Microsoft 365 Data Leakage Policies (DLP) – Part 2

In Part 2 I’ll show you how to customize your existing policy and add Sensitive Info Types, Policy Tips and notifications to the policy. Please see Part 1 for the policy creation

1. Open the ‘Security and Compliance‘ from the Microsoft Admin Center

2. Find the policy you created in Part 1 and select it

3. Edit the policy

4. On the next screen select ‘Policy Settings‘ and ‘Low volume of content detected PII Demo

What is Low volume of content detected PII Demo ?

Low volume of content detected PII Demo This rule looks for files containing between 1 and 10 occurrences of each of two types of sensitive information (U.K. National Insurance Number (NINO) U.S. / U.K. Passport Number), where the files are shared with people outside the organization. If found, the rule sends an email notification to the primary site collection administrator, document owner, and person who last modified the document.

5. Edit the ‘Low volume of content detected PII Demo‘ setting

6. Add a new ‘Sensitive Info Type

7.  Click ‘Add’ on the next screen to select a Sensitive Info Type

8. Add in the following:

EU Debit Card Number

Credit Card Number

I found an issue when testing these (which I will explain in Part 3)

Click ‘Done

9. Next select ‘Actions’

Under ‘User Notifications‘ ensure notifications are set to on. You can also customize the e-mail, policy tip text and also to additional people where sensitive information is attempted to be sent to external recipients.

10. Scroll down to the ‘User Overrides‘ and ‘Incident Reports

  • User Overrides all users to provide business justification to override the policy
  • Incident Reports is way to capture the activity where data has left the organisation

11. Save the policy

In Part 3 I’ll show you how to test the policy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s