Step by Step Guide on How to Implement DLP Policies in your Organization

Step by Step Guide on How to Implement DLP Policies in your Organization

DLP is the practice which prevents the data breaches from the organization by detecting and blocking or encrypting it with the rules set by the administrator. Organization may have many sensitive information such as financial data, credit card numbers, social security numbers etc. Implementation of DLP policy will protect this sensitive data and to reduce the risk of accidently or inappropriately sharing it with unauthorized people. Below are the steps on how to implement DLP Policy in your organization to block the sensitive information types (credit card number) when shared via Exchange Online.

Go to “Admin Portal

From the “Admin Center”, click on “Compliance” to open the “Compliance portal”.

On “Compliance portal”, click on “Data loss prevention”.

I have already created two policies Teams and Device. Let’s create a new policy for Exchange Online by clicking on “Create policy”.

Since we are going to create custom policy, select “Custom” and click “Next

Enter the “Name of the Policy”, “Description” and click on “Next

In this demonstration, we will only choose the location to apply the policy in exchange online. You can also choose all the location at once or you can create separate policy for each location. Here, we have included all the members and have excluded none but if you want this rule to be applied to certain groups or users you can select accordingly and click on “Next”.

Select “Create or customized advanced DLP rules” and click “Next”.

Now, let’s create the rule for exchange online by clicking on “Create rule

Enter the “Name of the rule” and “Description

Now add the condition, by clicking on “+ Add condition”. On clicking on “Add Condition” , you will see several options but for this demonstration we will choose “Content contains”.

Now click on “Add” as highlighted in the below picture.

On clicking “Add”, you will again have three options to choose but for this demonstration we will select “Sensitive info types”.

After choosing the “Sensitive information types”, you are now required to choose “sensitive information types”.

In this demonstration, we will choose “Credit Card Number”. Choosing “Credit Card Number” will detects the credit card when it is shared from exchange online.

By default, “Highest confidence” is selected but you will have two more options available. I.e., “Low Confidence” & “Medium Confidence”. A High confidence level returns the fewest false positives but might result in more false negatives. Low or Medium confidence levels returns more false positives but few to zero false negatives.

In this demonstration, we will choose to go forward with “Low Confidence”.

Now, we will set one more condition by clicking on “Add Condition”. This time we will choose “Content is shared from Microsoft 365”. Choosing “only with people inside my organization” will detect the content only when the content is share inside the organization and applies the rule accordingly. You can also choose “with people outside your organization”. If you want to apply the rule in both condition then you have to create two rules but, in this demonstration, we will move forward with only one rule and that will be applied “only to the people inside the organization”, when the content is share with the people inside the organization.

In the above steps,we have already set the condition i.e, “when the credit card is detected and is shared to the people inside the organisation via exchage online”.Now, lets set the action to be applied if above condition matches.For that click on “+ Add an Action” and choose “Restrict access or encrypt the content in Microsoft 365 locations”.

In this demonstration, we have already chose to detect the content only when it is shared with the people inside the organization thus if you choose “Block Everyone”, it will block the user based on the condition set above which mean the internal users will not be able to receive the emails.

You can “Turn on” or “Turn off” the user notification.

You can also add the user to whom you want the notification to be sent if the policy matches.

After configuring all the settings, click on “Save”.

We have now created the rule named “Credit Card custom policy” which will detect the content shared from M365, when shared with the people inside the organization and restrict the access inside your organization. But if you want the rule to be applied for both internal and external users create another rule and select the people outside the organization this time.

Test or turn on the policy”, it is recommended to test the policy at first but in this demonstration we will choose “Turn it right away” and click “Next”.

Now click “Submit”.

Click “Done”.

Custom policy for Outlook” has been created.

If you want to edit the policy later, then choose the policy and click on edit.

For testing I have generated a credit card number from this site. You can get a lot of site from which you can generate the credit card number for testing.

Lets see what happens when the user “Alex” tries to send the email to “Megan” internally.

The email is blocked.

Since, we have set the alert is sent to the “Admin” user, the alert is sent.

Now let’s test again by attaching the notepad with the credit card number on it. This time I have added one internal recipient and another external recipient.

On sending, the email is blocked for internal sharing whereas the outside user has received the email. Since we have only added the condition to detect the content for internal user it did not blocked the external recipient to receive the email if you want to block both then you need to add another rule in which you have to select for the external user.

Post a Comment

Previous Post Next Post