Office 365 Data Loss Protection – DLP
5 November 2021Data Loss Prevention “DLP” helps organizations comply with industry regulations and protect sensitive information. It also prevents inadvertent disclosure. The sensitive information you need to prevent leaks outside your organization includes financial data, such as credit card numbers, social security numbers, or medical records. With a DLP policy, you can identify, track, and protect sensitive information in Office and Microsoft 365.
How do users benefit from the service?
Users benefit from DLP for Exchange Online, SharePoint Online, and OneDrive for Business when their email messages and files are inspected for sensitive information, as configured in the organization’s DLP policy.
What licenses provide a user’s rights to benefit from the service?
Microsoft 365 E3 / A3 / Business Premium, Office 365 E3 / A3 and Office 365 Data Loss Prevention and F5 Compliance and F5 Security & Compliance allow a user to benefit from Office 365 data loss protection for Exchange Online, SharePoint Online and OneDrive for Business.
Why is DLP important?
An effective DLP strategy is essential to combat any intentional or accidental leakage of your sensitive information. Many leaks are indeed due to a lack of caution on the part of users who will respond to a phishing or spear phishing e-mail, the sender of which in fact impersonates a person authorized to receive. the data in question. Malware and viruses capable of reading private data and passing it on to a hacker can also be responsible for such leaks.
How do data loss prevention policies work?
LP detects sensitive information using in-depth content analysis. It can identify sensitive data without affecting the people who work with the rest of the content.
Once created, DLP policies are stored and synced with content sources such as:
- Online exchange
- OneDrive for Business
- Sharepoint
- Office 2016
Once synchronized, these policies will begin to take the required actions.
What does a data loss prevention policy contain?
A DLP policy contains 2 elements:
- Locations, such as Exchange Online, SharePoint Online, and OneDrive for Business
- The conditions of execution and the actions to be carried out.
What is sensitive information?
Office 365 includes definitions for sensitive information that are specific to different countries.
This information can be:
- Financial data ‘credit card numbers, bank account numbers
- Personally Identifiable Information Data
- Name, first name, address, phone number, password
- SEPA bank cards and payment data,
- Social security numbers, passport numbers
Each sensitive type can be keywords, internal functions, regular expressions, or pattern matches.
This helps DLP detection achieve the highest degree of accuracy while reducing the number of false positives that can interrupt people’s work.
DLP policies allow the detection of different types of content within a single policy.
How to create a data loss prevention policy
To create a DLP policy, first sign in to the Office tenant, select Administration Centers, and then choose Compliance.
Once the Compliance Center loads, expand the Data Loss Prevention menu and choose the Policies menu item.
Select the Create Policy button. A wizard interface will load, where you can define the properties required for the policy. Choose the industry regulation category, which will display region and country specific regulations.
Clicking on the Financial option will display the country specific policies that you can use.
Once selected, click on the next button and enter the name and description of the policy, then press next.
Not all locations warrant a policy. You can either select “All Locations” or choose the locations you want the policy to apply to.
You can choose between Exchange mail, SharePoint sites, and OneDrive accounts. For SharePoint and OneDrive sites, you can choose sites or accounts and exclude some as needed.
Once you have defined the locations, press the next button.
You can now choose the simple or advanced option.
Simple settings make it easy to create most types of DLP policies without creating rules. Advanced settings use the rule editor to let you control every setting in your policy.
Once you have chosen to inspect external or internal content, press the next button.
You will need to define policy advice for end users. Then you can set an alert for the number of times a type of sensitive information is shared with the same content.
Finally, choose whether or not to prevent people from sharing and restrict access to the content.
You can activate the rule immediately, test it, and show or hide the policy tips, or just don’t activate it at all.
Once you’ve created and enabled DLP policies, it will start inspecting content.
After you’ve created and enabled DLP policies, you need to verify that they help you stay compliant.
With DLP reports, you can view the number of policies and rules that match over time, as well as the number of false positives and overrides. You can filter these matches by location, time period, and even restrict them to a specific policy, rule, or action.
Conclusion
It is well known that the weak link in any cyber threat control is the end user. Data Loss Prevention helps control and protect business data and content. By providing notifications and a way to resolve issues
In short, it’s a good way to protect and control access within your Office 365 Tenant . There are multiple configuration possibilities that I encourage you to explore!
Visits: 1316
