Microsoft·444 discussions

Office 365 Data loss prevention

Locked

Tags: Cloud, Cloud

I wanted to get thoughts on the numbers of hours you’ve found to implement Office 365 data loss prevention for a creating a test DLP policy, tuning the policy, investigating false positives, and implementing the DLP policy?  

I was not certain how many hours this requires once management has defined what criteria is being screened.  PS – we have the Office 365 Business Premium E3 licensing in place.

Topic

OFFICE 365 DATA LOSS PREVENTION

In reply to Office 365 Data loss prevention

To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

With a DLP policy, you can:

Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.

For example, you can identify any document containing a credit card number that’s stored in any OneDrive for Business site, or you can monitor just the OneDrive sites of specific people.

Prevent the accidental sharing of sensitive information.

For example, you can identify any document or email containing a health record that’s shared with people outside your organization, and then automatically block access to that document or block the email from being sent.
Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint, and Word.

Just like in Exchange Online, SharePoint Online, and OneDrive for Business, these Office desktop programs include the same capabilities to identify sensitive information and apply DLP policies. DLP provides continuous monitoring when people share content in these Office programs.

Help users learn how to stay compliant without interrupting their workflow.

You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and Word.

View DLP reports showing content that matches your organization’s DLP policies.

To assess how your organization is complying with a DLP policy, you can see how many matches each policy and rule has over time. If a DLP policy allows users to override a policy tip and report a false positive, you can also view what users have reported

Setting up data loss prevention in Office 365

In reply to Office 365 Data loss prevention

1. Create and store data loss prevention policies. Come up with a policy that identifies sensitive data while allowing users to work with it. Specify different actions that might occur depending on how the data is being handled. To set up a data loss prevention policy, log into Office 365, choose Admin centers and click on Security & Compliance.

In the Security & Compliance menu, choose Data loss prevention and then click on Policy. Upon clicking the “Create a policy” button, you will be presented with several wizards on how to go through the process of creating different policies, including specific policies for financial, medical, privacy, and customized situations. For instance, you can easily set up policies for financial data through one of the wizards. Choose the specific standard or country that is relevant to your business.

2. Once you have created the policy, click Next and then specify where you want that policy to be enforced. You can choose to apply them in Exchange, SharePoint sites, and/or OneDrive accounts. You can even indicate specific OneDrive accounts and SharePoint sites.

3. You can customize your own set of rules as well. There are two settings options for each policy in Office 365. “Simple settings” allows you to apply default rules that already exist in Office 365. If you are looking to fine tune what actions and conditions the policy should have, the “Advanced settings” option will open the rule editor.

4. After that, you can tweak the policy tips that are shown to users, as well as the number of times a particular piece of sensitive information can be shared before being alerted. In “Advanced Settings,” you can tweak the policy tips that are shown to users and adjust the number of times a particular piece of sensitive information can be shared before triggering an alert. You may also restrict or block people from being able to share access to sensitive content.

5. A newly created policy can be deployed right away, or kept turned off. You also have the option to test out the policy before you turn it on.

Office 365’s DLP is a good first step for organizations looking to implement stronger data security, but it has its limitations compared to enterprise class DLP. Some licenses include basic DLP detection capabilities but lack customizable policies, device type access, and document fingerprinting. Other licenses can monitor and secure data, but they lack blocking and encryption capabilities.

[Author]

Replies