In my previous blog post I explained how to protect sensitive email data using Azure information protection. Using data classifications and policies we can prevent users from sharing sensitive information via email. You can read more about it using https://www.rebeladmin.com/2019/01/step-step-guide-protect-confidential-emails-using-azure-information-protection/. Azure information protection can do many things to protect sensitive data in an organization. Email protection is just one feature of it. it even can protect data in hybrid environments.
Data loss prevention (DLP) policies also capable of preventing sensitive data sharing via email. But it is only applying to office 365 services. Also, it doesn’t include classification, it only works with real-time data. let’s see some of the capabilities of DLP policies.
• Support pre-defined data patterns on custom data patterns – Organizations can use pre-defined data patterns comes with DLP policies such as U.S Financial Data, HIPPA or create custom patterns to identify different type of data across different locations such as Exchange Online, OneDrive etc.
• Educate Users – Using DLP policies we can send notifications to senders in a policy breach. These notifications will include, data types, reason for block etc. So next time users can prevent doing it.
• Reporting – DLP policy can send detailed email report to administrators in a policy breach.
• Support Office Apps – DLP policies supports Office 2016 and later desktop clients.
In today demo I am going to setup a DLP policy to detect credit card details in emails. Also, if someone try to send it to external user via email, policy should block it. in policy breach it will send notification to sender and a detailed report to administrator.
1. To start, log in to https://portal.office.com as Global Administrator & open Admin Center
2. Then go to Admin Centers | Security and Compliances
3. It will open up a new window, in there go to Data loss prevention | Policy
4. Then click on Create a policy