Microsoft Purview Data Loss Prevention (DLP)
As we have identified in our previous blogs, information is the most valued asset for organizations. Loosing information causes big damage to the organization not only economically, but also in terms of the trust. That’s why Security and Compliance administrators should implement restrictions to mitigate data leaks. But before mitigating something, we need to define it.
What’s a data leak?
When sensitive data is disclosed to an unauthorized third party, it’s considered a “data leak” or “data disclosure.” The terms “data leak” and “data breach” are often used interchangeably, but a data leak does not require the exploitation of a vulnerability. Here are some examples of data breaches that can happen:
- Sending information to the wrong recipient: the biggest cause of data leaks is sending sensitive data to the wrong person
- Unsafe servers: It is not only important to send data securely, but it should also be stored securely.
- Lack of the right encryption: Encryption is one thing, but applying it properly is equally important.
Microsoft Purview Data Loss Prevention
Microsoft Purview Data Loss Prevention is the Microsoft Solution for DLP. It detects sensitive items by using deep content analysis, not by just a simple text scan. Content is analyzed for primary data matches to keywords, by the evaluation of regular expressions, by internal function validation, and by secondary data matches that are in proximity to the primary data match. Beyond that DLP also uses machine learning algorithms and other methods to detect content that matches your DLP policies.
In Microsoft Purview, administrators can implement data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:
- Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive
- Office applications such as Word, Excel, and PowerPoint
- Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) endpoints
- non-Microsoft cloud apps
- on-premises file shares and on-premises SharePoint.
No matter where DLP is applied, users have a consistent and familiar look and feel they are already accustomed to the applications and services they use every day.
DLP Policies are created based on Rules, there administrators can define:
- Conditions that when matched, trigger the policy
- Exceptions to the conditions
- Actions to take when the policy is triggered
- User notifications to inform your users when they’re doing something that triggers a policy and help educate them on how your organization wants sensitive information treated
- User Overrides when configured by an admin, allow users to selectively override a blocking action
- Incident Reports that notify admins and other key stakeholders when a rule match occurs
- Additional Options which define the priority for rule evaluation and can stop further rule and policy processing.
Microsoft Purview Data Loss Prevention (DLP) policies can take protective actions to prevent unintentional sharing of sensitive items. When an action is taken on a sensitive item, you can be notified by configuring alerts for DLP. The DLP alert management dashboard shows alerts for DLP policies on these workloads:
- Windows 10 devices
Protecting data and preventing data leaks is a constant challenge for most organizations, particularly with the rapid growth of new data created by users, devices, and services. Administrators can add another layer to their information security by combining DLP policies, communication compliance Policies and Insider Risk policies. By doing that organizations will gain a strong protection against Data leaks.
At VNEXT iQ, our Microsoft solution experts highly recommend the use of DLP policies to protect your organization. The process of planning to integrate data loss prevention varies from case to case. The defining factors are unique business needs, goals, resources. Reach out to VNEXT experts here to support you during the enablement of Microsoft Purview Data Loss solution for your enterprise.