We are witnessing the proliferation of different types of data and access points, coupled with an ever-evolving regulatory landscape, with hybrid work being the new normal. Additionally, the solution landscape is fragmented, with most organizations using several solutions and custom integrations to meet their data protection needs. A recent survey by MDC Research showed that to meet their compliance and data-protection needs, almost 80% had purchased multiple products, and a majority had purchased three or more . Stitching together disparate solutions is not only resource-intensive but also could lead to potential blind spots and gaps in an organization’s data protection strategy. At Microsoft, we are committed to providing a unified and comprehensive solution that can help you prevent the loss of your sensitive data with Microsoft Purview Data Loss Prevention (DLP).
Microsoft Purview DLP helps users make the right decisions and take the right actions while using sensitive data, helping balance security and productivity. Microsoft Purview DLP is managed as a single, integrated, and extensible offering that allows organizations to manage their DLP policies from a single location and has a familiar user experience for both administrators and end-users. DLP is easy to turn on with protection built-in to Microsoft 365 cloud services, Office apps, Microsoft Edge (on Windows and Mac), and on endpoint devices. DLP controls can also be extended to the Chrome browser through the Microsoft Purview extension for Chrome and to various non-Microsoft cloud apps such as Dropbox, Box, Google Drive, and others through the integration with Microsoft Defender for Cloud Apps.
Today, we are excited to announce several new capabilities in Microsoft Purview DLP focused on granular policy configuration and context for post-incident investigation on endpoint devices.
These capabilities help organizations balance security and productivity, which is critical to building a comprehensive data protection strategy and addressing the challenges of a modern workplace.
Contextual evidence for DLP policy matches on endpoint devices
We have heard from customers that effectively managing and triaging alerts from any DLP solution is challenging. Organization want to be able to take remedial action quickly, which requires visibility into the sensitive content that triggered the alert as well as context around the content. Currently, as part of the DLP investigation experience for emails, messages on Teams or for files in SharePoint or OneDrive for Business, DLP admins can view the contextual evidence, including the matched sensitive content and the surrounding characters, in addition to the other metadata.
We are excited to share that contextual evidence will now be available for DLP incidents and alerts for sensitive files on endpoint devices in public preview. You can see the contextual evidence for Microsoft Office and PDF files match on endpoint devices in three places:
This capability will be available in customers’ tenants within the next month.
Granular controls for policy integration
A key part of comprehensive data protection strategy is to balance security with productivity, which has made granular policy controls a key requirement for all organizations. Currently, DLP provides the ability to enforce restrictions on potential egress activities such as print, copy to removable storage, copy to network shares, and upload to cloud sites on endpoint devices. We are excited to announce several capabilities that provide granular controls to prevent exfiltration through common egress channels in preview.
With these new capabilities DLP administrators will be able to create groups of printers, removable storage such as USB devices, network share paths, and sensitive sites and assign different restrictive actions such as block, block with override, or audit to each group as you define your DLP policies. As an example, you can configure your policy to block printing on all printers with the exception of audit as the restriction level if the printing destination is your corporate office printers, thereby allowing your employees to print certain content only through authorized printers. To add a printer device to a group, you can use the device name, printer PID or VID, IP range or options like file printer, universal printer or corporate printer to choose the appropriate device. Similar granular policy configurations can be created for groups of removable storage, network share paths, and sensitive sites.
We understand that effectively managing your sensitive data across the digital landscape is critical to be able to design complex policies that allow for exceptions. We are excited to announce the public preview of configuring network location exceptions. With this capability, you will be able to configure different enforcement restrictions based on the network you are logged into. As an example, you will be able to enforce different restrictions for corporate networks or VPNs. You can configure VPN addresses under VPN settings in Endpoint DLP settings.
These capabilities, including groups of printers, removable storage, network share path, sensitive sites, and configuring network location exceptions will be available in customer’s tenants in the next month. If you are interested in early access, please register your tenants here and attend this webinar to learn more.
We are also announcing a public preview of support for complex conditions in policy authoring. With this capability, you can create nested groups with AND / OR associations between conditions. You can also add exceptions to the groups using the NOT association. In the example below, we have built a condition to detect the presence of credit card numbers in an email unless the email is sent from the Finance team or is sent to fabrikam.com. Learn more here.
The fourth capability in this category is the public preview of support for password protected files, allowing you to detect the presence of password protected files on the endpoint devices and configure specific restrictions for these files. This can be done by leveraging the condition “Document or attachment is password protected,” which detects the presence of password protected Office, PDF, or .zip files. Learn more here.
Enhancements to DLP for Microsoft Teams
We are also excited to share new enhancements to DLP for Microsoft Teams, which allows users to protect against sensitive data exfiltration through Teams chat and channel messages. We have made significant improvements to Teams DLP message processing with our improvements in the speed of detecting and classifying sensitive content shared on Teams chat and channel messages, to enforce DLP policies (in public preview). This means that users will experience a reduced latency of Teams DLP blocking the sharing of sensitive content. Additionally, users will be able to extend your Teams DLP policies to cover additional workloads such as SharePoint Online and OneDrive for Business with one click, helping extend protection across their digital estate without having to create duplicate policies. Learn more about DLP for Teams here.
These new features in Microsoft Purview DLP will start rolling out to customer tenants within the next few weeks.
We are also announcing the general availability of several capabilities:
DLP now supports 100+ file types on Exchange Online and 80+ file types on SharePoint and OneDrive. Learn about our latest announcements in Microsoft Purview Information Protection here.
We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial of Microsoft Purview. All you need is a Microsoft 365 E3 subscription!
In addition to these exciting assets, you can sharpen, expand, and discover new skills and earn a free certification exam by completing one of seven unique Collections on Microsoft Learn. The challenge is on until November 9.
We look forward to your feedback!
The Microsoft Purview Information Protection Team
 February 2022 survey of 200 US compliance decision-makers (n=100 599-999 employees, n=100 1000+ employees) commissioned by Microsoft with MDC Research
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.