CLOUD CONSULTING AWS & Azure Constalting, Migrations, Strategy   CLOUD ADOPTION Architecture, Design, Migrations, Cost Optimization   Cloud Professional Services Engineering, DevOps & Automation, Disaster Recovery   Cloud Operations Support 27x7x365 Cloud Support, Continuity, Patching   Productivity Suite Integration Microsoft 365, G-Suite, Zero Trust Security   Managed IT Services Managed Infrastructure, Business Continuity
About Stepinlogic About Stepinlogic Why Stepinlogic Why Stepinlogic AWS Partnership AWS Partnership Microsoft Partnership Microsoft Partnership Our Story Careers
Latest Blog Posts   Latest Help Articles  

How To Configure Office 365 DLP | Office 365 DLP Best Practices

office 365 dlp logo

How To Configure Office 365 DLP | Office 365 DLP Best Practices | Data Loss Prevention

Data loss prevention is a compliance feature of Office 365 that is designed to help your organization prevent the intentional or accidental exposure of sensitive information to unwanted parties. DLP has its roots in Exchange Server and Exchange Online and is also applicable in SharePoint Online and OneDrive for Business.

DLP uses a content analysis engine to examine the contents of email messages and files, looking for sensitive information such as credit card numbers and personally identifiable information (PII). Sensitive information should typically not be sent in email, or included in documents, without taking additional steps such as encrypting the email message or files. Using DLP you can detect sensitive information, and take action such as:

  • Log the event for auditing purposes
  • Display a warning to the end-user who is sending the email or sharing the file
  • Actively block the email or file sharing from taking place

Sometimes customers dismiss DLP because they don’t consider themselves to have the type of data that needs protecting. The assumption is that sensitive data, such as medical records or financial information, only exists for industries like health care or for companies that run online stores. But any business can handle sensitive information on a regular basis, even if they don’t realize it. A spreadsheet of employee names and dates of birth is just as sensitive as a spreadsheet of customer names and credit card details. And this type of information tends to float around more than you might expect, as employees quietly go about their day to day tasks, thinking nothing of export a CSV file from a system and emailing it to someone. You might also be surprised how often employees send emails containing credit card or banking details without considering the consequences.

Office 365 provides a number of pre-populated DLP policy templates. For example, for U.S. organizations, there are templates for detecting the following:

• Social Security numbers
• Credit card numbers
• Health records and other personal health information (PHI)
• Salaries
• Account numbers
• Spreadsheets with IP addresses
• Files that contain user passwords
• Outlook offline files (PST, MSG)
• Source code

Create a DLP policy in Office 365

Configure Office 365 DLP

  • Select Privacy > U.S. Personally Identifiable Information ‎(PII)‎ Data.

Configure Office 365 DLP

  • Name the policy > Next.
  • Choose All locations in Office 365. Includes content in Exchange email and OneDrive and SharePoint documents. > Next.
  • Choose “Use advanced settings” > Next.
  • Edit rule and add sensitive information mentioned above or create separate policy for each template.
  • Next > Choose Yes, turn it on right away > Next > Create


Need Help? Contact Us


STEPINLOGIC | 292 262 6652


Full-service IT provider for Growing Companies in NY & NJ

Share Article
Share on facebook
Share on twitter
Share on linkedin
Latest Articles