Deploy Microsoft Purview Data Loss Prevention (DLP) policies to govern and prevent the inappropriate sharing, transfer, or use of sensitive data across apps and services.
Purview DLP
Organizations have sensitive information under their control, such as:
- social security numbers
- financial data
- proprietary data
- credit card numbers
- health records
- etc.
DLP detects sensitive items by using deep content analysis, not by just a simple text scan. Content is analyzed:
- DLP also uses machine learning algorithms and other methods to detect content that matches your DLP policies
- For primary data matches to keywords
- By the evaluation of regular expressions
- By internal function validation
- By secondary data matches that are in proximity to the primary data match
Protective actions of DLP policies
- show a pop-up policy tip to the user that warns them that they might be trying to share a sensitive item inappropriately
- block the sharing and, via a policy tip, allow the user to override the block and capture the users’ justification
- block the sharing without the override option
- for data at rest, sensitive items can be locked and moved to a secure quarantine location
- for Teams chat, the sensitive information won’t be displayed
We can apply DLP policies to data at rest, data in use, and data in motion in locations such as:
- Microsoft 365 Copilot (preview)
- Exchange Online email
- SharePoint sites
- OneDrive accounts
- Teams chat and channel messages
- Instances: Microsoft Defender for Cloud Apps
- Devices: Windows 10, Windows 11, and macOS (three latest released versions)
- On-premises repositories
- Fabric and Power BI workspaces
Deploy your policies in production
Design your policies
Feel free to start with one workload at a time, or across all workloads – there’s no impact yet.
Implement policy in simulation mode
Evaluate the impact of the controls by implementing them with a DLP policy in simulation mode.
Monitor outcomes and fine-tune the policy
Here are some examples of things to fine-tune:
- add new restricted sites
- adjusting the locations and people/places that are in or out of scope
- tune the conditions that are used to determine if an item and what is being done with it matches the policy
- the sensitive information definition/s
- add new controls
- add new people
- add new restricted apps
Enable the control and tune your policies
Once the policy meets all your objectives, turn it on.
DLP policy configuration overview
Viewing policy application results
- High volume of sensitive info shared or save externally
- DLP Alerts
- DLP Activity Explorer and reports
We can view the last 30 days of DLP information in Activity Explorer using these preconfigured filters:
- DLP policy rules that detected activities
- Endpoint DLP activities
- Files containing sensitive info types
- Egress activities
- DLP policies that detected activities
Contextual summary
We can see the text that surrounds the matched content, like a credit card number in a DLPRuleMatch event in Activity explorer.
Ref.
