Configure Office 365 Data Loss Prevention (DLP) for SharePoint Online, Outlook and OneDrive

Configure Office 365 Data Loss Prevention (DLP) for SharePoint Online, Outlook and OneDrive

Last week, Bill Baer from Microsoft announced Data Loss Prevention (DLP) Policy Tips updates which Office 365 tenant administrators should be aware of from a security perspective.  These updates allow capabilities to show DLP Policy Tips across endpoints in Office 365 such as SharePoint Online and Microsoft Word when content is shared. This post will walk you through an example on how they can be configured.

View an overview of Data Loss Prevention (DLP).

To configure Data Loss Prevention (DLP), perform the following steps:

1. Login as tenant admin to the Office 365 Admin center from or by clicking Admin from the App Launcher

 

2. Click on the Security & Compliance Admin Center from the Office 365 Admin center left navigation (You can also get there from https://protection.office.com using tenant admin)

3. Click on Policy  Create a policy under Data loss prevention in the left navigation in the Security & Compliance admin center

4. Find the policy or create a custom policy you need to enforce using the New DLP policy wizard (i.e. I am selecting a Canada Financial Data template to protect against Credit Card Numbers and Canada Bank Account Numbers)

5. Provide a name for the policy

6. Select the locations – Either all locations or specific locations (Exchange, SharePoint or OneDrive) on where to protect (this is where the tips will show up as well)

7. If you choose specific locations, you get additional capabilities for Inclusions and Exclusion rules.
a. For Exchange, you can include or exclude specific distribution groups.
b. For SharePoint, you can include or exclude specific SharePoint sites.
c. For OneDrive, you can include or exclude specific OneDrive accounts.


8. Select the type of content you want to protect (with people inside or outside your organization) or create more advanced rules

9. Indicate what you want to do if the rule is detected

10. Turn the rule on or test it out (it will take a little bit of time before it takes effect)

11. Review the settings and Create the rule

View the Microsoft support article for more details on sending email notifications and show policy tips for DLP policies.

In a subsequent article, I will be showing how these emails and Policy Tips actually show up.

One thought on “Configure Office 365 Data Loss Prevention (DLP) for SharePoint Online, Outlook and OneDrive

Leave a Reply

Your email address will not be published. Required fields are marked *