How To Configure Office 365 DLP | Office 365 DLP Best Practices | Data Loss Prevention
Data loss prevention is a compliance feature of Office 365 that is designed to help your organization prevent the intentional or accidental exposure of sensitive information to unwanted parties. DLP has its roots in Exchange Server and Exchange Online and is also applicable in SharePoint Online and OneDrive for Business.
DLP uses a content analysis engine to examine the contents of email messages and files, looking for sensitive information such as credit card numbers and personally identifiable information (PII). Sensitive information should typically not be sent in email, or included in documents, without taking additional steps such as encrypting the email message or files. Using DLP you can detect sensitive information, and take action such as:
- Log the event for auditing purposes
- Display a warning to the end-user who is sending the email or sharing the file
- Actively block the email or file sharing from taking place
Sometimes customers dismiss DLP because they don’t consider themselves to have the type of data that needs protecting. The assumption is that sensitive data, such as medical records or financial information, only exists for industries like health care or for companies that run online stores. But any business can handle sensitive information on a regular basis, even if they don’t realize it. A spreadsheet of employee names and dates of birth is just as sensitive as a spreadsheet of customer names and credit card details. And this type of information tends to float around more than you might expect, as employees quietly go about their day to day tasks, thinking nothing of export a CSV file from a system and emailing it to someone. You might also be surprised how often employees send emails containing credit card or banking details without considering the consequences.
Office 365 provides a number of pre-populated DLP policy templates. For example, for U.S. organizations, there are templates for detecting the following:
• Social Security numbers
• Credit card numbers
• Health records and other personal health information (PHI)
• Account numbers
• Spreadsheets with IP addresses
• Files that contain user passwords
• Outlook offline files (PST, MSG)
• Source code
Create a DLP policy in Office 365
- Go to Office 365 Security & Compliance page.
- In the Security & Compliance Center > left navigation > Data loss prevention > Policy > + Create a policy.
- Select Privacy > U.S. Personally Identifiable Information (PII) Data.
- Name the policy > Next.
- Choose All locations in Office 365. Includes content in Exchange email and OneDrive and SharePoint documents. > Next.
- Choose “Use advanced settings” > Next.
- Edit rule and add sensitive information mentioned above or create separate policy for each template.
- Next > Choose Yes, turn it on right away > Next > Create
Need Help? Contact Us
STEPINLOGIC | 292 262 6652
Full-service IT provider for Growing Companies in NY & NJ