Welcome to Part 3 of this blog series. First I want to apologize for the delay in getting this Part 3 published, my day job got in the way a bit! If you have not already read the first two parts I recommend it prior to reading this one. In Part 1 we discussed why a company would want to use EDM and the benefits it provides. We also began the setup of EDM in our tenant. Part 2 finished up the overall configuration of EDM, specifically the rule pack file. We ended Part 2 with the upload of our datastore. We are now ready to work on the DLP Policies that will utilize the EDM sensitive info types we created.
To start creating the DLP Policies, go to the new Compliance Center, compliance.microsoft.com. This site is not 100% completed with the move away from the Security and Compliance Center (SCC), protection.office.com, but is making great progress. Once in the Compliance Center, we can check on the new Sensitive Info Types that were created as part of the EDM setup. To do this go to the Data Classification blade in the left-hand menu. Select Sensitive Info Types from the top menu and you should then be able to find the four new types we created. Two of them we already went over when setting up the Rule Pack, and the two newer ones were created once the rule pack was uploaded.
Now that we have verified the new ExactMatch custom Sensitive info types, we can build a DLP policy using them. If you do not see “Data loss prevention” on the left-hand menu, scroll all the way down to the bottom and select “Show all” Once you do this you will see all the menu items, select Data loss prevention.
Note: If you want an option to always be present in the navigation, click on “Show in Navigation” in the upper right of the screen. Now the item will always be visible in the navigation without the need to select “Show all” first.
Note: You could use the Add group button to add more Sensitive info types and require either an AND or OR criteria with the first set of sensitive info types.
Note: you can add additional conditions if you wish, but for this rule I only am configuring the Content is shared condition
20. That will bring you back to the Policy settings page again, select New rule again and give the rule a name and description
Next step is to test out the Policy and the Rules! Best to let the policy replicate for a couple hours before testing to ensure it will be fully enabled.
For testing the Policy and rules I am going to switch to login as Megan Bowen to do the test. I have logged into Office 365 as Megan and going to start by showing the Policy and rules in action via email.
Now I see the reason for the alert is that Lex.email@example.com is not authorized to receive this type of info. I also see what sensitive message type was found.
5. When I attempt to share a file that contains Sensitive Info to someone outside my organization, I am blocked from doing so as well
The above shows how the Office 365 DLP policy uses EDM data. What about Microsoft Cloud App Security (MCAS)? It is just as easy. For MCAS I will create a simple File Policy, here are the steps
I can see alerts show up in the Alerts Area
Clicking on the Top alert allows me to review the information
Clicking on the 1 Policy Match I can see the actual data the caused the file to be alerted.
This is going to wrap up the blog series. Hope you found this informative and useful when you look to integrate EDM into your DLP solution!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.