The Ultimate Guide to Microsoft 365 Data Loss Prevention (DLP)

Do you have a security system that prevents data loss and information theft? Use Microsoft Data Loss Prevention to secure data in use, in motion, and at rest. You can also connect the DLP system with other Microsoft applications.

Business organisations need data to solve problems, make better decisions, and improve processes by reviewing past performance. It is an effective way for companies to establish their goals and benchmarks to keep prospering in a competitive market. Moreover, companies must prevent data loss. 

Data loss has multiple reasons, such as human error, hardware theft, software corruption, viruses, power failure, etc. Regardless, no company wants to lose its data and risk its reputation. Therefore, the wise decision is to use Microsoft data loss prevention (DLP) to keep your data always protected. 

DLP is a part of the Microsoft Purview tools suite that prevents access to confidential information. Need help in protecting your data from potential threats? Our Microsoft 365 experts can help you secure your company’s sensitive information.

What Is Data Loss Prevention in Microsoft 365?

Data Loss Prevention is a compliance tool in Microsoft 365 that helps protect different data types. It is designed to secure data in use, in motion, and at rest. This DLP tool is also connected with Microsoft Information Protection (MIP). By accessing MIP, you can learn which data is protected to prevent the loss of unprotected data.

DLP examines emails and documented files to scan sensitive information such as credit card numbers. Then it secures this information to prevent data theft and unintentional or accidental sharing of data. DLP has multiple protective action policies that block people from accessing and copying the data from an unauthorised location.

What Is Microsoft 365 Compliance / Microsoft Purview?

Microsoft Purview, previously known as Microsoft 365 compliance portal, helps organisations access their data online. It also has tools that manage the data according to the organisation’s compliance needs. 

Organisations can fulfil their legal, regulatory, and technical compliance requirements across Office 365, Exchange Online, and SharePoint Online. Organisations can perform these key tasks from Microsoft Purview’s Compliance Center:

• eDiscovery: The feature to search, identify, locate, and retrieve records for legal matters.
• Data Governance: It allows users to import email from external platforms, launch a new archive in the Shared Mailbox and establish email policies.
• Threat Management: This feature protects business data from accidental loss and malicious software.
• User Permissions: Companies can set access limitations on files and tasks to only approve employee access to specific files.
• Office 365 Auditing: Continuously logs and reports activities occurring on other Office 365 applications.
• Alerts: Create alerts when user activities match a clause on the alert policy.

How Does Microsoft 365 DLP Work?

Data loss puts a company in a negative light by disrupting productivity, damaging reputation, and exposing sensitive client and customer information. Therefore, organisations can implement data loss prevention by applying DLP policies from Microsoft Purview. 

The DLP policies allow companies to identify, monitor, and automatically protect sensitive items. You can use DLP across:

• Every Microsoft 365 service such as Teams, Exchange, SharePoint, and OneDrive.
• It is also available for office applications such as Word, Excel, and PowerPoint.
• DLP activation requires Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) endpoints.
• It can be used in non-Microsoft cloud apps.
• It is accessible for on-premises file shares and on-premises SharePoint.

Activated data loss prevention policies use deep content analysis instead of a simple text scan. The deep analysis detects and separates sensitive information from irrelevant information. DLP uses primary data to match keywords during content analysis. These data match keywords are collected by evaluating regular expressions, internal function validation, and secondary data matches. If these matches correlate with primary data match, DLP creates and stores new data match keywords.

DLP also utilises machine learning algorithms and other AI-based methods to detect content relevant to your DLP policies. These matches are important to protect confidential data from external threats. The DLP policies take protective action every time a user attempts to access and retrieve sensitive information.

Moreover, the policies automatically activate the protective actions when a user logs in from an unauthorised location. When this happens, the DLP system gives an alert as:

• A pop-up opens on the screen warning users that they are trying to access or share confidential data.
• The DLP program blocks the sharing option simultaneously. Therefore, the user cannot override the warning window and inappropriately use the information.
• An authentic user can provide the reason for sharing the confidential data through the users’ justification option.
• If the data at rest is threatened, the DLP system moves the data files to a secure quarantine location to prevent access.
• Sensitive information is not displayed on the Teams chat feature.

The owner of the sensitive data receives notifications if an unauthorised person tries to access or share the files. These notifications are directly sent to the DLP alert management dashboard.

DLP Lifecycle

Microsoft 365 data loss prevention program works through three major phases. Those phases are:

Plan for DLP

DLP monitoring and protection is applicable across other Microsoft 365 applications. Planning DLP policies is easier for users accustomed to data loss prevention programs. For Microsoft DLP to work, you must change your business processes by limiting employee users’ access.

 However, you must identify and set acceptable behaviour vs unacceptable behaviour in the policy to protect the right information. You should deploy new policies in test mode to evaluate their impact and work. During test mode, you can try to share or access the protected information to see if the system is working.

Prepare for DLP

DLP policies protect data at rest, data in use, and data in motion in different Microsoft applications. However, you will need to create that environment by configuring policies that apply to those apps. After creating, thoroughly test them and activate the blocking actions.

