Securing Information with DLP in Office 365

What is DLP?

Data Loss Prevention is the capability to monitor potential data breaches inside your organization that must comply with a set of policies. It allows a system to control and block sensitive information from leaving an organization.

How to use DLP in Office 365

In Office 365, the DLP capability is only available in the following subscription plans:

  • Enterprise E3
  • Enterprise E4
  • Government E3
  • Government E4
  • Nonprofit E3
  • Nonprofit E4

Setup of DLP policies

Administrators enable and manage this capability in the Admin portal of Office 365. In the Admin portal on the left navigation (figure 1) go to Admin and then select Compliance.

Figure 1: Office 365 Administration Portal Compliance Menu.
Figure 2: Compliance Center Data loss prevention policies configurations.
Figure 3: Add new DLP policy.
Figure 4: New DLP policy information protection selection.
Figure 5: New DLP policy sites selection for SharePoint Online and OneDrive for Business.
Figure 6: New DLP policy creation and enablement options.
Figure 7: Office 365 Exchange Online Administration Center DLP configuration.
  • New DLP policy from template
  • Import DLP policy
  • New custom DLP policy
Figure 8: Office 365 DLP Policy Templates.
Figure 9: Office 365 DLP Policy rule configuration.

End user experience

When an end user interacts with content that does not comply with a DLP policy, they will get a Policy Tip in the relevant Microsoft Office application on the desktop or online version. They will see the Policy Tip in the Outlook, Word, Excel or PowerPoint application. Based on the Policy Tip (figure 10) provided to the end user, the user can decide to override the policy or get more information on the policy for better guidance to comply with the policy.

Figure 10: Policy Tip notification to end user in Outlook.
Figure 11: End user DLP Policy Tip override business justification dialog.
Figure 12: Office 365 SharePoint Online and OneDrive for Business DLP Policy Tip.

Reports

The Administrator can enable Incident Reports to run if a piece of information does not comply with a policy. The Incident Report can be mailed immediately to a particular user or a ticket system where further actions can be taken.

  • Top DLP policy matches for mail
  • DLP policy matches, overrides, and false positives for mail
  • Top DLP rule matches for mail
  • DLP policy matches by severity for mail
Figure 13: Office 365 DLP Reports.

Benefits of DLP

The DLP offerings in Office 365 let businesses quickly and easily comply with various industry or government standards without making a big expensive investment. Which in the end puts you and your organization in a much better place. It provides easier control over auditing information exchange inside your organization. It will also keep the Security Officers more relaxed in your organization!

Summary

I believe that the expansion of the DLP across the Office 365 services provides great value to an organization. The new Compliance Center brings a central experience to manage and monitor policies across all services. The rate of innovation from Microsoft on security, privacy and compliance brings major benefits to everyone in Office 365 without needing to make a big investment.

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cecil

Cecil

Passion for Software and Enterprise Architecture. I like to play with Azure, Cloudflare and programming languages (C#, Rust, and JavaScript).