Data loss prevention

- [Instructor] Data loss prevention keeps specific items based on certain vertical markets from getting out to the internet where it shouldn't belong. It may also block things internally to keep from going to users that shouldn't have that information. And this will make a lot more sense once I show you the demonstration. So right now we're in the Microsoft 365 Compliance Admin Center at compliance.microsoft.com. And what I'm going to do is make sure I have the correct permissions in order to even perform a data loss prevention policy. If I click on roles, then I should be able to see the roles that we need in order to make this happen. Here's compliance administrator and under the assigned roles, we can see data loss prevention compliance management is among those. So if I have the rights to this particular compliance administrator role then I can perform a data loss prevention policy. Now I'm going to go to where it says, edit under members. Now, if I don't see my name there then I can go in and add it. Fortunately, it's already there. Otherwise you can click, edit and add whatever users you'd like. Now I'm going to click close knowing that I have the correct permissions, and I'm going to go to where it says data loss prevention. I'll click on policies. And now I see here that there was already one policy that was created. So I'll click on that. And this is a PCI Data Security Policy. So what this does is this is for any company that holds onto credit card information after the user runs their card for example. Most small businesses don't do this. What they do is they run it through a service that holds onto that information for them. But if you have a larger business that does hold onto the credit card information, you need to be what's called PCI compliant. So what happens is it goes into these different locations such as exchange, email, SharePoint and OneDrive and it keeps certain types of information such as a user's address and other information from getting out to the internet, and it protects your customers and it protects your business. So I'm going to click on, create a policy and we're going to see policies that have already been created for different markets. For instance, we have the financial market and we don't just see one country. We see the financial rules for multiple different countries same thing for medical and health. For the US, we see HIPAA compliance, but we see different types of compliances for different countries. And then there's also privacy policies. And we can also create a custom policy which is what I'm going to do here. So I'll choose custom and click the country or region. I can choose the US and we'll choose specific templates if we'd like to search and I'll type in financial. And click next. As you see, this helps detect the presence of certain common information you don't want to get out. You can change the name if you'd like and you can choose which type of application you'd like to apply this to. So in this case, it's applying it to all Microsoft 365 applications. Here we can see it's going to review and customize default settings such as a credit card, number, US bank account number, routing number, or we can create custom advanced rules as well. Just for demonstration purposes, I'll go with the default, and here we have the ability to edit it as well. And there's lots of information to take into account. The first one is when a content policy matches what's going to happen? So for instance, if an email goes out with information that should be blocked, the first thing that's going to happen is a tip is going to appear to the user saying you're trying to send information that shouldn't be sent. We can customize that tip information here if we click this link. The next is when we want to detect a specific amount of sensitive information that's being shared at any one time. And by default, we see at least 10 of these types of emails. I'm going to change that to one just so we can, for demonstration purposes get this to send out an alert right away. Then we have the option for sending incident reports in email. And we can choose what to include in the report and who receives it. So we see by default all these items are checks such as the name of the person, the types of information, things like that. It's going to send notifications to the site admin by default, which is me. So I should receive an email but you can click on add remove as well If you'd like. I'm going to save that and continue down the list. We have the send alerts if any of the DLP rules match. By default you and any global admins will automatically be alerted. You can customize the alert configuration If you'd like. Sending an alert every time is what I want. So I want to make sure that happens and you can choose to restrict access or encrypt the content of the Microsoft 365 locations for additional security if you'd like, I'm not going to need that so I'll click next. Here, we can once again, restrict access. We can also choose to audit or restrict activities on devices. So if we see this happen to a particular user, we can say audit only, we can choose block, we can choose block with override. An override would be when a user has a specific message that says, here's the reason why I need to be able to send this information out. I'm going to just choose to block for instance. And we'll just, we can just block on all of them if you'd like, or you can choose audit or however you'd like to do it. We can also choose to restrict third party apps to the user and restrict access or remove on premises files. We'll click next. Now we can test it out first, turn it on right away, or keep it off. I always recommend that you test it out. You don't want to turn it on right away until you know that it's going to work right or you may get a lot of phone calls from people when they try to send off emails. Here's where we can go in and edit any of the policy set up that we just did by clicking the edit links on each of these different categories, I'm going to click submit. And the policy has now been created. I'll click done. And now we can see if there's been any alerts. Besides alerts, we also see endpoint DLP settings. So if it finds any files with specific information, such as a routing number or anything else that should be blocked, then it will also scan that information as well. But you can choose exclusions for Windows and Macintosh so it won't actually look through those particular locations. You can also choose to un-allow specific applications, Bluetooth apps, and other information. Now I'm in my email and unfortunately it takes almost an hour for a DLP policy to start working. So I'm showing you DLP policies that have been triggered in the past. We can see that it sent an email alert to my inbox and we can see the Office 365 alerts. We can see the information such as the DLP policy matched for a specific email, the date and the time. Sometimes it's going to be a high level alert. Sometimes it's going to be a low level alert. So we see various different incidents reports. And then you'll also see weekly reports here. You see a weekly report, but no policies actually got matched that week, but that's okay. It's a good report to get to let us know that nothing has happened. Data loss prevention is key to making sure information about your organization is not sent out to unauthorized users and groups.