Microsoft 365 Data Leakage Policies (DLP) – Part 1

Here’s a basic guide to start implementing some DLP policies. In this small walk-through I’ve documented how to create a basic DLP policy. 

If you currently do not have access Microsoft 365 here are some options to sign up for 30 day trial. You’ll need at least an Office 365 E3 plan

https://www.microsoft.com/en-gb/microsoft-365/business/compare-more-office-365-for-business-plans

1. Logon to https://portal.office.com 

2. Select the ‘Admin‘ App

3. Scroll down and under the ‘Admin Centers‘ select the ‘Security and Compliance Center’

4. The 2 sections you’ll need take note of for the exercise is the ‘Policy’ and ‘Sensitive Info Types’ Click ‘Policy

5. In the right-hand pane select ‘Create New Policy’

6. On the next screen select the following:

  •  Show Options for United Kingdom
  •  Privacy
  •  UK Personally Identifiable Information (PII) Data

7. Click ‘Next’

8. Give you policy an appropriate name and description

9. On the next screen you get to choose which locations in Office 365 you can apply the policy to. The default locations are:

  • Exchange email
  • Teams chats
  • OneDrive documents
  • SharePoint documents

10. Keep the default option Protect content in Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents’ and click ‘Next

11. Check the Policy settings, this will protect against the following data types:

  • U.K. National Insurance Number (NINO)
  • U.S. / U.K. Passport Number

The detection will occur when content is attempted to be shared with external users outside of you organisation

12. Click ‘Next’

13. On the final screen select the following options:

  • Restrict access or encrypt the content
  • Block people from sharing and restrict access to shared content

14. On the next screen keep the default options set, click ‘Next

15. On the next screen leave the policy set with the default option ‘I’d Like to test it out first’ Click ‘Next’

16. Review your settings on the final page and click ‘Create’

Considerations:

  • When a DLP policy is created the policy can take up to 1 hour to become active, I’ve noticed in some cases the policy worked after a relatively short period but my Policy Tips took some additional time before they populated in Outlook or Office Docs

In Part 2 I’ll show you how to modify the existing policy, add additional Sensitive Info Types and setup notifications.

One thought on “Microsoft 365 Data Leakage Policies (DLP) – Part 1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s