Configure Data Loss Prevention policies in Exchange Online in Office 365
In this competitive market, data is only the key to execute business effectively and successfully. So, it’s important to secure and protect critical data from malicious usage. For example,
As per the US government, PHI and PII data should be protected and secured and the organizations who deals with sensitive personal and healthcare related data. They have to make sure that clients data will be secured and protected in their systems.
Data loss prevention is a strategy to make sure that sensitive data will be secured and protected inside organization network by monitoring, blocking, detecting when data is stored, moved or shared. Microsoft has added Data loss prevention capability to SharePoint online and OneDrive for Business in Office 365. This is a premium features of office 365 that can be used only with Office 365 Enterprise E3 or Office 365 Enterprise E4 to protect data by assigning usage restrictions. Other Office 365 Enterprise users use data that are attached with Information Right Management (IRM) in Office 365.
In this blog, we’ll configure Data Loss Prevention policies in Exchange online to prevent sensitive information to be mailed. So, let’s start step by step configuration
1/ You need to login to your Office 365 account and go to admin Centers in left panel of the screen
2/ Click on Exchange link, you will be navigated to “Admin Exchange center” page in new tab of the browser.
3/ Click on “Data Loss Prevention” option.
4/ To add a new custom DLP policy, Click on (+) plus button to get the context menu
5/ Click on “New Custom DLP policy” option, a new window appears where you have to enter policy name, description, state and mode of the requirement details. Click on save button to create policy and continue…
6/ You will be back to the “Data Loss Prevention” screen with newly added policy information.
7/ Double click on the added row to open the policy details, click on rules option in left part of the screen as depicted
8/ Click on (+) plus button to add a new rule. I have selected “Block messages with sensitive information” rule.
9/ On the following screen, we can add condition, action, exceptions, rule activation and deactivation dates
10/ Click on “Select Sensitive information Types” to specify the sensitive information details.
11/ Click on (+) plus button to add Sensitive information Type by name and publisher. I have selected two as depicted below in screenshot.
12/ Click on Ok button to continue on the next screen
13/ You can send DLP incidents report to specific recipients by following step
14/ Click on Save button to continue
Now, we are done with policy setup. Let’s validate the policy in outlook
If you try to send out any mail that contains PAN or AADHAR number details. DLP policy will be violated and will block your mail.
Hope, this will be helpful to all.
Thank you 🙂
It’s an old article now. If you’re willing to supply an update, happy to have it.