cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Enabling Data Loss Prevention, Azure Information Protection and more in Microsoft 365 Business
By
Ashanka Iddya
Published Oct 19 2018 11:04 AM 16.5K Views
Ashanka Iddya
Microsoft
‎Oct 19 2018 11:04 AM

Enabling Data Loss Prevention, Azure Information Protection and more in Microsoft 365 Business

‎Oct 19 2018 11:04 AM

 

Earlier this year, we announced several advanced security features coming to Microsoft 365 Business to help protect businesses from an increasingly complex cyberthreat landscape and safeguard their sensitive information from unintentional data leaks.

 

You can now enable features like Data Loss Prevention, Azure Information Protection, Advanced Threat Protection as described in this support article.

 

If you’ve always wondered what security features you should enable to protect against external cyber threats, we’ve also outlined the Top 10 ways to secure your environment from cyber threats using  Microsoft 365 Business. This helps provide a quick, recommended list of security tasks to undertake along with instructions on how do to enable these features.

 

 

7 Comments
John Louden
Copper Contributor
‎Oct 23 2018 02:32 PM
‎Oct 23 2018 02:32 PM

Hi Ashanka,

 

A lot of my SMB's that I demo Windows Defender ATP to love the protect right up until they see they need an E5 license. Is there any chance that M365 Business can have an Option to purchase Windows ATP? Most of the feed back from my clients has been that while they are sub 300 having a bolt would be great, once they are greater than  300 then they would most likely commit to an E5.

 

Regards

John

valerie utges
Copper Contributor
‎Nov 07 2018 01:20 AM
‎Nov 07 2018 01:20 AM

Dear all, I'm looking for a DLP use case based on AIP confidential tagging: any example? thanks

0 Likes
Like
John Louden
Copper Contributor
‎Nov 13 2018 05:15 PM
‎Nov 13 2018 05:15 PM

Hey Valerie,

 

Not sure what you're after, did you want a example of when\why to use DLP, or examples of Labels and supporting policies?

 

Regards

John

0 Likes
Like
David Bjurman-Birr
Microsoft
‎Nov 14 2018 09:39 AM
‎Nov 14 2018 09:39 AM

Hi @valerie utges,

 

You can use DLP work with AIP labels.  If you need to manually configure Exchange DLP, or a 3rd party DLP scanner that does not have native AIP integration, the key is to scan for this text:  MSIP_Label_<GUID>_Enabled=True

 

You'll need to replace <GUID> with the Label_ID guid from the AIP label you're searching for.  This is shown in AIP after the label is created.  Here's an example for my demo tenant's Confidential/All Employees label, where the guid is:  

 

AIP_GUID_Snip.JPG

 

DLP policies could then be configured to identify emails or documents containing the text: MSIP_Label_629dc3ac-05ac-4032-bc5b-3f95ac306ac3_Enabled=True 

 

Hope that helps!

 

David

valerie utges
Copper Contributor
‎Nov 15 2018 12:38 AM
‎Nov 15 2018 12:38 AM

Hi @David Bjurman-Birr

thanks for the reply! I've run some cases with labels. Now I'm facing another issue with sensitive info case regex: it's matching (user notification) but I'm not receiving any report at the emails I've put in the policy...any clue?

thanks again

best

valerie

0 Likes
Like
David Bjurman-Birr
Microsoft
‎Nov 15 2018 04:26 AM
‎Nov 15 2018 04:26 AM

Hi @valerie utges,

 

If you post more detail so that I can better understand exactly what you're trying to do and/or recreate your policy and reproduce the problem, I can probably help figure it out.

 

 

Are you having trouble with a DLP policy in Security and Compliance center?

 

If so, it's important to know that DLP works differently based on workload (Location).  For example, when using Exchange Online DLP is invoked upon message submission (when you press send) so actions related to policy matches (such as a policy tip) occur right away.  For files in OneDrive or SharePoint, it works a bit differently.  DLP is invoked when the crawler indexes content (some minutes after the file is saved) so actions related to policy matches are delayed.

 

If you want help troubleshooting a specific policy or setting, please send enough detail so that I can recreate your policy in my demo tenant and I'll see what I can do.

 

David

 

0 Likes
Like
adrien_ca
Copper Contributor
‎Dec 05 2018 08:09 AM
‎Dec 05 2018 08:09 AM

Hi !

 

I noticed that the DLP Policy is working after 3-5 minutes after an update. So if I test the new policy immediately after updating it, it doesn't work. Can anyone confirm this latency ?

And in the mail (report to an admin that a user sent a mail that matches a DLP policy), the entire mail of the user is joint to the report, including any joint files. Is there any possibility to configure to only report the matched rule in the report mail, but not the mail nor the joint file (for personal data protection, GDPR...) ?

Finally, is the system really working ? I test many configurations, but now, my rule doesn't work anymore. It used to work 4 days ago, I deactivated the DLP policy by the end of the day, and today, I reactivate it, but the mail (with content matching the sensitive data in the body of the mail or in an attached file) is sent anyway and no report mail is received by the administrator...

 

Thank you !

0 Likes
Like
Version history
Last update:
‎Oct 19 2018 11:05 AM
Updated by: