« Previous 1 2 3
Data loss prevention with Microsoft Purview
Scope of Concern
PowerShell Alternative
DLP policies can be managed and configured by PowerShell with the Exchange Online PowerShell V2 Module, which you can install and import with the commands:
Install-Module -Name ExchangeOnlineManagement Import-Module -Name ExchangeOnlineManagement
Afterward, the commands
Connect-IPPSSession -UserPrincipalNamechristian@schulenburg.co Get-DlpCompliancePolicy Get-DlpComplianceRule New-DlpCompliancePolicy New-DlpComplianceRule
let you connect to Microsoft Online and use the DLP commands, gives you all the policy information at a glance, reveals more about the existing rules, and creates new policies and rules. For more commands that let you manage DLP policies with PowerShell, see Table 2.
Table 2
PowerShell for DLP Policies
| Cmdlet | Function |
|---|---|
Get-DlpCompliancePolicy
|
Displays information about existing data loss prevention policies |
Get-DlpPolicyTemplate
|
Displays existing DLP policy templates in an Exchange organization |
Get-DlpDetailReport
|
Lists details of DLP rule matches for Exchange Online, SharePoint Online, and OneDrive for Business for the last 30 days |
Get-DlpDetectionReport
|
Displays a summary of DLP rule matches for Exchange Online, SharePoint Online, and OneDrive for Business for the last 30 days |
New-DlpCompliancePolicy
|
Creates a DLP policy in an Exchange organization |
Remove-DlpCompliancePolicy
|
Removes an existing DLP policy |
Remove-DlpComplianceRule
|
Removes an existing DLP rule |
Set-DlpPolicy
|
Modifies a DLP policy in an organization |
Creating Exceptions
Not every email with confidential information should be blocked outright. Employees have several ways to send messages or store data. For example, you can define a policy for the locations stating to whom they apply or do not apply. The filters have a different effect depending on the location: Exchange uses distribution groups to control adding and blocking, whereas SharePoint uses sites to differentiate.
Exceptions can also be created directly in a rule. Note that each location can offer different exceptions. If multiple locations are selected, only exceptions that apply to all locations can be configured. For example, the recipient, file extensions, and document name can be selected here. Once you have selected all locations for monitoring, don't be surprised to see the option to add exceptions grayed out.
If you do not have an exception from the outset, you can configure an override for the end user. To do so, enable the Allow overrides from M365 services item in the rule settings. Optionally, a business justification can be requested in the process. A policy can be overridden if an employee has reported it as a false positive. Overriding is done from the policy tip client-side.
An option in Outlook and Teams lets you bypass the policy when composing a message. In the window, you specify the reason for overriding to enable sending, which means that users in Exchange, SharePoint, OneDrive, and Teams can override DLP policies, if needed. The Compliance Manager is, of course, informed about the exception in the Justification text in the status report. DLP policies provide a sufficient choice of exceptions for senior management or specialist departments that have to work with sensitive data all the time so that they are not hindered in their daily tasks.
Conclusions
DLP policies provide a quick way to check the daily flood of data from various Microsoft services for compliance with on-board tools. On the positive side, the variety of locations that can be included in a single policy makes the setup fast and clear-cut.
Infos
- Microsoft Purview overview: https://learn.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide
- DLP policy templates: https://learn.microsoft.com/en-us/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide
- Microsoft compliance: https://compliance.microsoft.com/homepage
- License overview of the required compliance components: https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
- Local M365 scanner: https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Legal or litigation hold and eDiscovery in Microsoft Teams
A comprehensive suite of tools and features support legal or litigation hold and eDiscovery in Microsoft Teams. -
Retention labels in Office 365
The Office 365 Security & Compliance Center provides a unified interface for managing policies and security settings, including retention labels, which specify how data is handled for compliance with internal policies, data protection laws, and tax legislation. -
Microsoft 365 and Teams settings and security
Office 365 and Microsoft Teams come with useful settings for setting up communication channels and securing environments. -
Reducing your attack surface
Windows Defender Application Control protects systems against threats that traditional virus scanners and signature-based mechanisms cannot detect by restricting applications in the user context and reducing the code allowed in the system kernel. -
Group policies on Windows Server 2022
We discuss how to manage and secure clients with group policy object templates and look at some recommendations from various governmental and non-governmental security advocates.