Intro & Overview
Data Loss Prevention Policies
Reporting, Alerts, & Labels
This course is designed to give you a solid understanding of data loss prevention (DLP) in Microsoft 365. You will learn how data loss prevention works and why you as a Microsoft 365 administrator would want to implement it.
After a general DLP overview, you will be guided through a series of demonstrations that will show you how to create, test, and edit DLP policies, report on DLP and view alerts, and automatically apply labels based on data loss policy matches.
- Obtain a foundational understanding of data loss prevention
- Learn how to implement data loss prevention in Microsoft 365
- Learn how to report on data loss prevention policies
This course is intended for anyone preparing for the MS-101 or MS-500 exam or who simply wants to learn about data loss prevention in Microsoft 365.
To get the most out of this course, you should have some basic experience using Microsoft 365.
Microsoft Licensing Guide: https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
Okay, so for the next class, we're going to run through how to edit a DLP policy which is already created. Now there is some reasons why you would want to edit DLP policies that you've already created. One of these may be that you want to add more protection to them or more reasons why they would go off. Another one is you just want it to adjust them a little bit, let's say some things are getting caught or some things are not getting caught that they should be, so you may want to adjust them, or you may want to adjust what happens when the DLP policies are triggered.
So let's say for example you had a DLP policy and it was running, but you only had it warning users when they were sending data to external people and now you wanted to make it block it. Well, that's where you would be able to go in, find your DLP policy, and edit it. So to find the DLP policy, go to the Microsoft 365 Compliance Center, and then scroll down in the list. There may be a little button in the bottom saying show more, could look like this, show all I mean. If you can't find it, there should be one saying show all, click that, and then click data loss prevention. And then this will load up our data loss prevention screen and you can say all of your current data loss prevention policies in this screen.
So we can see the one that we've created, Australian Financial Data. Now to edit it, you just click on it and it'll pop up with this window on the right hand side with all of the different options here, it tells you the status and everything, so you can say where it's applied. So once you look at it and make sure it's the right one that you wanted to edit, you can then click edit policy. And it takes us through the wizard again, so we can see here, our names already set.
If you wanted to edit the description, you can edit it in here, but you cannot change the name of the DLP policy. The name is set when you first set it and then it is locked in, but you can change the description. And you can change the location, so let's say, I didn't want this on Teams anymore, I can click off. Or I wanted to include only a certain distribution group or exclude a distribution group, I can do that here as well. And then we could create more rules if we wanted more rules, but what we wanted to do is edit a rule.
So you can see here is our rules that we've already set, so you would hit this little edit button there and then you can change it. So let's say I wanted to make my credit card accuracy whether it's 75% and above, and also maybe tax file number to 50% and above, if it's a 50% match to 100% match. And let's say I wanted to add an exception, I could add that here too, and change the actions, change the text. So all the same settings that we set up in the previous video where we created our first DLP policy, we can then go and edit them in here.
So we can change the policy tip, maybe we want to add contact your administrator if you believe... If you believe this is a false positive. So yeah, that's basically it then you hit save, now you've changed your rule, you would go next. And the same thing, if you had it in test mode, you can turn it on, and if you want it to turn it off, you can turn it off here, and then review your settings and submit. And that's quite simple, that's how to go and find your DLP policy that you've already created and edit it or make changes to it, or turn it off and on, or do whatever you need to do with it when you want to change it.
Then when you hit done, that is applied. Once again, it may take a while for the changes to kick in and actually be enforced. Don't expect it to happen instantly, wait 12 to 24 hours. If you're lucky it might happen quicker but that's just what I've found.
Jake is an IT manager for a managed services company that works with small- to medium-size businesses and manages their IT. He mainly works with a Microsoft Stack, from Servers to Microsoft 365 & Azure. He also specializes in business process improvement helping businesses to leverage technology to speed up their workflows. Jake really enjoys testing out new technologies and seeing what they can do. Outside of work he enjoys kayak fishing, gardening, and going to the gym.