How to Enable / Configure DLP Policy in Office 365?

admin | December 4th, 2017 | Data Loss Prevention

Office 365 comes with a set of templates for Data-Loss-Prevention (DLP) policies that can be used as it is or can be customized as per the organization’ specific compliance requirements. Microsoft Office 365 includes over 40 ready-to-use templates (for DLP policy) that can be used for many of the standard protocols like GLBA, PCI-DSS, U.S PII or HIPAA.

Steps to Create DLP Policy from an Available Template

To Select a Template

  • Go to https://protection.office.com
  • Sign in to Office 365 account
  • This will land you in Office 365 Security & Compliance Center
  • In the left navigation pane, go to Data Loss Prevention
  • Then Policy
  • Then + Create a policy
  • The template list is shown
  • Choose the DLP policy template that suits your organization security
  • And then Next has to be clicked

To Select Locations

  • To select the locations where the DLP policy has to protect data, choose All-locations-in-Office-365
  • And now click Next
  • Or choose Let-me-choose-specific-locations
  • Then click Next
  • Choose Use advanced settings
  • And now click on Next

To Edit Rules for DLP Policy

  • Each DLP policy template comes with predefined rules and actions that act upon the specific types of sensitive information. These can be edited or new ones can be added. In the advanced settings, there are buttons either to Edit Rule or Delete Rule.
  • An example of the predefined rule would be like – Low volume of content detected and the predefined rule for that would be – Notify users with email and policy tips. You can edit the rule and add – Restrict access to the content.
  • Each predefined rule comes with its sensitive information types. This can also be edited by selecting Add or Change types -> Add in the Conditions section.
  • To change the count that is the number of instances required to trigger the rule, under Instance count, choose the minimum and the maximum value for each type.
  • Sometimes you may need to override the blocking action to valid users who enter false information accidentally. Go to User notifications and you will get to see that the email notifications and policy tips are turned on by default for this rule. In the User overrides section below, ‘Require a business justification to override’ is turned on by default. Check the option ‘Override the rule automatically if they report it as a false positive’ which is turned off by default.
  • The name of the default rule can be changed as per the rule that has been edited. Now after all the changes are made, click on the Save button at the bottom of the rule editor.
  • Once again review the conditions and actions for the rule and click on Next.
  • Notice the Status switch for the edited rule on the right. If the switch is turned off for an entire policy, then all the rules in the policy also get turned off automatically. But in Office 365 DLP template, a specific rule can be turned off without turning off the entire policy.

To Turn On the Policy

  • In the next page read all the instructions and suggestions carefully. You can choose to turn on the rule or take a test at first.
  • When you start in test mode without policy tips, you can use the DLP reports assessing the impact and fine tune the rules as needed. In test mode, the productivity of the employees will not be impacted.
  • In Test mode with Notifications and Policy Tips, you can begin to teach the users and prepare them for the rules to be applied. You can ask users to report false positives so that rules can be tweaked and refined.
  • When you Turn-On the policy, rules get enforced and the data content gets protected. You can monitor the DLP reports making sure that you have achieved data security that you intended to.
  • Once you have reviewed your settings for the policy, Create has to be chosen.

To Turn Off the Policy

  • If you decide to edit or delete the DLP policy at a later stage, on the Policy Page, select the policy.
  • And then click on either Edit Policy or Delete Policy.