Microsoft Purview: Multi-Factor Authentication and Data Loss Prevention

Hey folks, Pure Awesomeness here once again! I know what you’re all thinking: “Where on earth has he been all this time?” I know it’s been a while since my last blog, and you’ve all been patiently waiting for my next release. 

Well, wait no further as my new blog is here! And the best part of it all is that it’s a multi-part blog series! Here’s where we all stand up and do the Evan All Mighty Dance. 

So, what’s the topic of this blog, you ask? Well, before I tell you, I need you to do a few things for me (if you’re a frequent reader of my blogs, this should come as no surprise, albeit with some minor changes) 

• Follow Insentra on LinkedIn 

• Subscribe to Insentra’s YouTube channel 

• Go to your kitchen (or your local café) and get yourself a Black Eye (no, not THAT black eye). If you love your liquid gold and need that caffeine hit, then this drink is for you!  

Now that formalities are out of the way, on to the topic of this blog! A topic that’s been very hot with my customers lately is all-around information security. Basically, what are the ways you can protect your organisational data directly from within Microsoft 365 (M365)? 

Think about this: you’ve done your discovery of your data islands, and now you’ve uncovered a large amount of data that contains sensitive information. How can you protect this data? 

If you’d like to know the answer, then grab your Black Eye and buckle up as I’m about to take you through some capabilities right now! 

But first, check out my previous blog, Microsoft Purview – Protect Yourself, Don’t Become a Data Breach Statistic, to refresh your mind on what Microsoft Purview is. Once you’re done, pass GO, collect your $200, buckle up and read on! 

SO WHY INFORMATION SECURITY? 

Let me ask you one thing: What would your organisation do if it made front-page news because of a data breach? They say any reputation is good reputation, but news like that isn’t something to celebrate. 

In fact, it causes negative reputational and brand impact, not to mention the potential massive financial fallout – just ask the 47% of Australians who, in a recent study by the OAIC, confirmed that they would either close their account or stop using a product or service provided by an organisation that experienced a data breach.  

So, what protective measures can your organisation take to stop data from landing in the wrong hands? Now, what kind of blog post would this be if I didn’t explain ways in which you can achieve this goal? 

The following is NOT an output from ChatGPT. This is from the Pure Awesomeness GPT platform, where I plan to pass on all the knowledge to you, my loyal readers. Now, just one more sip of the Black Eye and we’re ready to rock! 

Multi-Factor Authentication 

Yes, I know this falls under the identity protection umbrella, but if you think about it, MFA also protects your data. Without it, the bad guy can gain access to your data just by hacking your password. 

So, if MFA isn’t enabled across the organisation yet, turn it on now! But contact me first and I’ll show you the controlled way to get it deployed. Once deployed, you can breathe a sigh of relief that user123@domain.com.au now has an added level of security, and that they aren’t just relying on that password written on a Post-It note in their desk drawer. By the way, if this is a practice you still do today, please don’t pass GO, don’t collect your $200 and contact me straight away! 

Right, so MFA is enabled now, but what about the data itself? What can be done? Keep on reading, my loyal apprentice. 

In my previous blog, I covered all the capabilities of the beast that is Microsoft Purview. It’s now time to deep dive into some of these capabilities that will help you protect your most sensitive information. 

Data Loss Prevention 

First up: Data Loss Prevention. DLP, as it’s commonly known, is a security solution that helps prevent sharing of sensitive information. 

I won’t go into too much detail on what DLP is (you can visit the blog I linked above if you want a more thorough explanation of DLP). Instead, I’ll take you through a basic policy configuration because I’m a nice guy. 

1. First things first, log into the Purview portal – https://compliance.microsoft.com or if you’ve made the switch and are using the new portal – https://purview.microsoft.com  

2. Click on “Data loss prevention”, and then click on “Policies” 

3. Click on “Create policy” 

4. For the purposes of this blog, I’m going to create a policy for Australian sensitive information types. I’m selecting Medical and health as the category and using the built-in Australian Health Records Act template. Click “Next” 

5. Name your policy (the default name is usually good enough) and click “Next” 

6. Leave as the default Full directory and then click “Next” (feel free to specify admin units) 

7. Select the locations where you want to apply the DLP policies (Note: I have E5 licenses available, hence why all locations are available) 

8. For the purposes of this blog, I’m going to only review the default settings for the template, but you can customise the configuration if necessary (e.g., change the instance count, confidence levels, notifications, etc). Click “Next”  

9. We’ll leave all these settings as default and click “Next”. Most of the time, organisations will want to deploy DLP policies to protect sensitive information from being shared with people outside of the organisation.  

10. Again, we’ll leave this all as default, but if required, the alert notifications can be changed to be sent to a distribution group instead. By default, the admin who creates the DLP policies and all Global Admins in the tenant will receive the alerts. Click “Next” 

11. Next, we can customise any override settings, set content to be encrypted as part of the DLP policy or even apply the DLP policy to some 3^rd party apps like Box and Salesforce. We’ll leave this all as default, but if you want to set these in your environment and need some further assistance, you know where to reach me. Click “Next”. We’re almost there! 

12. Now, the cool part! You can enable the policy in test mode, turn it on in production, or turn it off. My recommendation is test it out first before you roll it out into production 

13. Review the configuration and click “Finish” 

BOOM! DLP policy is now enabled to protect medical information. Pretty easy right?  

Now, can it get even easier to not only deploy the policies, but also test these out against dummy data to make sure you’re on the right path? It sure can! Allow me to introduce you to… 

Advanced Deployment Guides 

So, what are these? In a nutshell, the white wizards of Redmond have developed guides that allow you to follow the bouncing ball to get specific workloads and features deployed across the tenant. Some of these guides even configure some of the policies for you automagically (still working on this word being published in the Oxford dictionary). 

The Microsoft official definition: Microsoft 365 advanced deployment guides give you tailored guidance and resources for planning and deploying your tenant, apps and services. 

Pretty cool right? So, how do you access these? I thought you’d never ask! 

On the M365 Admin Centre home page, you’ll find a nice-looking purple hammer. 

Click on it and you’ll then be presented with a search bar. Type in DLP and you’ll see the link to the Information Protection guide. Ignore the “Adoption and Secure Scores” – this is a lab environment, I swear! 

Now you’ll notice there’s no specific guide for DLP. That’s because it’s combined into the Information Protection guide. Click on the guide and you’ll now be presented with the step-by-step guide on deploying Information Protection, including DLP! 

As you progress through the guide, you’ll notice that data loss prevention eventually shows up as a configuration option. 

Once clicked on, each link above will give you some information on the right-hand side of the screen. You can even assign the task to someone in your team and set a due date! 

Now, it’s time to test with dummy data. To do this, click “Next” in the wizard. On the left, you’ll see something called the “DLP test harness”. 

Download the script and run it. After the usual security messages, enter your admin credentials for your tenant. 

Once authenticated, you’ll now be able to test your configured DLP policies against three different types of Australian sensitive information.  

And there you have it–everything you needed to know on how to configure DLP policies across your M365 tenant! 

Don’t worry, this isn’t the only way to protect your data. There’s plenty more to come in the next parts of this series. In the meantime, feel free to check out our other eye-opening content pieces on Insentra Insights.

Until next time, Pure Awesomeness signing off! 

“My attitude is that if you push me towards something that you think is a weakness, then I will turn that perceived weakness into a strength” – Michael Jordan