Intro & Overview
Data Loss Prevention Policies
Reporting, Alerts, & Labels
This course is designed to give you a solid understanding of data loss prevention (DLP) in Microsoft 365. You will learn how data loss prevention works and why you as a Microsoft 365 administrator would want to implement it.
After a general DLP overview, you will be guided through a series of demonstrations that will show you how to create, test, and edit DLP policies, report on DLP and view alerts, and automatically apply labels based on data loss policy matches.
- Obtain a foundational understanding of data loss prevention
- Learn how to implement data loss prevention in Microsoft 365
- Learn how to report on data loss prevention policies
This course is intended for anyone preparing for the MS-101 or MS-500 exam or who simply wants to learn about data loss prevention in Microsoft 365.
To get the most out of this course, you should have some basic experience using Microsoft 365.
Microsoft Licensing Guide: https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
All right, so what we're going to do next is we're going to create a custom DLP policy with our own rules in it. So, first what you want to do is inside of the data loss prevention tab, click on create policy, and in this search for templates, instead of using a template like we did last time, we're going to click custom policy and then click next. Name our custom policy, so we're going to call it "Policy 1". And then the same like last time you can choose where you want it, if you want to include anyone or exclude anyone, or any groups or any locations, and then click next. And then we want to create or customize advanced DLP rules because we are not using a template, so we cannot review and customize the default settings from the template.
So here we go, now we can create the rules. So let's go rule, high match. So we've just given it a name and a bit of a description, this description will make a little bit more sense soon but what we're going to do is create two rules, one for high matches and one for low matches and then they will apply on this policy. So, we can go in the conditions the content contains and we click add, and then you just pick what you want to find.
So let's say, all right, so let's add the US/UK passport, US bank account, US drivers, US this, and social security numbers. So what we're going to do for these ones is we're going to say four 90 to 100% accuracy. Okay, so now we've created our conditions and we've set them to 90 to 100. Then if you wanted to add exceptions, same sort of thing, you add exceptions then we need to add the actions. And then we're going to restrict and we're going to block everyone because this information should not be shared.
We will also notify the user and we will allow the user to override the policy and share the content. And we will require a business justification for the override, which just means that the user will have to type in a justification for why they want to share this information. And we'll send an email alert. Safe, so now we've set at high match conditions, let's create another rule for low match conditions.
So then if we go add the same sensitive info types that we did before. And this time what we're going to do is go 50 to 90%. So now what's going to happen is if it gets a 50 to 90% accuracy hit on any of these conditions, this rule will fire, but if it gets a 90 to 100 then it's going to follow the other rule. So same thing if we wanted to add exceptions but we're going to add this. We're not actually going to restrict that actually. So we're not going to restrict it but we're still going to notify the user and we're going to make the user still require a business justification, and send an alert.
So now you can see we've got two items here, we've got a high match and a low match. So you can change the order of the matches too so if you wanted, you can make the low match up at the top by clicking this button, or the high match up at the top just by clicking the buttons and re-ordering. So if you had multiple rules and you wanted them in a specific order, you can change them there too. Once again, if you've made a mistake on any of these things or you want to change anything you can hit this little edit button, and then click next, and same as before you can either test it, you can turn it on right away, or you can turn it off.
We're just going to leave it in test mode, review your settings and submit. Once again, takes a while for this information to actually get into Microsoft 365 and your DL policy to be working. So that's basically it, now we've created a custom DLP policy. So you could create multiple of these for different things. Different users may have different DLP policies associated with them. They may have different levels of access and permissions to share different information.
So let's say our HR people may be allowed to share personally identifiable information such as social security numbers, but our accounts people shouldn't be sending social security numbers. Therefore you could create a DLP policy that matches social security numbers, but excludes the HR team. So that's just an example of how you may want different policies for different people, but yeah, and you can just use this sort of process to create your custom DLP policy and map them out and apply them to the correct people.
Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.