Nowadays, organizations collect, store, and manage all kinds of sensitive data in their cloud environment including financial information, health records, customer data, and confidential business information. This puts them at risk of data loss, data leakage, and data exfiltration if they do not take proper safety measures.

Fortunately, one of the best ways to ensure that your company’s confidential or classified data is not lost, misused, or accessed by unauthorized users is through implementing Microsoft’s Data Loss Prevention security solution in your environment.


What is Data Loss Prevention (DLP)?

DLP is a security feature in Microsoft Purview that helps organizations protect their sensitive information by preventing users from intentionally or accidentally sharing confidential documents or data across on-premises systems, cloud-based locations (including Office 365, OneDrive for Business, SharePoint Online, and Microsoft Teams), and endpoint devices.

Data Loss Prevention also helps you achieve compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).

How DLP Works

You implement data loss prevention by defining and applying DLP policies or rules in your organization. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:

• Microsoft 365 services: Teams, Exchange Online, SharePoint Online, and OneDrive for Business accounts.

• Office applications: Word, Excel, and PowerPoint.

• Endpoints: Windows 10, Windows 11 and macOS devices.

• Non-Microsoft cloud apps: Monitor, detect, and take actions when sensitive items are used and shared via non-Microsoft cloud apps.

• On-premises file shares and SharePoint.

• Power BI: Detecting the upload of sensitive data to a dataset within Power BI.

Using deep content analysis and machine learning algorithms, DLP detects content that matches your policies and blocks the data from being shared through the location(s) you choose: Exchange Online email, OneDrive for Business accounts, SharePoint Online sites, on-premises repositories, devices, and Power BI.

Protective Actions of DLP Policies

Through DLP policies, you can monitor the activities that users take on sensitive items at rest, in transit, or in use, and take protective actions to secure sensitive data.

For instance, when a user attempts to perform a prohibited action, like copying a sensitive item to an unapproved location or sharing confidential information in an email or other conditions laid out in a policy, Microsoft DLP can:

Display a pop-up policy tip to the user that warns them that they are trying to inappropriately share confidential items.

Block users from sharing sensitive items and provide an option to override the block with a recorded justification.

Block users from sharing confidential information without the override option.

Hide sensitive information in Teams chat (requires Microsoft Teams DLP)

Features of a DLP Policy

1. Policy Templates

DLP policy templates are presorted into four categories to detect and protect various types of sensitive information which include the following:

• Financial information: Protect financial data by blocking users from sharing credit card numbers, bank account numbers, debit card numbers, social security numbers, and many others.

• Medical and health information: Prevent users from sharing confidential medical and health information. (Compliance examples: HRIP Act, HIA, PHIA, PHIPA, HIPAA)

• Privacy information: Protect privacy information which covers driver’s license numbers, passport numbers, tax file numbers, social insurance numbers, personal health identification numbers, National ID cards, and many others.

• Custom template: You can create a custom policy from scratch in which you choose the type of content to protect and how you want to protect it.

2- Locations

A DLP policy can detect and protect items that contain sensitive information across multiple locations. When creating a policy, you can select the location(s) in which you want to apply your conditions.

3- Rules

By creating DLP rules, you define the type of sensitive information you want to protect. When creating a policy, you need to define the conditions that must be met for it to be applied.

After adding your condition(s), you need to select the action(s) that happen once the conditions are met. In the example below, when a DLP policy is detected, users cannot share any document or data that contains sensitive information with external users.

4- User Notifications

A way to educate users and remind them of the regulations in your organization is to notify them when they try to share sensitive information with unauthorized individuals. By enabling user notifications, users receive an email notification and a policy tip that warns them that what they are trying to do is prohibited. You can even choose the people you want to notify, customize the email text and/or subject, and customize the policy tip text.

5- User Overrides

You can allow users to override a DLP policy with or without a business justification. All overrides and business justifications are recorded in the DLP reports.

6- DLP Reports

After creating your Microsoft Purview DLP policies, you can monitor them to verify that they are working as planned by looking at the DLP report in the Microsoft Purview compliance portal. There, you can see the following:

• DLP policy matches

This report shows the count of DLP policy matches over time. You can filter the report by date, location, policy, or action.

• DLP false positives and overrides

If your DLP policy allows users to override it or report a false positive, this report shows a count of such instances over time. You can also filter the report by date, location, or policy.

• Encryption report

This report shows the count of message encryption actions over time.


Types of DLP


Microsoft 365 DLP

Applies to Exchange, OneDrive accounts, and SharePoint sites

Licenses required:

Microsoft 365 E5/A5/G5/E3/A3/G3, Microsoft 365 Business Premium, SharePoint Online Plan 2, OneDrive for Business (Plan 2), Exchange Online Plan 2

Office 365 E5/A5/G5/E3/A3/G3

Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance

Microsoft 365 E5/A5/F5/G5 Information Protection and Governance


Microsoft Teams DLP

Applies to Microsoft Teams chat and messages

Licenses required:

Microsoft 365 E5/A5/G5

Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance

Microsoft 365 E5/A5/F5/G5 Information Protection and Governance

Office 365 E5/A5/G5


Endpoint DLP

Applies to Windows 10, Windows 11, and MacOS devices.

Licenses required:

Microsoft 365 E5/A5/G5

Microsoft 365 E5/A5/F5/G5 Compliance and F5 Security & Compliance

Microsoft 365 E5/A5/F5/G5 Information Protection & Governance


Conclusion

It is no secret that the business world has become data-driven in today’s cloud-first world. However, with the influx of data across organizations, data breaches are occurring at an increasing rate. Thus, organizations need to protect their sensitive data from falling into the wrong hands. Using Microsoft Purview’s data loss prevention solution not only helps companies set the right security measures and regulations, but also build a layered defense strategy against data loss and leakage.

We’re here to help you protect what matters most in your company and show you how you can benefit from Microsoft’s DLP solution.

contact us