Home » Cloud » Come and Learn How to Enable or Configure DLP in Office 365
Cloud

Come and Learn How to Enable or Configure DLP in Office 365

author
Published By Kumar Raj
Aswin Vijayan
Approved By Aswin Vijayan
Published On December 12th, 2017
Reading Time 8 Minutes Reading

Policy Tips are the informative notifications, which displays at the time when senders are composing their messages. The basic aim is to make users aware of the fact that they are willingly or unwillingly violating the enterprise policies and practices. These policies or practices are enforced in Data Loss Prevention policies, which are established by the owner or administrator. The upcoming processes will be helping users in learning that how to configure DLP in Office 365 account and hence, managing them.

Prerequisites

* Each procedure requires minimum 30 minutes for completion

* Assign all the permissions before execution of the actual procedure

* DLP Policy tips will only work for mail senders when following situations get fulfilled:

  • The sender must be using Microsoft Outlook 2013 or 2016. If the enterprise has migrated to Exchange online environment then, also the Policy Tips work in OWA account.
  • The existence of transport rule raises Policy Tip notification. It is possible to create the transport rule just by configuring DLP policy, which comprises of task to ‘Notify the sender with a Policy Tip’
  • The DLP policy works by scanning the entire email message with its body, header, and attachment. If any of the rules or regulations do not meet requirement then, policy tips come in form a notification.

All Possible Ways to Configure DLP in Office 365

Approach 1: Create or Modify Notify-Only Tip

This will top up one message on screen when individuals are trying to violet data loss prevention policies. Users can use Policy Tip option dialog box in Microsoft Outlook to prevent tip from displaying. Well, with help of following steps, you will be able to configure notify-only Policy Tip via EAC:

  1. In the Exchange Admin Center, click on Compliance management >> Data Loss Prevention
  2. Double-click on any one of the listed policies, which appears in front of you. You can also highlight any of the listed policy and click on Edit
  3. An Edit DLP Policy page will appear in which you have to click on Rules
  4. Select the rule and click on Edit for adding Notify-Only policy tip on the chosen rule
    Tip: Click on Add >> Create a new table option to generate a new rule, which you can customize on your own.
  5. Select The message contain sensitive information from Apply this rule section
  6. Click on the + icon, choose the type of secretive information and click on Add >> OK >> OK
  7. Go to ‘Do the following’ section and choose Notify the sender with a Policy Tip from the displayed screen
  8. Select any of option that appears in drop-down list of Choose whether the message is blocked or can be sent and then, click on OK
  9. If some editing is to be imposed in the current rule then, click on More Options
  10. Now it is the time to decide whether you want to enforce rule or not. This can be done from the list of Choose a mode for this rule and we suggest you test the configured rule, first
  11. At last, click on Save button for completing the entire task and finally save all the made changes

Verification Steps to Check Whether the Policy Tip Works or Not:

  • Again go to Compliance Management >> Data Loss prevention in EAC
  • Choose the policy, which contains the notification message
  • Click on Edit >> Rules to continue with configuring DLP in Office 365
  • Select a particular rule that comprises of notification message
  • Verify that the Notify the sender action displays at the lower part of the entire rule summary

Approach 2: Create or Modify Block-message Tip

This type of DLP policy tip notifies sender that his message is rejected and cannot be sent until and unless suspected situation does not vanish. The notification tells users that all the conditions are not matched with defined policy tips and hence, message cannot be sent further. Microsoft Exchange will be blocking emails from being getting delivered. Well, you can follow below-mentioned steps to create block-message policy tip:

  1. Go to Compliance Management >> Data Loss prevention in EAC
  2. Open any one of the policies to be configured through these steps
  3. Select Rules on the page of Edit DLP policy
  4. Choose anyone rule by highlighting it and click on Edit
    Tip: Select Add button for appending a new rule in policy with a customized settings
  5. Click on More Options >> Add action to configure DLP in Office 365 with block-message policy tip
  6. Click on the Drop-down and choose Notify the sender with a Policy Tip
  7. Select Block the message and then click on OK >> Save. This will complete the entire procedure of configuring the required data loss prevention policy

Verification Steps to Check Whether the Policy Tip Works or Not:

  • In Exchange admin center, go to Compliance management >> Data Loss prevention
  • Highlight one listed policy and click on Edit >> Rules
  • Select an individual rule for highlighting a particular rule, which you think comprises of a notification
  • Verify that Notify the sender that the message can’t be sent action displays at the lower part of the entire rule summary.

Approach 3: Create or Modify Block-unless-override Tip

The name itself suggests working of the way in which this policy tip will be working. Follow below-mentioned instructions to apply this type of DLP tip in Office 365:

  1. Click on Compliance Management >> Data Loss Prevention tab in EAC
  2. Open the policy either by double-clicking on it or highlighting it and then, click on Edit
  3. An edit DLP policy page will appear in which you have to click on Rules
  4. Select the rule on which this policy is to be applied and click on Edit. You can also create a new rule by clicking on Add >> More Options to customize the recently created rules
  5. Click on Add Action button for adding an action, which will be revealing the Policy tip
  6. Continuously click on Notify the sender with a Policy Tip >> Block the message but, allow sender to override and send option
  7. End up the entire procedure just by clicking on OK >> Save

Verification Steps to Check Whether the Policy Tip Works or Not:

  • Click on Compliance Management >> Data Loss Prevention in EAC
  • In an instant, select the policy that is expected to have notification message
  • Click on Edit >> Rules to continue with procedure to configure DLP in Office 365 via this policy
  • Highlight the particular rule, which you think that is comprising message within it
  • Verify the rule by Block the message, but allow the sender to override and send action displays at the lower section of the rule summary

Approach 4: Create A Customized Policy Tip Notification Text

This is to customize text of the policy notification message. If one utilizes this configuration setting then, custom Policy notification message will not display until-and-unless you configure DLP policy rule. This rule is to be used with an action to display notification at the time of notification. Remember one thing that there is default Policy Tip notification, which could be used when no custom settings are made. Apply following steps in a systematic way to apply this custom policy:

  1. Go to Compliance Management >> Data Loss Prevention in Microsoft Exchange admin center page
  2. Click on Policy Tip Settings >> Add+ this will be initiated procedure to create a new policy with required rules. In order to modify or delete Policy tip, highlight the aimed tip and click on Edit or Deleted respectively
  3. Click on Save for finishing the modifying Policy Tip and hence, update the changes
  4. At last, click on Close to finish up with entire process

Example to Create Custom Policy Tip via Exchange Shell Command: Use following command to generate a new Policy tip notification, which will be displayed at the of blocking email from being sent. The Policy tip notification text is change with ‘This email seems to have confidential data and hence, cannot be shared’

Configure DLP in Office 365

Verification Steps to Check Whether the Policy Tip Works or Not:

  • Open the Data Loss Prevention section in the Exchange admin center
  • Click on Policy Tip Settings >> Refresh
  • View that your action, text for locale, and locale appears in the list

Conclusion

All possible ways on How to configure DLP in Office 365 with different policies are suggested in this blog. Users can use or apply any of them and hence, keep their confidential files safe from any cybercrime threats.