To comply with business standards and industry regulations, organisations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security and Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.
In this blog post I will go through the process of preventing users from forwarding emails including UK Financial Data to anyone outside the organisation. UK Financial data category includes the below by default:
- Credit Card Number
- EU Debit Card Number
- SWIFT Code
- Login to the Microsoft 365 Portal and click on the Security Admin Center
2. Click Data Loss Prevention and click Policy
3. Click + Create a policy
4. For the purpose of this demo I am configuring a policy to protect U.K Financial Data. As you can see from the screenshot below, Microsoft have already defined what requires protecting.
You also have the option to protect other information relating to Medical and Health, Privacy and you could also select a custom sensitivity type or label you have already created.
5. Click Next
6. Give your policy a name and description, click Next
7. Here you could select to protect all documents including UK Financial Data from locations such as Exchange email, Teams Chats and Channel Messages and OneDrive and SharePoint Documents. Or choose a specific location.
8. For the purpose of this demo, I am only selecting Exchange Email so I have selected Let me choose specific locations, click Next
9. And here are your options where you can select the location, include and exclude groups.
10. For the purpose of this demo, I have selected the location as Exchange Email and allowed the policy to apply to all users. Click next
11. I want to detect when the content including UK Financial Data is shared with people outside my organisation. The other option is only with people inside my organisation.
Before I move on you may have noticed the option, Use advanced settings. This is where you can configure the scoring for low volume and high volume of content detected.
Clicking low volume of content displays the screen below and the default criteria setup by Microsoft. The default scoring can be amended and you can also additional criteria/conditions.
The advanced settings option can also be useful if you wish to add an exception, for example, you may want to exclude a partner domain from the policy, configure user notifications, enable incident reports, configure override or customise policy tips or email text, and more. I would recommend that you review the various options.
Note: you can always edit the policy including advanced settings at a later time.
12. Back at the original screen I click next
13. here are the default settings
14. For the purpose of this demo, I have amended detect when content that’s being shared contains at least 1 instance
and I will block people from sharing and restrict access to shared content
Customize the tip and email – provides the information below. I will leave this as the default but you could amend now or at a later date.
Send incident reports in email – displays the information below. You may wish to exclude certain information from the incident report, or add additional people to receive notifications.
15. Click next and we come to the screen below. Configure as required and click Next
To block people outside your organisation, you must go back to the ‘Customize the type of content you want to protect’ page and choose to detect content that’s shared with people outside your organization.
If you wish to warn the user but allow them to override the policy, see options below.
15. After clicking next, the screen below appears where you have the options to turn on the policy right away, leave it disabled or test it out. Select your preferred option and click next.
16. Review settings and edit if required, click Create
and that’s the policy created
Click the policy if you wish to edit any of the settings. The window below appears to allow you to edit or delete the policy as required.
It would be great to know how you have found Microsoft 365 DLP. Please comment below if you have anything further to share. Thank you