Business Data Loss Prevention

Ensure that sensitive data is not lost, misused, or accessed by unauthorized users. Microsoft 365 Data loss prevention (DLP) helps to protect business data. Learn how an IT partner can help apply this set of tools and processes.



Protection Through Data Loss Prevention

All businesses have sensitive information under their control. Your sensitive business data could contain financials. Or proprietary data, credit card numbers, health records, and social security numbers.

To protect sensitive data and reduce risk, your business needs a way to prevent users from sharing it with people who shouldn't have it. This practice is data loss prevention (DLP). The term Data loss prevention (DLP) refers to a set of software tools and processes. These tools protect sensitive data. And ensure that it is not lost, misused, or accessed by unauthorized users.

A certified IT partner can help. Microsoft 365 delivers data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:

    • Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive.
    • Office applications such as Word, Excel, and PowerPoint
    • Windows 10 endpoints
    • Non-Microsoft cloud apps
    • On-premises file shares and on-premises SharePoint.

Microsoft 365 detects sensitive items by using deep content analysis, not by a simple text scan. DLP uses machine learning algorithms and other methods to detect content that matches your DLP policies.


Protection Through Data Loss Prevention Infographic

Graphic provided by Crazy Egg


Protective actions of DLP policies

Microsoft 365 DLP policies track the activities that users take on sensitive items. As well as sensitive items in transit, or sensitive items in use and take protective actions.

When a user attempts to take action that breaks the policy, DLP can take action at the moment.

As an example, if a user was copying a sensitive item to an unapproved location. Or sharing medical information in an email or other conditions laid out in a policy, DLP can:

  • show a pop-up policy tip to the user that warns them that they may be trying to share a sensitive item.
  • block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification.
  • block the sharing without the override option
  • for data at rest, sensitive items can be locked and moved to a secure quarantine location for Teams chat, the sensitive information will not be displayed

Planning for DLP

The adoption of DLP may require a change to your business processes. and there will be a culture shift for your users if your team is new to data loss prevention practices.


Technology planning for DLP

DLP can track and protect your data at rest. And while the data is in use. As well as data in motion across all Microsoft 365 services. Including Windows 10 devices, on-premises file shares, and on-premises SharePoint. The leadership team will need to consider the type of data you want to monitor and protect, and the actions to be taken when a policy breach occurs.


Preparing for Data Loss Prevention

DLP policies can be applied to data at rest, data in use, and data in motion in locations, such as:

  • Exchange Online email
  • SharePoint Online sites
  • OneDrive accounts
  • Teams chat and channel messages
  • Microsoft Defender for Cloud Apps
  • Windows 10 devices
  • On-premises repositories

Data Loss Prevention Alerts Dashboard

All DLP monitored activities are recorded to the Microsoft 365 Audit log. When DLP takes an action on a sensitive item, you can be notified of that action via a configurable alert.

Use the DLP Alerts dashboard to configure alerts, review them, triage them, and track the resolution of DLP Alerts.


Our team can help, contact us here.