United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

Hugh Roberts - 23.03.2018

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

Data Loss Prevention (DLP) is a huge topic and with GDPR and privacy legislation in Australia, data breach notification is mandatory and leaks are newsworthy. People who leak are becoming martyrs – just think about Edward Snowden and Julian Assange.

Implementing a custom DLP policy in Office 365 is a bit of a learning curve, it involves importing a custom XML, working with RegEx and A LOT of testing. We found that, even for a single word it can be tricky and not work as expected.

WHERE IT SHINES

DLP is extremely useful in cases where the word or phrase isn’t common or is unique to your business such as a credit card number, unique employee ID or top-secret file naming convention.

Here is a sample XML file for detecting a string “#TOP-SECRET#”. This should be unique enough that it won’t trigger unnecessarily (its case sensitive) and you can put this classification in your top-secret documents. The string in the entity is a normal Regex expression which means it’s extremely powerful. There are also ways to match data to other nearby data such as a Credit Card number and the expiry date but for this blog we are keeping it simple. I won’t go into explaining the XML as there is a good guide here.

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phraseUnited States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

Steps to use the new rule

1. Import the rule to Office 365 DLP (Connect to Office 365 Security and Compliance PowerShell first)

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

2. Logon to the Security and Compliance Center and click on Policy -> Create a Policy

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

3. Choose a Custom Policy and click Next

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

4. Name your policy and give it a description

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

5. Choose where to protect your content, for this test we will protect all data (SharePoint, OneDrive and Exchange)

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

6. On the policy settings screen – choose “Edit”

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

7. Drop down the menu and choose “Sensitive Information Types”

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

8. Click on “Add” then choose the sensitive information type you imported

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

9. Leave the accuracy Min and Max at 100 as this is an exact match scenario and click “Save”

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

10. Customize the notification settings with your rule to match what you require – make sure you put the “Detect when content that’s being shared contains” down to 1 instance – otherwise it will be hard to trigger this rule

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

11. Review the settings of the rule and click on “Create” – Then wait at least 15-30 minutes before testing the rule.

The rule will then block your email based on the conditions you set!

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

THINGS TO BE AWARE OF

  • DLP takes time to scan so, in a large email with an attachment of 30 pages, looking for a specific word could take a long time.
  • Sometimes scans don’t finish and an email is sent, triggering a bounce back once the scan finished.
  • DLP, if not configured well it can trigger far too often.

OWN UP TO YOUR LEAKS OR FACE CONSEQUENCES!

Given the new legislation around the globe, every business needs to take note of DLP right now. The implications are significant:

“In a stark departure from previous privacy legislation in Europe or elsewhere, the GDPR authorizes regulators to levy remarkably steep fines in amounts exceeding 20 million euros or four percent of annual global turnover, whichever is higher.”

Recently we have been testing these scenarios as we are working towards compliance baselines and they have already made their mark. Don’t worry – we don’t name things top secret.

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Office 365 Data Loss Prevention (DLP) – Setup for a simple phrase

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.