According to industry regulation and to comply business standard organization must protect the company’s sensitive data and prevent it from accidental disclosure. Sensitive information include financial data or personally identifiable information (PII) such as credit card number, Social security number or health related information. With a data loss prevention policy (DLP) in the office 365 security and compliance center, we can identify, monitor and automatically protect sensitive information.
DLP Policy
Identify sensitive information across all the location, such as exchange online, Microsoft teams, SharePoint online and OneDrive for business.
For example you can monitor all documents in OneDrive having credit card number or you can monitor just the OneDrive for specific people.
Prevent the accidental sharing from sensitive information.
For example you can identify the document or email with health records that’s shared with outside the organization, and then automatically blocked the access to that document or email from being sent.
Monitor and protect sensitive information in the desktop version of excel, word or PowerPoint
Just like exchange online, SharePoint online and OneDrive, these office 365 desktop apps contain same DLP capabilities to identify the sensitive information and apply DLP policies.
DLP provide continuous monitoring when people shared information with these apps.
Help users to stay compliant without interrupting their workflow
You can educate the users to stay in compliant without blocking their work. If a user tries to share a document having sensitive information, DLP policy send email notification to that user and shows a notification with proper business justification.
View DLP reports showing content that matches your organization’s DLP policies.
To analyze how organization complying DLP policies, you can see how many matches each policy and rule has over time. If a DLP policy allows user to override a policy tip and report a false positive, you can also view what users have reported.
You can create DLP policy on data loss prevention page in office 365 security and compliance center page.

What DLP Policy contains?
A DLP Policy contains few basic things.
- Where to protect the data: Locations such as SharePoint Online, Exchange Online, OneDrive for business or Microsoft Teams.
- When and how to protect the data by enforcing rules comprised of:
- Conditions the content must match before the rule is enforced. For example a rule might be configured to look only content containing social security number that’s been shared with people outside your organization.
- Action that you want the rule take automatically when content matching the condition is found. For example a rule might be configured to block access to a document and send both the user and compliance officer an email notification.
Location
You can choose to protect content in Exchange email, Microsoft Teams chats and channel messages, and all SharePoint or OneDrive libraries, or select specific locations for a policy.

Rules
Rules are what enforce your business requirements on your organization’s content. A policy contain one or more rules and each rule consists of conditions and actions. When conditions are met then action are taken automatically. Rules are executed sequentially, starting with highest priority rule in each policy.
A rule also provides an option to notify the users

Condition
Conditions are important because they determine what types of information you’re looking for, and when to take an action. Conditions focus on content such as what type of sensitive information you are looking for and also on the context, such as who the document is shared with. You can use condition to assign different actions to different risk levels.

Action
When content matches a condition in a rule, you can apply actions to automatically protect the content.

With action you can
Restrict access to the content: For site content, this means that permission for the document are restricted to everyone except the primary site collection administrator, document owner and who modified the document.
When access to a document is blocked, the document appears with a special policy tip icon in the library on the site.
