data loss prevention
210 TopicsWhitelisting domain in DLP policy
Does anyone know, if there is any way to whitelist a domain in DLP policy? The problem is that we are sharing documents from SPO site to a trusted partner domain and don't want to get the DLP warning messages for this, but at the same time don't want to take the whole site out of DLP's reach.SolvedAuto-labelling in Purview-Which license or alternatives can be used rather than E5 ?
We are considering adopting Purview for Information Protection and DLP, but we are currently on E3 licenses. Given the extensive size of our SharePoint environment, auto-labelling is crucial for applying sensitivity labels to content across wide scopes automatically. My question is, are there any alternatives to upgrading licenses to E5 or adding the Compliance Add-on? Upgrading several thousand users to E5 or the Compliance Add-on requires significant justification, and I am wondering if there are other interim solutions we could leverage for a period of one year. Any thoughts would be greatly appreciated! Thank you! KevWhat are the exact steps (the latest) to enable container support in Purview?
I've been pulling my hair out trying to figure this one for the last couple hours. Can someone help me out with the exact steps (the latest) to enable container support (SharePoint Sites, Teams, 365 Groups) in Purview? Thanks in advance !Blocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan RojasBest practice basics for Labels and DLPs to protect company data
Hello experts, I've been doing some research and testing recently on Information protection and DLP as I would like to deploy it in our organization soon. I am very new into this and found lots of useful information, but still can't answer some very basics for this topic. Would be great to get some advise from ppl that has been using it already. Below are few points that I'm a bit confused and trying to find some clarification. We use exchange online and SharePoint as primary way to exchange information with our external partners. We are licensed with M365 E3 + M365 E5 Security I will create 3-5 labels (based on my testing) and would like to have all documents labelled. For that reason, I would like to use a "default" label feature and have data labelled with that label (Internal) accessible only for internal users. Now, I could achieve it with configuring "Access Control" and allow "All users and groups in your organization" option. This is fine however I've found MS recommendation that default label should not be encrypting data. How can I then achieve that? I've seen advise to remove encryption for that label - but there is no option to remove encryption when configuring "Access Control" for specific users. Or should I just use that label to mark data and do not perform any action? and use DLP to block all emails/documents with Internal label to be shared outside organization? one of the disadvantage I've noticed during testing was that "auto-save" for documents is disabled with encrypted label. I've found that enabling "co-authoring" on tenant should solve that - so I've enabled it and will be testing tomorrow. What is the best way to restrict access between departments within an organization? Should I use Label/Sublabel (e.g. Internal\Legal) approach, or utilize DLP somehow for it? What is the recommended way? I have configured "Confidential" label with "assign permission now" and used"All users and groups in your organization" option, and I cannot select this label in Outlook 365 (when I made it a default label, the email was selected, but when changed to another one and then tried to change back to Confidential, it did not work) I have configured "Restricted" label with "Let user assign permission..." and it works fine for documents (I get a pop up windows to provide allowed users). How this works with emails? Are "allowed users" taken directly from email recipients? As I do not get extra pop up window so I believe it works that way? we are a small company with quite a few external partners - and I would need to prevent emails for abc.com to be sent to xyz.com by human error. Should I use labels access control for it? Or have kind of "external" label and use DLP to check for that label and maybe a subject that needs to mention abc and recipeint is abc.com to allow email externally? These are few very basic questions that I was not able to find answer last few days... First two are a general ones, 3 and 4 are ones that I noticed during my testing. Any advise on this would be great.2.4KViews1like17CommentsUnable to Restrict Sensitive Data Access by Microsoft Edge via Endpoint DLP Policy
Hello everyone, I've been running into a peculiar issue where actions we have configured to be blocked via our Endpoint DLP policies do not apply to the Microsoft Edge browser. Currently, we have a DLP policy configured to block attempts to access protected files by a list of restricted apps. Our restricted apps include "firefox.exe", "chrome.exe", "msedge.exe" and "msedgewebview2.exe". When the sensitive content is accessed by either Chrome or Firefox, the DLP policy works correctly (Block with override), but the policy completely refuses to work in any scenario that involves Edge. The data we are using as an example is able to be accessed by the Edge executables without restriction. Has anyone else run into this issue? It's strange to me that for some reason Edge is just completely exempt from the DLP policy actions we have implemented. Thank you!Purview Information Protection for internal and external emails
I'm working with an organisation that is starting to use sensitivity labels. They have Office 365 E3 licenses. The current plan is to set up a default label for documents and emails called "Internal Only". This label will encrypt contents and grant co-author permissions to all staff. The challenge will be when emails include external recipients. Ideally, the user will change from the default label to one that grants access to any recipients. However, I can imagine that there will be many cases where they forget to do this. If we had Office 365 E5 licenses, we would have the option to create a DLP policy to show a policy tip. I I would expect this would reduce the incidents of mislabeling. I have seen recommendations to avoid encrypting by default and only use it where needed. However this client is keen to use encryption to protect as much content as possible. One suggestion could be to change the default email label to only grant access to the sender and recipients, regardless of whether they are internal or external. I'm interested in any real-world feedback on how others have tackled this issue.Purview DLP Policy Scope - Shared Mailbox
I have created a block policy in Purview DLP and scoped to a security group. The policy triggers when a scoped user sends email that matches the policy criteria but doesnt detect when the user sends the same email from a shared mailbox. Is that a feature of Purview DLP? I had expected the policy to still trigger as email is sent by the scoped user 'on behalf of' the shared mailbox, and the outbound email appears in Exchange Admin as coming from the scoped user.New Blog | Microsoft's quantum-resistant cryptography is here
ByAabha Thipsay How we are preparing for the future of cryptography Cryptography is the science of securing information from unauthorized access or modification. It is essential for protecting the privacy and integrity of data in the digital world. However, cryptography is not static. It evolves with advances in mathematics, computer science, and technology. One of the biggest challenges that cryptography faces today is the future threat from substantially more powerful quantum computers Quantum computingleverages the properties of quantum physics, such as superposition and entanglement, operations that are impossible or impractical for classical computers. While quantum computers have the potential to help us solve some of the most complex problems in science, engineering, and medicine, they also have the potential to upend public-key algorithms, which form the foundation of today’s encryption and security for most existing information and communication technology products. Read the full post here:Microsoft's quantum-resistant cryptography is here