According to industry regulation and to comply business standard organization must protect the company’s sensitive data and prevent it from accidental disclosure. Sensitive information include financial data or personally identifiable information (PII) such as credit card number, Social security number or health related information. With a data loss prevention policy (DLP) in the office 365 security and compliance  center, we can identify, monitor and automatically protect sensitive information.

DLP Policy

Identify sensitive information across all the location, such as exchange online, Microsoft teams, SharePoint online and OneDrive for business.

For example you can monitor all documents in OneDrive having credit card number or you can monitor just the OneDrive for specific people.

Prevent the accidental sharing from sensitive information.

For example you can identify the document or email with health records that’s shared with outside the organization, and then automatically blocked the access to that document or email from being sent.

Monitor and protect sensitive information in the desktop version of excel, word or PowerPoint

Just like exchange online, SharePoint online and OneDrive, these office 365 desktop apps contain same DLP capabilities to identify the sensitive information and apply DLP policies.

DLP provide continuous monitoring when people shared information with these apps.

Help users to stay compliant without interrupting their workflow

You can educate the users to stay in compliant without blocking their work. If a user tries to share a document having sensitive information, DLP policy send email notification to that user and shows a notification with proper business justification.

View DLP reports showing content that matches your organization’s DLP policies.

To analyze how organization complying DLP policies, you can see how many matches each policy and rule has over time. If a DLP policy allows user to override a policy tip and report a false positive, you can also view what users have reported.

You can create DLP policy on data loss prevention page in office 365 security and compliance center page.

Home Alerts Permissions Classification Office 365 Security & Compliance Home > Data loss prevention use data loss prevention (DIP) policies to help identify and protect your organization's sensitive info. For example you can set up policies to make sure information in email and docs isn't shared with the wrong people. Learn more about OLP DLR policy matches DLR false positives and ov... Data loss prevention App permissions Records management Information governarwe Supervision Threat management 12/14 12 y '6 Create a policy US Pli O Refresh Search Order A [3 12/18 Modified date February 4, 2019 Test without notification

What DLP Policy contains?

A DLP Policy contains few basic things.

  1. Where to protect the data: Locations such as SharePoint Online, Exchange Online, OneDrive for business or Microsoft Teams.
  2. When and how to protect the data by enforcing rules comprised of:
  • Conditions the content must match before the rule is enforced. For example a rule might be configured to look only content containing  social security number that’s been shared with people outside your organization.
  • Action that you want the rule take automatically when content matching the condition is found. For example a rule might be configured to block access to a document and send both the user and compliance officer an email notification.

Location

You can choose to protect content in Exchange email, Microsoft Teams chats and channel messages, and all SharePoint or OneDrive libraries, or select specific locations for a policy.

Choose loc •ons distribution distribution

Rules

Rules are what enforce your business requirements on your organization’s content. A policy contain one or more rules and each rule consists of conditions and actions. When conditions are met then action are taken automatically. Rules are executed sequentially, starting with highest priority rule in each policy.

A rule also provides an option to notify  the users

v Conditions v Actions v User notifications v User overrides v Incident reports

Condition

Conditions are important because they determine what types of information you’re looking for, and when to take an action. Conditions focus on content such as what type of sensitive information you are looking for and also on the context, such as who the document is shared with. You can use condition to assign different actions to different risk levels.

Conditions Use conditions to define what kind of content you want to protect. When content contains sensitive information • Add or change types + Add a coMition Content is shared This condition is required for each rule. All Other available conditions appear here.

Action

When content matches a condition in a rule, you can apply actions to automatically protect the content.

With action you can

Restrict access to the content: For site content, this means that permission for the document are restricted to everyone except the primary site collection administrator, document owner and who modified the document.

When access to a document is blocked, the document appears with a special policy tip icon in the library on the site.