Data Loss Prevention in Office 365: Part Two

dick-powell-in-car-blindfolded

In a previous post, I provided a brief introduction to Office 365’s data loss prevention offering.

This time, we’ll walk through the process of creating a DLP policy from a template.

Before we start, let’s keep three key ideas in mind:

1.) Data Loss Prevention (DLP) policies are intended to prevent the accidental or malicious transmission of sensitive company and/or customer data (for example, emailing a social security number unencrypted to a recipient).

2.) In Office 365, DLP policies are built upon sensitive information types.

3.) Sensitive information types are, as the phrase implies, the confidential or otherwise protected information you want to prevent from being freely transmitted.

This TechNet link provides a listing of the current inventory of sensitive information types that can be used in a DLP policy.

So now let’s walk through the creation of a DLP Policy.

1.) Login to the Exchange Admin Center and choose compliance management and then, data loss prevention (note that in the screenshot, a policy for reporting credit card data is shown):

DLP Walkthrough 1
2.) Click the plus symbol to select New DLP Policy from template option

DLP-policy-plus-arrow-selector

 

3.) Now you can browse through the selection of sensitive information types:

DLP Walkthrough 2

 

4.) Notice that the PCI Data Security Standard (or, PCI DSS) is selected. Click Save to continue.  You’ll be returned to the main screen.

DLP Walkthrough 1

 

5.) The DLP policy is in-place but its properties – including the actions you’d like it to take – have not been configured. Click the pencil icon to edit the policy.

DLP Walkthrough 3

6.) The general section is where you set the policy’s name, write a description, choose its state and also select whether or not you want the policy to be enforced or act in a testing mode.  Next, click the rules link.

DLP Walkthrough 4

And that’s it for now.  In the next post, we’ll complete the creation of this policy and review some of its finer grained elements.

 

Published by

D. Roberto

No one can know everything...but I come close! Actually, this project is an enhanced version of the notes I take everyday to sharpen my skills and deepen my understanding. Hopefully, it can be of some benefit to my fellow specialists around the world.