cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identifying Sensitive Information in Plans

%3CLINGO-SUB%20id%3D%22lingo-sub-675370%22%20slang%3D%22en-US%22%3EIdentifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675370%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20plans%20to%20support%20the%20Data%20Loss%20Prevention%20policies%20from%20O365%20in%20Planner%2C%20i.e.%20if%20a%20user%20enters%20sensitive%20information%20in%20a%20task%20is%20should%20be%20findable%20by%20DLP.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-675370%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPlanner%20AMA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-675488%22%20slang%3D%22en-US%22%3ERe%3A%20Identifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675488%22%20slang%3D%22en-US%22%3EThanks%20for%20your%20question%20Dean.%20We're%20currently%20working%20through%20the%20plans%20for%20these%20security%20and%20compliance%20features.%20DLP%20is%20on%20our%20radar%2C%20but%20we%20plan%20to%20start%20with%20eDiscovery%20and%20Audit%20Logs%20first.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-675530%22%20slang%3D%22en-US%22%3ERe%3A%20Identifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675530%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BIf%20our%20PMO%20went%20big%20on%20Planner%20this%20would%20be%20something%20that%20concerned%20me.%20User%20education%20only%20goes%20so%20far%2C%20a%20bit%20of%20nudging%2Fmonitoring%20via%20config%20would%20be%20useful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-675595%22%20slang%3D%22en-US%22%3ERe%3A%20Identifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6006%22%20target%3D%22_blank%22%3E%40Eray%20Chou%3C%2FA%3E%26nbsp%3B%20Here%20is%20a%20scenario%20that%20needs%20to%20addressed.%3C%2FP%3E%3COL%3E%3CLI%3EA%20team%20member%20gets%20assigned%20a%20task%20to%20gather%20Patient%20records%20or%20Custom%20credit%20information.%3C%2FLI%3E%3CLI%3Ewhen%20they%20finish%20the%20task%2C%20they%20attach%20a%20file%20containing%20the%20sensitive%20data%20to%20the%20task.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDLP%20needs%20to%20let%20the%20compliance%20people%20know%20that%20this%20has%20occurred.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-675606%22%20slang%3D%22en-US%22%3ERe%3A%20Identifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675606%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20clarification.%26nbsp%3B%20I'll%20need%20to%20verify%2C%20but%20for%20this%20specific%20case%20(DLP%20for%20attachment%20content)%20it's%20possible%20that%20SharePoint's%20DLP%20support%20would%20kick%20in%20and%20detect%20this%20case.%26nbsp%3B%20The%20DLP%20work%20we%20are%20investigating%20would%20then%20extend%20support%20to%20also%20include%20other%20Tasks%20fields%20--%20for%20example%2C%20recording%20credit%20card%20numbers%20in%20the%20Task's%20description.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-675647%22%20slang%3D%22en-US%22%3ERe%3A%20Identifying%20Sensitive%20Information%20in%20Plans%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-675647%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6006%22%20target%3D%22_blank%22%3E%40Eray%20Chou%3C%2FA%3E%26nbsp%3BYou%20are%20correct%2C%20in%20my%20scenario%2C%20the%20File%20attached%20to%20the%20task%20gets%20put%20into%20SPO%20(which%20I%20forgot%20happened)%20so%20DLP%20will%20find%20it.%20Your%20scenario%20is%20better%20than%20mine%20and%20needs%20to%20be%20covered.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Dean Gross
Respected Contributor

‎Jun 06 2019 09:24 AM

‎Jun 06 2019 09:24 AM

Identifying Sensitive Information in Plans

Are there any plans to support the Data Loss Prevention policies from O365 in Planner, i.e. if a user enters sensitive information in a task is should be findable by DLP.

Labels:
252 Views
2 Likes
5 Replies
Reply
5 Replies
Eray Chou

‎Jun 06 2019 09:35 AM

‎Jun 06 2019 09:35 AM

Re: Identifying Sensitive Information in Plans

Thanks for your question Dean. We're currently working through the plans for these security and compliance features. DLP is on our radar, but we plan to start with eDiscovery and Audit Logs first.
0 Likes
Reply
Darrel Richardson

‎Jun 06 2019 09:42 AM

‎Jun 06 2019 09:42 AM

Re: Identifying Sensitive Information in Plans

@Dean Gross If our PMO went big on Planner this would be something that concerned me. User education only goes so far, a bit of nudging/monitoring via config would be useful.

0 Likes
Reply
Dean Gross

‎Jun 06 2019 09:50 AM

‎Jun 06 2019 09:50 AM

Re: Identifying Sensitive Information in Plans

@Eray Chou  Here is a scenario that needs to addressed.

  1. A team member gets assigned a task to gather Patient records or Custom credit information.
  2. when they finish the task, they attach a file containing the sensitive data to the task.

 

DLP needs to let the compliance people know that this has occurred.

0 Likes
Reply
Eray Chou

‎Jun 06 2019 09:55 AM

‎Jun 06 2019 09:55 AM

Re: Identifying Sensitive Information in Plans

@Dean Gross Thanks for the clarification.  I'll need to verify, but for this specific case (DLP for attachment content) it's possible that SharePoint's DLP support would kick in and detect this case.  The DLP work we are investigating would then extend support to also include other Tasks fields -- for example, recording credit card numbers in the Task's description.  

1 Like
Reply
Dean Gross

‎Jun 06 2019 10:04 AM

‎Jun 06 2019 10:04 AM

Re: Identifying Sensitive Information in Plans

@Eray Chou You are correct, in my scenario, the File attached to the task gets put into SPO (which I forgot happened) so DLP will find it. Your scenario is better than mine and needs to be covered.

0 Likes
Reply