« Previous 1 2 3
Data loss prevention with Microsoft Purview
Scope of Concern
PowerShell Alternative
DLP policies can be managed and configured by PowerShell with the Exchange Online PowerShell V2 Module, which you can install and import with the commands:
Install-Module -Name ExchangeOnlineManagement Import-Module -Name ExchangeOnlineManagement
Afterward, the commands
Connect-IPPSSession -UserPrincipalNamechristian@schulenburg.co Get-DlpCompliancePolicy Get-DlpComplianceRule New-DlpCompliancePolicy New-DlpComplianceRule
let you connect to Microsoft Online and use the DLP commands, gives you all the policy information at a glance, reveals more about the existing rules, and creates new policies and rules. For more commands that let you manage DLP policies with PowerShell, see Table 2.
Table 2
PowerShell for DLP Policies
Cmdlet | Function |
---|---|
Get-DlpCompliancePolicy
|
Displays information about existing data loss prevention policies |
Get-DlpPolicyTemplate
|
Displays existing DLP policy templates in an Exchange organization |
Get-DlpDetailReport
|
Lists details of DLP rule matches for Exchange Online, SharePoint Online, and OneDrive for Business for the last 30 days |
Get-DlpDetectionReport
|
Displays a summary of DLP rule matches for Exchange Online, SharePoint Online, and OneDrive for Business for the last 30 days |
New-DlpCompliancePolicy
|
Creates a DLP policy in an Exchange organization |
Remove-DlpCompliancePolicy
|
Removes an existing DLP policy |
Remove-DlpComplianceRule
|
Removes an existing DLP rule |
Set-DlpPolicy
|
Modifies a DLP policy in an organization |
Creating Exceptions
Not every email with confidential information should be blocked outright. Employees have several ways to send messages or store data. For example, you can define a policy for the locations stating to whom they apply or do not apply. The filters have a different effect depending on the location: Exchange uses distribution groups to control adding and blocking, whereas SharePoint uses sites to differentiate.
Exceptions can also be created directly in a rule. Note that each location can offer different exceptions. If multiple locations are selected, only exceptions that apply to all locations can be configured. For example, the recipient, file extensions, and document name can be selected here. Once you have selected all locations for monitoring, don't be surprised to see the option to add exceptions grayed out.
If you do not have an exception from the outset, you can configure an override for the end user. To do so, enable the Allow overrides from M365 services item in the rule settings. Optionally, a business justification can be requested in the process. A policy can be overridden if an employee has reported it as a false positive. Overriding is done from the policy tip client-side.
An option in Outlook and Teams lets you bypass the policy when composing a message. In the window, you specify the reason for overriding to enable sending, which means that users in Exchange, SharePoint, OneDrive, and Teams can override DLP policies, if needed. The Compliance Manager is, of course, informed about the exception in the Justification text in the status report. DLP policies provide a sufficient choice of exceptions for senior management or specialist departments that have to work with sensitive data all the time so that they are not hindered in their daily tasks.
Conclusions
DLP policies provide a quick way to check the daily flood of data from various Microsoft services for compliance with on-board tools. On the positive side, the variety of locations that can be included in a single policy makes the setup fast and clear-cut.
Infos
- Microsoft Purview overview: https://learn.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide
- DLP policy templates: https://learn.microsoft.com/en-us/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide
- Microsoft compliance: https://compliance.microsoft.com/homepage
- License overview of the required compliance components: https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
- Local M365 scanner: https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.