Data Loss Prevention In Office 365

Overview

Nowadays, customers are moving to the Cloud. Office 365 is the most attractive package from Microsoft to help move businesses to the cloud quickly and seamlessly.

When we start using cloud services, eventually, our data also gets stored in the cloud. We define and follow data security policies while storing our data in on-premise systems. Microsoft does offer good options to secure our data in the Cloud.

A data breach is one of the biggest threats that every business fears. When we are in the cloud, the data security is more vital. Office 365 offers very useful services for Data Loss Prevention (DLP) which identifies the critical or sensitive data within your tenant.

A good example of sensitive data could be your organization’s financial information, such as credit card numbers, social security numbers, customer's personal information, etc. Using Data Loss Prevention (DLP), we can easily identify and protect such sensitive information in Office 365.

How does Data Loss Prevention (DLP) work?

Information is stored across many applications in Office 365. Data Loss Prevention (DLP) detects the sensitive information by performing a content analysis.

DLP policies, once created, can work on content sources such as:

1. SharePoint Online
2. Exchange Online
3. OneDrive for Business (OD4B)
4. Office 2016

DLP policy mainly has the below-mentioned parameters.

1. Content Source Location (e.g. SharePoint, Exchange, OD4B, etc.)
2. Condition for execution
3. Action to perform

Type of Sensitive Information

Office 365 has a variety of information stored in it. A definition of sensitive information can vary across different regions or countries. The information can be any personal information like social security number, mobile number, credit card number etc.

Sensitive type can be any of the following.

1. Keywords
2. Internal functions
3. Regular expressions
4. Pattern matches

This helps DLP to detect the sensitive information accurately in all the content sources.

Create Data Loss Prevention Policy

Follow the below steps to set up DLP in your Office 365 tenant.

1. Login to Office 365 tenant.
2. Click App Launcher from the top left corner to open Office 365 Apps.
3. Click Admin.
   
   
   

4. Click Admin Centers > Security & Compliance.
   
   
   

5. This will open "Security & Compliance" center (protection.office.com) in a new tab.
6. Expand Data loss prevention.
7. Click "Policy".
   
   
   

8. Click "Create a Policy" button.
   
   
   

9. Select any of the industry regulations to proceed (e.g. Financial).
   
   
   

10. Clicking on the Financial option will present submenus to select country-specific financial data.
11. Clicking on country-specific financial data will display the information it will protect.
12. Click "Next" button.
13. Provide the Name and Description of your policy.
    
    
    

14. Click "Next".
15. Depending on your business requirement, select the source content you want to apply to the policy - either select "All Locations" in Office 365 (which includes Exchange Server, OneDrive, and SharePoint) or select to choose specific locations
    
    
    

16. Click "Next".
17. If you have selected to choose specific locations, you will get the below screen to include or exclude the content source as per your needs.
18. You may further select specific distribution groups in Exchange email, specific sites in SharePoint, or specific accounts in OneDrive.
    
    
    

19. Make your selection and click "Next".
20. Use default settings to create DLP policies without creating any rules. Advanced settings will give options to configure the rule using an editor. This will give more flexibility or control over the policy settings.
    
    
    

21. Click "Next".
22. This screen will offer the options for the action to be taken on finding any sensitive information.
    
    
    

23. Click "Next".
24. You can now choose how you would like to have the policy rules in effect.
    
    
    

25. Click "Next".
26. Review your settings.
    
    
    

27. Click "Back" button for any edits. Click "Create" to create a new DLP policy.
28. Once created, the policy will appear on the dashboard.
    
    
    

Testing the DLP Policy

Usually, it takes up to 1 hour for policies to take effect. Once ready, it will inspect the content from source locations specified to analyze any sensitive information.

Any content that matches policy will be highlighted with a warning icon as below.

Summary

The Data Loss Prevention (DLP) feature is useful in securing your information in Office 365. It brings governance and security to your information in the Cloud.

I hope this helps.