Use data loss prevention policies for non-Microsoft cloud apps
You can scope DLP policies to Microsoft Defender for Cloud Apps to monitor, detect, and take actions when sensitive items are used and shared via non-Microsoft cloud apps.
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Before you begin
Before you start using DLP policies, confirm your Microsoft 365 subscription and any add-ons. To access and use this functionality, you must have one of these subscriptions or add-ons:
- Microsoft 365 E5
- Microsoft 365 E5 Compliance
- Microsoft 365 E5 Security
The user who creates the DLP policy should be a:
- Global administrator
- Compliance administrator: assign in Microsoft Entra ID
- Compliance data administrator: assign in Microsoft Entra ID
Prepare your Defender for Cloud Apps environment
Before you configure DLP policies scoped to Microsoft Defender for Cloud Apps, you must prepare your Defender for Cloud Apps environment. For instructions, see Quickstart: Get started with Microsoft Defender for Cloud Apps.
Connect a non-Microsoft cloud app
To use a DLP policy that's scoped to a specific non-Microsoft cloud app, the app must be connected to Defender for Cloud Apps. For information, see:
After you connect your cloud apps to Defender for Cloud Apps, you can create DLP policies for them.
Create a DLP policy scoped to a non-Microsoft cloud app
Refer to Create and Deploy data loss prevention policies for the procedures to create a DLP policy. Keep these points in mind as you configure your policy:
- Turn on the Microsoft Defender for Cloud Apps location.
- To select a specific app or instance, select Choose instance. If you don't select an instance, the policy will be scoped to all connected apps in your Microsoft Defender for Cloud Apps tenant.
- You can select from a number of Actions to enforce on third party apps. To restrict third-party apps, select Restrict Third Party Apps and then select the specific actions.
When you create a DLP policy that is scoped to Microsoft Defender for Cloud Apps, the same policy will be automatically created in Microsoft Defender for Cloud Apps.