Since data is the most valuable thing in today’s business world, organizations should be careful about protecting sensitive data. Especially when it comes to the security of emails, measures should be taken to safeguard them. Many things can be done to ensure that the sensitive data does not leave your firm unsecured. Users should consider compliance management of Office 365 to safeguard the emails exchanged through their organization. Microsoft offers the DLP to protect the data from breaches. Users can modify the DLP rules according to the requirements as well. Therefore this write-up will discuss how to Enable DLP in Office 365. We will provide elaborate discussion on issues related to data loss protection policy as well.
Many of the data loss events involve employees, and most of them are not intentional. Many Organizations allow employees to access confidential information without auditing, which results in employees moving data without any concrete trace. Sometimes employees get tricked into sharing confidential information, sometimes they share information with people they think they can trust. In strict systems, the inability to follow certain procedures precisely may lead to vulnerability. For all these reasons, organizational compliance management should receive the attention it deserves.
Before setting up an email-based security policy for your organization, you have to follow government regulations set for the sector your company belongs to. These policies help to protect data from all types of unauthorized exposure and access.
If your organization belongs to the healthcare sector, you have to follow the “Healthcare Insurance Portability and Accountability Act” (HIPPA) from 1996. It contains rules that have to be followed in the healthcare sector.
For companies belonging to the financial sector, the regulations come from the Gramm-Leach Bliley Act (1999). According to this regulation, all financial organizations have to confirm the confidentiality and security of the data.
Publicly traded companies also need to follow a 2002 Act named the Sarbanes Oxley Act. It imposes rules for companies to keep their data safely and securely. It also requires data including emails to be available during any disaster.
There are two types of licenses are available for the DLP:-
When any organization enable DLP in Office 365. They handle the DLP through emails in different ways. While some firms have written policies against sharing private customer information outside organizations, others use “Transport Layer Security (TLS) encryption.” It protects emails by providing end-to-end encryption. TLS setup can be done in several ways. One is opportunistic TLS which requires both companies to have TLS enabled. There also exists mutual TLS that has to be set between two organizations that want 100% TLS encryption while exchanging messages. Apart from these, many organizations set up data loss prevention (DLP). It can be configured to encrypt only the messages that contain sensitive information or stop such emails from sending.
Now, we will move to another section where we will talk about how to setup DLP Office 365.
Read More: Why Office 365 Backup is Necessary?
Getting Started
Here, we will be selecting “New DLP policy from template” option.
This puts the policy in a detection-based mode. You can evaluate and determine if this is the correct policy for your organization.
Using Policy Tips, you can notify other email users regarding non-compliant information placed in their messages before they send it. Policy Tip configuration allows you to do various things like notifying the sender, blocking the message, redirecting to the compliance URL, etc. In this section, we will discuss creating policy tips to stop sending messages.
Once the Policy Tips is in full testing mode, you can run this as long as you feel appropriate.
PowerShell is the technical method to setup DLP Office 365, so it is advisable to consider this only if you are familiar with technical know-how. Plus, there are some limitations associated with this including complex syntax, potential errors, and limited functionality for certain DLP policies and configurations. Still, if you want to opt for this, then go through the guidelines given below:
Step 1. Establish a connection to the Security and Compliance Center PowerShell
Connect-IPPSSession
Step 2. Create a DLP policy
New-DlpCompliancePolicy -Name RevenuePolicy -Mode Enable -ExchangeLocation All
Step 3. Modify DLP policies
Set-DlpCompliancePolicy -Identity RevenuePolicy-Comment "Exchange Online locations."
Step 4. Create a DLP Rule
New-DlpComplianceRule -Name SecurityRule ` -Policy RevenuePolicy ` -ContentContainsSensitiveInformation @{Name="Amount (A) ";minCount="1"} ` -BlockAccess $True
Now the DLP policy is ready and it will appear in the portal as well.
Formally, admins have the right to access and setup DLP Office 365. But sometimes there is a need to provide access to the DLP to other users as well. Follow the below steps to assign permissions to other users for accessing the DLP policy.
Ultimately, this entire security-related issue should be dealt by Email Administrators and the Security team together. They should create an appropriate plan together following the guidelines of the organization. All must remember that the loss of personal information can have severe consequences. The organization involved in sending personal information and the people whose information is getting emailed outside the organization, both want to protect the personal information and parties involved. Therefore, everyone should work together to secure all types of sensitive information. Despite using DLP to protect the data. Users can export Office 365 mailbox to PST for providing advance level of security. Users can also work offline with Office 365 by saving all the data locally.
This post aims to educate people about DLP. It has also depicted how to Enable DLP in Office 365 Compliance management. Readers will be able to test and run reports as well as enable DLP within the tenant of Office 365 Exchange Online. We must all understand that email security is a complex matter and every organization should be careful about it.
Q1. How to create a custom DLP policy in Office 365?
Ans - Follow the quick 4 steps to create a custom DLP in Office 365.
Q2. From where I can analyze the DLP?
Ans - To view the DLP status you need to go to Microsoft Purview and then the Report section
Q3. What are the different ways to Enable DLP in Office 365?
Ans - One can enable the DLP in Office 365 using the Exchange Admin and PowerShell commands.
Q4. What type of license should I need to setup DLP Office 365?
Ans - The E5 license is the better one to apply the customizable DLP on large emails.
Q5. Can I Disable DLP in Microsoft Office 365?
Ans - Yes, for any reason, if you want to disable the Data Loss Prevention Policy In Microsoft Office 365. Then it could be a quite easy task with the following quick steps:
Q6. How Do I View DLP Reports in Office 365?
Ans - Viewing the reports of DLP in M365 becomes a crucial task for many users, here are the stepwise instructions to do so:
Q7. Are there any specific services where we can apply the DLP policies?
To safeguard crucial information from unauthorized access or cyber threats, one can apply the Data Loss Prevention policies on various services which are: