Introduction
Organizations have sensitive information under their control. Sensitive data can include things such as financial data, proprietary data, credit card numbers, health records, and social security numbers. Organizations need a way to prevent their users from inappropriately sharing sensitive data with people who shouldn't have it. Microsoft 365's solution to protecting sensitive data is a cloud-based service known as Microsoft Purview Data Loss Prevention (DLP). Microsoft Purview DLP protects sensitive data and reduces the risk of users sharing this data outside an organization.
This module examines how Microsoft Purview DLP helps organizations discover, classify, and protect sensitive data across their entire data estate. It provides a unified view of all the data across the organization, including on-premises, multicloud, and SaaS environments.
You learn in this module how Microsoft Purview DLP implements data loss prevention by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across:
- Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive
- Office applications such as Word, Excel, and PowerPoint
- Windows 10 and 11 endpoints
- Non-Microsoft cloud apps
- On-premises file shares and on-premises SharePoint
DLP policies are how you monitor the activities that users take on:
- Sensitive items at rest
- Sensitive items in transit
- Sensitive items in use
This module also examines how DLP policies define the protective actions that organizations can take when a user violates a DLP rule. For example, when a user attempts to take a prohibited action, like copying a sensitive item to an unapproved location. Or sharing medical information in an email or other conditions laid out in a DLP policy.
In this module, you learn how to plan for data loss prevention in an organization. The planning process includes:
- Identifying stakeholders.
- Identifying the categories of sensitive information to protect.
- Setting goals and creating an implementation plan.
Once an organization has its plan in place, it should consider whether to use the Microsoft 365 default DLP policy or create its own custom policy. When an organization builds a custom policy, it can build the policy based on an existing Microsoft Purview DLP policy template, or it can create its own DLP policy from scratch. This module examines how to create a DLP policy using both methods.
You learn that Microsoft Purview DLP built policy templates on top of rules that are a combination of conditions and actions. DLP policies support a full range of rules. An organization can modify any of the built-in DLP policy templates by configuring conditions and actions to meet its specific requirements.
The module concludes by examining how DLP policies notify users of policy violations. Notification can come in two forms - email notifications that users receive, and policy tips that are displayed in the service.