Microsoft Purview part 4: This is part 4 of several parts that deal with Microsoft Purview and which tools are available there.
In this blog post, we dive into how to define and apply DLP policies that identify, monitor and automatically protect sensitive data.
What is Data Loss Prevention (DLP) and how can it be used?
In today's digital world, protecting sensitive information is essential for any organization. Data Loss Prevention (DLP) helps you prevent sensitive information from being shared with unauthorized people. Microsoft Purview offers a comprehensive DLP solution that integrates with several Microsoft 365 services such as Teams, Exchange, SharePoint and OneDrive, as well as Office applications such as Word, Excel and PowerPoint. In addition, you have your own DLP rule sets which are more aimed at Power Platform, Endepunkt, etc.
How does DLP work?
DLP in Microsoft Purview works by defining and applying DLP policies that identify, monitor and automatically protect sensitive data. This is achieved through deep content analysis, including keywords, regular expressions, and machine learning algorithms. Let's take a closer look at some of the most important features of DLP.
Important features of DLP
Identifying sensitive information: DLP policies can detect sensitive information such as credit card numbers, social security numbers and health information using advanced analytics methods. For example, a DLP policy can detect and protect a document containing credit card information stored in OneDrive.
Monitoring and notification: When a DLP policy detects a breach, it can automatically notify administrators and users. For example, if an employee tries to send an email with sensitive data to an external recipient, the DLP policy can block the email and notify both the sender and the IT department.
Automatic protection: DLP can automatically protect sensitive information by encrypting data or restricting access. For example, a DLP policy can automatically encrypt a document containing sensitive data when it is uploaded to SharePoint.
Reporting and auditing: DLP provides comprehensive reporting and auditing capabilities that help organizations track and analyze incidents. This makes it possible to identify patterns and improve security measures over time. This is done by running the policies in simulation mode. Or by looking at activity tracking in PurvView.
Concrete example of DLP in action
Sharing of sensitive information types: By creating a SIT (Sensitive information type) as described in a previous post, you can use this further into a DLP rule. In the example below, I have created a SIT that listens on Norwegian social security numbers, this is set up to block external sharing, send information to an IT administrator and give the user a tip that you are now doing something you are not supposed to do. The DLP rule applies to both E-mail and Team's channels and messages.
The same DLP rule is set to hit in Teams against external ones.
Bjørnar & AI
Comments