MIP Data Loss Prevention Practice

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

in previous article ” we have got an overview of DLP [Data Loss Prevention ] as part of MIP [Microsoft information protection ] 

this article we will se how to configure and test DLP policy 

 

company requirement

Networks Pioneers company have the following company requirements : 

–  any email include the following: 

  • PO  Purchase order 
  • RFP Request for proposal 
  • Quotation 

if email include any words above : microsoft 365 should notify users who send email , that his email email contains sensitive information 

users will nOT denied to send email >> But notified 

also : global admin will be notified about  sent email 

DLP procedures

DLP include the following : 

privilege 

  • users who will create DLP policy : should have appropriate privilege 
  • bisan@pioneers101.onmicrosoft.com has global admin role >> which include full privilege over tenant including MIP

create sensitive information type 

we can use one of predefined 152 information type for many varias section like :

health info  , afininace info , Credit Card , personal info ,   and so on 

also we have option to create our own custom sensitive type info 

in this example we will create our own sensitive type info which

include expression for sales department to be monitored 

create DLP policy 

create DLP policy that will will notify user but NOT deny him to send email as per company requirements 

 

privileges required

as seen below : privileges required

user bisan has global admin which is full control over tenant including DLP 

bisa role

Create custom sensitive information types

as mentioned above 

microsoft 365 have about 150 predefined  sensitive informative type like : 

  • PII : Personal identifiable information 
  • PCCI : Personal Credit Card info 
  • Health information 
For Better View > Open Image in different TAB

even we can use predefined list types above 

BUT ,,,

here in networks pioneers : we will create our own custom information type that include sales department expression like : 

  • PO
  • RFP 
  • Quotation 
  • Proposal

login to https://protection.office.com 

create new sensitive information type
what ar eexpression need to be monitored
finish to create
it's very useful to test is defined list
select list type to be tested
upload text file that include any word in list
it should be detected
information type list created successfully >> move to next

create DLP policy -sales words

now it is time to create DLP policy to configure microsoft 365 to monitor and email and notify user is his email has any sensitive word or expression 

login to https://protection.office.com 

create policy
we can select from predefined above >> but select custom to select our own type
set policy name
select where to apply DLP Policy : either ALL etnant apps or selective apps >> let us to select exchange
select exchange
next
select information type to be monitored >>
select sales department expression
set accuracy level >> leave default
policy will be treggiered when any email contain 2 sensitive word or more
turn policy ON
review and finish
DLP policy created >> move to next to verify it

verify DLP policy result

login to https://protection.office.com 

normally policy will take effect after one hour max 

simply let any users in your company fore example hisham@networkspioneers.com to send email to external email [for instance maher@sawarygroup.com ] which include some sensitive expression like PO or EFP 

 

hisham send external email include sensitive information
DLP policy auto send notification to hisham that his external email include sensitive information
ALSO DLP policy auto send notification to bisan as global admin that hsham external email include sensitive information
maher@sawarygroup.com : able to receive email : since DLP policy state to notify NOT block

conclusion

this article we have seen ho to create e DLP policy to notify [NOT block users ] when his email include sensitive information 

 

next article we will mor advanced option 

please join us 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Maher Mustafa islaieh

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us