Microsoft 365 Data Leakage Policies (DLP) – Part 3

In Part 3 I’ll walk-through the process of switching on and testing this policy. 

These exercises are completed in a Tenant where I know the Risk and Impact will be low so please ensure you test these in an environment where are able to turn on the policy without impacting a production environment.

Microsoft have a very good guide here on how to roll out DLP Policies and the steps you should consider when doing so.

One further consideration to test before going live is that you can run tests from Security and Compliance>Classification>Sensitive Info Types. Simply select you sensitive info type, double-click it and use the option ‘Test Type

Use a dummy credit card number which can be generated here

Save the number to a sample text file ready to be scanned by Microsoft 365

For this example I’ll use the Credit Card Number sensitive info type

Browse to the file or drag and drop the sample text file with a sensitive info type to test the outcome

Please note that this is just testing for a credit card number, in the full DLP policy the content is detected with at least 2 pieces of information. For details see here

1. Open the ‘Security and Compliance‘ from the Microsoft Admin Center

2. Find the policy you created in Part 1 and select it

3. Edit the policy

4. Set the policy to ‘Yes, turn it on right away‘ click ‘Save

5. Policy status should now be set to on

The policy may take up to an hour to apply once you enable for documents and e-mail

6. Use the sample text file you created earlier with the credit card number in it

a. Create a new mail message

b. Add an external recipient

c. Add an attachment with the credit card number

You’ll notice that the policy does not detect the data inside the attachment, this is because you need 2 types of data to validate that this is a credit card

Close the email and don’t save it. Open the sample text file and add the word ‘Visa‘ before the number, with a space and save it. Carry step 6 again and notice the difference

This time you will see the Policy Tip notifying you of a problem with the data in your attachment. You have the option to override with business justification or confirm there is no sensitive data. You cannot send the email without selecting one of these options

7. You can also test this by adding the text directly to the body of the message, you’ll see the same output

Considerations

Before starting with DLP define what the problem is that you are looking to solve.

Consult Microsoft’s documentation for all the information, Part’s 1-3 is just to enable some light hands on practice to get started with DLP.

Design you policies and rollout plan with you key stakeholders and users in mind and keep them involved throughout the process

Decide on some scenarios for DLP and look at testing these within a safe environment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s