Get Guidance on How to Work with Office 365 DLP

Ugra Narayan Pandey | August 9th, 2018 | How to, Security

Enterprises have to prevent their sensitive information from leakage and protect it from Cyber attacks for complying industry regulations and standards. Financial information or PII like social security numbers, health records, etc., can be categorized under sensitive content. It is possible to identify, monitor, and protect confidential data in Microsoft Office 365. Microsoft security team offers Office 365 DLP policy in security and compliance center. Administrators can create DLP policy in Office 365 and make use of it to protect secretive data. This blog will give knowledge on how OneDrive DLP works and assist you in using the policy with its best.

What Does Office 365 DLP Policy Contains?

Following basic things are present in Office 365 DLP:

  • Location of the content where protection is to be applied, like OneDrive, SharePoint Online, and Exchange Online for Business.
  • When and how content is to be protected with enforcement of rules, which comprises of:
    • Conditions – Before enforcing the rule, this data should be matched. For example – search only for the data that comprises credit card numbers.
    • Actions – When the matching result is positive, immediate action that is specified in the policy is taken. For example – block user access to the file and rapidly, send a notification to the compliance officer.

Be a smart administrator by using the rule to meet particular protection requirement and then, use a OneDrive DLP policy to integrate with common security requirements.

Choose Correct Sensitive Information

Data Loss Prevention Policy helps in preventing confidential data, which is categorized under sensitive information type. Microsoft Office 365 is having several definitions for types of sensitive information. These definitions are dependent upon the client’s region. When Office 365 DLP policy searches for secretive content like credit card number, it not only scans 16-digit number. There is a perfect definition of each type of sensitive information and then, they are being detected through the combination of:

  • Validation of checksums or composition through internal codes
  • Regular expressions evaluation for finding matching patterns
  • Keywords
  • Examination of other contents

An accurate combination increases the accuracy degree, eliminating the false notifications that interrupt user’s work.

Create Priority List to Process OneDrive DLP Rules

At the time of creating rules in a policy, each rule should be allocated with a priority. This needs to be dependent on the creation time – first rule must be on first priority, second on second priority, and so on. The priority cannot be modified when they are completely created. Well, processing of rules in the priority manner begins when evaluation of data against rules get started. In case content matches several rules then, rules are executed in defined priority and accordingly the actions are enforced. For example – A content matches the below shown screenshot’s rules then, Rule number 3 gets enforced because it is on highest priority:

Office 365 DLP Policy

From the example, try to understand that all rules are audit in logs and then, displayed in the Office 365 DLP reports. In respect of policy tips, ensure that:

  • Most protective rules will be listed only at the highest priority. Suppose a policy from a rule blocks access to files will send a notification to administrator. This will prevent individuals from policy tips cascade.
  • If people are overriding the rule in policy tips then, it might hamper the security maintained by the organization.

How OneDrive DLP Policies Working Take Place?

Data loss prevention policies identify the confidential data through deep content analysis. The analysis procedure exhibits multiple activities like dictionary matching, keyword matching, internal operations, and all approaches needed to match Office 365 DLP policies. Only a small data percentage is categorized as sensitive. A OneDrive data loss prevention policy is having capability of identifying, monitoring, and protecting only the data, which is under the type of sensitive information. It will not hamper the ongoing work or stored business content in MS Office 365.

When you are done with Office 365 DLP creation in Security & Compliance Center, it gets archived in store of the central policy. Automatic synchronization procedure takes place with various sources of the content, like:

  • Microsoft OneDrive for Business sites
  • Exchange Online
  • Outlook on web
  • Office 2016 PC programs
  • SharePoint Online sites

If the policy is synchronized at the correct location then, it begins evaluation and enforce actions.

Take Permissions to Create DLP Policy

Compliance team members need to take permissions to program OneDrive DLP policies. By default, the tenant administrator is having permission to access the DLP policy. The same admin is also having right to give permission to other people to access the Security & Compliance center. But, such administrators should ensure that they are not giving all tenant admin permissions to the users. You can refer following guidelines while giving permissions to other people:

  • Create a Microsoft Office 365 group and append compliance officers in that group
  • In the Security & Compliance center, go to Permissions page and create the role group
  • Now add MS Office 365 group to the role group

All these permissions are demanded either to create or apply Office 365 DLP policy. It does not have any functioning associated with policy enforcement.


In majority cases, it is popularly stated line that the cyber threat occurred because of the end user wrong actions. OneDrive DLP solution helps in controlling and guiding the industry information and its content. If all goes well from the service provider and an end user side then, none of the attacks can cause harm to business growth.