Configure Office365 for DLP

To configure Data Loss Prevention (DLP), perform the following steps:

1. Login as tenant admin to the Office 365 Admin center from or by clicking Admin from the App Launcher

2. Click on the Security & Compliance Admin Center from the Office 365 Admin center left navigation (You can also get there from using tenant admin)

3. Click on Policy  Create a policy under Data loss prevention in the left navigation in the Security & Compliance admin center

4. Find the policy or create a custom policy you need to enforce using the New DLP policy wizard (i.e. I am selecting UK Financial Data template to protect against Credit Card Numbers, EU Debit Card Numbers and SWIFT Code)

5. Provide a name for the policy

6. Select the locations – Either all locations or specific locations (Exchange, SharePoint or OneDrive) on where to protect (this is where the tips will show up as well)

7. If you choose specific locations, you get additional capabilities for Inclusions and Exclusion rules.
a. For Exchange, you can include or exclude specific distribution groups.
b. For SharePoint, you can include or exclude specific SharePoint sites.
c. For OneDrive, you can include or exclude specific OneDrive accounts. d. For Teams, you can include or exclude specific Teams accounts.

8. Select the type of content you want to protect (with people inside or outside your organization) or create more advanced rules

9. Indicate what you want to do if the rule is detected

10. Turn the rule on or test it out (it will take a little bit of time before it takes effect)

11. Review the settings and Create the rule

View the Microsoft support article for more details on sending email notifications and show policy tips for DLP policies.

Nav Malik

Add comment