Forum Discussion
DLP in Office Excel and Word?
This sounds like https://www.microsoft.com/en-us/cloud-platform/azure-information-protection, which has an Automated data classification option that can https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-classification patterns like social security numbers and https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-protection can be applied with Azure RMS or a Do not forward option for Outlook email messages.
This does come at an extra https://www.microsoft.com/en-us/cloud-platform/azure-information-protection-features.
Cian this appears to be what I am looking for. We have a Hybrid environmanet though, only exchange is currently in the Microsoft cloud. Would this require Azure AD as well?
Have a look at this first - https://support.office.com/en-US/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e, which discusses the built-in DLP options in Office 365 and covers different uses like:
Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, and OneDrive for Business.
For example, you can identify any document containing a credit card number that’s stored in any OneDrive for Business site, or you can monitor just the OneDrive sites of specific people.
This can also work with Office programs monitoring and protecting sensitive information. You can create and manage DLP policies on the Data loss prevention page in the Office 365 Security & Compliance Center. A DLP policy can find and protect sensitive information across Office 365, whether that information is located in Exchange Online, SharePoint Online, or OneDrive for Business. You can easily choose to protect all sites or mailboxes, or just specific ones.
That overview page has lots more details including actions such as Restrict access to the content, User notifications and user overrides and Incident reports.
Now Azure Information Protection is a paid add-on with two versions P1 and P2, only the P2 version comes with automated classification, labelling, and protection. This is bundled with Enterprise Mobility + Security (EMS) - the E3 version has AIP P1 while EMS E5 comes with AIP P2.
Have a look at https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-information-protection to get a better sense of how it works through labels, classification and optionally protection. Some Office 365 licences also come with https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms, which is the protection technology used by Azure Information Protection. Here are details about the https://docs.microsoft.com/en-us/information-protection/rms-client/aip-client used to classify and protect documents and emails, or use a Rights Management service to protect data.
Azure Information Protection https://docs.microsoft.com/en-us/information-protection/get-started/requirements Azure AD. Azure Rights Management service from Azure Information Protection with on-premises servers is supported per this https://docs.microsoft.com/en-us/information-protection/get-started/requirements-servers.
