In a previous post, I provided a brief introduction to Office 365’s data loss prevention offering.
This time, we’ll walk through the process of creating a DLP policy from a template.
Before we start, let’s keep three key ideas in mind:
1.) Data Loss Prevention (DLP) policies are intended to prevent the accidental or malicious transmission of sensitive company and/or customer data (for example, emailing a social security number unencrypted to a recipient).
2.) In Office 365, DLP policies are built upon sensitive information types.
3.) Sensitive information types are, as the phrase implies, the confidential or otherwise protected information you want to prevent from being freely transmitted.
This TechNet link provides a listing of the current inventory of sensitive information types that can be used in a DLP policy.
So now let’s walk through the creation of a DLP Policy.
1.) Login to the Exchange Admin Center and choose compliance management and then, data loss prevention (note that in the screenshot, a policy for reporting credit card data is shown):
3.) Now you can browse through the selection of sensitive information types:
4.) Notice that the PCI Data Security Standard (or, PCI DSS) is selected. Click Save to continue. You’ll be returned to the main screen.
5.) The DLP policy is in-place but its properties – including the actions you’d like it to take – have not been configured. Click the pencil icon to edit the policy.
6.) The general section is where you set the policy’s name, write a description, choose its state and also select whether or not you want the policy to be enforced or act in a testing mode. Next, click the rules link.
And that’s it for now. In the next post, we’ll complete the creation of this policy and review some of its finer grained elements.