesyour objectives.Youcanstart withone workloadata time or with
all workloads atthe same time.Itall dependsonyouandthere isno impactso far.
5. Step 2. Apply Your DLP PoliciesinTest Mode
In thisphase,youshouldevaluate the influence of the controlsbyapplyingthemwithaDLPpolicy in
testmode.You can start withone workload.Also,youcanimplementthe policytoall workloadsbut
still intestmode toget complete results.
Step 3. Monitor the Outcomesand Tune the Policy
While intestmode,youneedtomonitorthe outcomesof the appliedDLPpolicyandfine-tune itto
make it meetsyourcontrol objectives.Atthe same time,ensure thatyoudon’timpactvaliduser
workflowsandproductivityinadvertentlyoradversely.
Some thingsyoumay needtofine-tune:
The actions.
The level of restrictions.
Addnewcontrols
Addnewpeople.
Addnewrestrictedapps.
Addnewrestrictedsites.
Sensitiveinformationdefinition(s).
Locations/placesandpeoplethatare inor out of scope.
Conditionsandexceptions are usedtodetermine if anitemmatchesthe policyandwhatis
beingdone withit.
Step 4. Deploy the Control and Tune Your Policies
Whenthe policymeetsall yourobjectivesafterfine-tune,it’stime toenable it(notintestmode but
the real environment). Usually,policiestake effectaroundanhour afterbeingturnedon. Withthe
policyenabled,continuetomonitorthe outcomesof the policyimplementationandtune it
accordingly.
https://www.minitool.com/data-recovery/data-loss-prevention-dlp.html
Office 365 Data Loss Prevention Companion – MiniTool ShadowMaker
Besidesprotectsensitive databypreventingitfrombeingsharedoraccessed,youshouldalsopay
attentiontocrucial data damage or lossdue to wrong operations,software errors,hardware
damage,as well asmalware orvirusattacks.
To protectimportantfilesfromlossordamage,the mosteffective wayistomake a backupof them.
Therefore,youneedaprofessional andreliableprogramsuchas MiniTool ShadowMaker.UnlikeDLP
policies,youdon’tneedtoconfiguretargets,locations,actionsone byone,justselectwhatyou
wantto back up fromyour computer,choose adestination,andclick Back up Now to finish.
SM-Trial
6. Alt=MiniTool ShadowMakerBackupInterface
Summary
Data losspreventionreportsalarge amountof infointoMicrosoft365 from monitoring,policy
matchesand actions,anduseractivities.Youneedtoconsume andact on that informationtotune
the policiesandtriage actionstakenonsensitiveitems.
That’s all aboutOffice 365 data losspreventionwe wanttoshare withyou.If you have anyquestions
no matteraboutthe topicor the companiontool we mentioninthe last,feel free toleavea
commentbeloworconsultat support@minitool.com.