Deploy the DLP Policies

Deploying policies in test mode helps you monitor the outcomes and fine-tune them to meet your objectives. During testing, you can ensure that no policy is blocking your employee’s workflow, lowering the productivity levels. If DLP is affecting your workflow, you can:

• Adjust access location.
• Change policy’s conditions.
• Revise the definition of sensitive information.
• Revise restriction levels.
• Add new controls, authorise people, and restrict apps and sites.

Benefits of Microsoft 365 Data Loss Prevention

Microsoft 365 DLP tool is one of the widely used cloud applications to prevent data loss. It is used all over the world due to its easy-to-implement policies and their benefits. Those benefits are:

Optimised Cloud App Security

DLP software uses AI technology to connect with all Microsoft applications. Once you discover, classify, and protect sensitive information, it is protected across multiple apps and locations. As DLP is cloud-based, it safely allows you to access information from anywhere in the world. Moreover, you only have to create policies once to provide the best protection for your sensitive data.

Automated Threat Detection

DLP has a built-in threat detection system that scans your data to create match keywords. These match keywords allow the DLP system to pinpoint unauthorised access or sharing of sensitive content. The program scans the system files daily across all Microsoft applications. Then it updates the match keyword collection also to protect newly uploaded data. 

24/7 Monitoring

Microsoft DLP is always monitoring and protecting your data from breaches and threats. Due to 24/7 monitoring, the system detects and blocks any threat within seconds. The system will notify you about the threat while detecting and blocking access to a confidential file. You can later investigate the matter and find out if the security risk came from your employees or not.

Double Key Encryption

All the information protected by DLP is placed under double key encryption. Only you and the approved people can decrypt the protected content as the data administrator. However, it’s your responsibility to protect the encryption keys and keep them within a geographical boundary.

Key Considerations for Data Loss Prevention

The DLP system is very effective in protecting data and preventing data loss. However, you must follow these key considerations while creating DLP policies. Failure to follow them can reduce the system’s efficiency and threat resolution.

• You must migrate DLP policies to the Microsoft Purview compliance portal. If the policies are not migrated, it may create unexpected results such as a lack of policy tips displayed.
• The user notifications can configure a policy by only using one rule. A policy configuration error will occur if you create a policy that uses two or more rules. Therefore, only use one rule for configuring a policy.
• You cannot see a policy tip while using the DLP system on Outlook 2013 or later version clients on Windows 7.
• Policy tip is not displayed when you try to attach a file in an email that uses the format of Adobe PDF version 10 or later versions.
• You need to ensure that the test data of a policy is valid when evaluating the instance count and confidence level of the DLP policy rule. Therefore, ensure test data is according to the definition of sensitive information type entity.
• You must tune the DLP policy and make adjustments to make sure that the policy behaves correctly.
• DLP templates are not personally designed for different organisations. Due to this reason, you can find the system showing false positives. Therefore, you should test and tune the policies before deploying them on your database.
• Microsoft’s DLP system minimises the risk of accidental data deletion and information disclosure. It is not a practical solution to prevent them.

How to Implement DLP Policies

The easiest way to implement the DLP policies is by using built-in templates from the Microsoft Purview compliance portal. In addition to templates, you can personally customise the rules to meet your organisation’s specific compliance requirements. Microsoft 365 provides more than 40 templates for regulating different business policy needs.

Moreover, you can modify a template by changing its existing rules. This way, you don’t have to build a policy from scratch. The template system is suitable for businesses that do not have a data security team. 

You can create and implement DLP policies, but your security or compliance team will need permission to access the Compliance Center. After giving permission, follow these steps to deploy a DLP policy using a built-in template.

• Sign in to the Microsoft Purview compliance portal.
• Go to the “Solutions” category.
• Find “Data Loss Prevention” in the list and click on it.
• Locate the “Policies” section.
• Click on the “Create Policy” tab.
• Choose the suitable template to protect your sensitive information and press “Next”.
• Give the policy template a name to differentiate between different policies and press “Next”.
• Now choose the location you want the DLP policy to work and protect your data. You can select the default location scope or customise the scope yourself. Then go to the next tab.
• Choose which Microsoft apps are protected and included in the DLP policy. You can choose whether or not to include all information, emails, and accounts. If you turn the application status on, the policy will automatically apply to all subsites after deployment.
• Click on “Review” to double-check the information. Then press “Next”.
• A DLP policy template has predefined rules with conditions and actions. These rules detect and protect specified sensitive information. However, you can edit, delete, or shut down existing rules or add new ones.
• Choose detection between inside or outside organisation data sharing.
• Enable policy tip notifications.

You have successfully created a policy. Now test and monitor its outcome to further fine-tune it. When your policy is ready to implement, go to the central policy store in the Compliance Center. Locate the policy and sync it. It will automatically start evaluating and protecting content.

Conclusion

Microsoft’s data loss prevention system secures your organisation’s sensitive information 24/7. It is a cloud-based system that can be integrated with all Microsoft applications. It protects the files by scanning documents and matching them to the encoded definition of sensitive information. You can customise a DLP policy to ensure it protects against internal and external breaches.

Need a data loss prevention system for your organisation? Our Microsoft 365 consultants will help you create customised policies to provide maximum data security.

Clint Shiels

With over 20 years in the technology space and a background focused on Microsoft and Security, my methodology is to understand business requirements and outcomes first and foremost then set out a roadmap and delivery plan to achieve these through advisory and modern workplace delivery services.