introduction
in previous article ” we have got an overview of DLP [Data Loss Prevention ] as part of MIP [Microsoft information protection ]
this article we will se how to configure and test DLP policy
company requirement
Networks Pioneers company have the following company requirements :
– any email include the following:
- PO Purchase order
- RFP Request for proposal
- Quotation
if email include any words above : microsoft 365 should notify users who send email , that his email email contains sensitive information
users will nOT denied to send email >> But notified
also : global admin will be notified about sent email
DLP procedures
DLP include the following :
privilege
- users who will create DLP policy : should have appropriate privilege
- bisan@pioneers101.onmicrosoft.com has global admin role >> which include full privilege over tenant including MIP
create sensitive information type
we can use one of predefined 152 information type for many varias section like :
health info , afininace info , Credit Card , personal info , and so on
also we have option to create our own custom sensitive type info
in this example we will create our own sensitive type info which
include expression for sales department to be monitored
create DLP policy
create DLP policy that will will notify user but NOT deny him to send email as per company requirements
privileges required
as seen below : privileges required
user bisan has global admin which is full control over tenant including DLP
Create custom sensitive information types
as mentioned above
microsoft 365 have about 150 predefined sensitive informative type like :
- PII : Personal identifiable information
- PCCI : Personal Credit Card info
- Health information
even we can use predefined list types above
BUT ,,,
here in networks pioneers : we will create our own custom information type that include sales department expression like :
- PO
- RFP
- Quotation
- Proposal
login to https://protection.office.com
create DLP policy -sales words
now it is time to create DLP policy to configure microsoft 365 to monitor and email and notify user is his email has any sensitive word or expression
login to https://protection.office.com
verify DLP policy result
login to https://protection.office.com
normally policy will take effect after one hour max
simply let any users in your company fore example hisham@networkspioneers.com to send email to external email [for instance maher@sawarygroup.com ] which include some sensitive expression like PO or EFP
conclusion
this article we have seen ho to create e DLP policy to notify [NOT block users ] when his email include sensitive information
next article we will mor advanced option
please join us