What is data loss prevention in Microsoft 365? DLP is a set of tools available in Microsoft 365 to help ensure that sensitive data is not lost, misused, or accessed by unauthorized users. DLP classifies confidential, business critical, or regulated data, and identifies violations of the policies that are set in your tenant.

DLP looks at messages, files, and other documents that contain sensitive information and applies the policies that you configure about what can be done with this data. For example, you may specify that credit card numbers cannot be sent via email, or that personally identifiable information cannot be stored in a location. When types of information that has been specified on a DLP policy is found, you can make it display a warning to warn the user that they may be sharing some sensitive data, or you can make it block the action completely.

Why use data loss prevention? In the modern world, businesses are increasingly having to adhere to regulations such as HIPAA, GDPR, and PCI DSS. If you are managing a tenant that is in an industry or country that has data protection regulations, then you may wanna be setting up DLP to reduce the risk of breaching these regulations.

Another reason to use DLP is to protect intellectual property and confidential data. If you have information that is owned by the company that should not be shared with people outside of your organization, then you may want to look at how you can leverage Microsoft 365 DLP settings to protect this information. This could be information like internal business processes, designs or schematics, financial records, or even names, addresses, and personally identifiable information.

Imagine you are working at Intel, and the engineering team is working on a revolutionary new CPU design. Imagine if the new CPU designs got leaked to the world before any patents were set. And now the competition not only knows that you are working on a new product, but also has access to your designs. And can now potentially beat you to market.

Another reason to use DLP is to protect your organization's reputation. One of the most common reasons for a data leak is an internal actor. Whether the internal person leaks the data accidentally or on purpose, setting up DLP policies can allow you to detect, stop, and monitor these types of breaches.

What information can we protect with data loss prevention? With DLP, we have access to built in templates to detect things like credit card numbers, bank account information, passport numbers, and other personally identifiable information. You can also create your own conditions and rules to detect information that is sensitive, and then protect that information. Currently, DLP only supports text and cannot detect information on voice or videos.

What services can be used with data loss prevention? Being a Microsoft 365 feature, DLP is supported over multiple services. Currently, it supports OneDrive, SharePoint, Exchange and Microsoft Teams. As of 2021, Microsoft has released some support for non-Microsoft cloud platforms. Box, Dropbox, G Suite, Salesforce and Cisco Webex are services that are currently in preview status. So they are not production ready and may not work all of the time. But you can say that they are under development. And as time goes on, Microsoft will most likely add to the cloud apps that are supported by Microsoft 365 DLP policies.

Which Microsoft 365 plans include data loss prevention? These are current at the time of recording this class. But with all cloud services, sometimes things change. By the time you are watching this, Microsoft may have added new plans, or changed what is included in different plans. To find the current up-to-date list of plans, go to the Microsoft Documentation for Microsoft 365 Licensing Guidance for Security and Compliance. There is a nice little Excel file there that has all of the features on the different plans.

How data loss prevention works in Microsoft 365. A data loss prevention policy's basic structure is that you have rules. Each of the rules have conditions and actions. If a condition of the DLP policy rule is matched, then the action will happen. Each of the policies are applied to locations. An example of this might be a rule like we discussed earlier to detect and block emails containing credit cards. The location that would be applied would be Exchange. The conditions that would need to be met would be that a credit card number would need to be detected. And the action would be to block the email.