KEMBAR78
Intro to Data Loss Prevention in SharePoint 2016 | PPTX
Craig Jahnke, profile picture
Uploaded byCraig Jahnke
PPTX, PDF1,529 views

Intro to Data Loss Prevention in SharePoint 2016

This document provides an overview of data loss prevention (DLP) in SharePoint 2016. It defines DLP and describes how DLP can help prevent accidental or malicious sharing of sensitive data outside an organization. It explains the types of sensitive data that can be identified and protected using DLP policies in SharePoint 2016. It also outlines how to create and assign DLP policies to site collections to automatically identify, monitor, and protect sensitive content across a SharePoint deployment. The document notes some limitations of DLP in SharePoint 2016 and provides references for further information.

Downloaded 34 times
Intro to Data Loss Prevention In SharePoint 2016 By Craig Jahnke Strategic Advisor March 30, 2017
Agenda • What is Data Loss Prevention (DLP) ? • Sensitive Data • DLP in SharePoint 2016 • DLP Queries & Policies • Limitations • Reminders • Questions
What is Data Loss Prevention (DLP)? • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. • DLP Software products help a network administrator control what data end users can transfer so that users cannot accidentally or maliciously share data that could put the organization at risk.
Types of Data in Regards to DLP • In Use • In Motion • Exchange Online • At Rest • SharePoint On-Premises
Data Loss Prevention In SharePoint 2016 • With a data loss prevention (DLP) policy in SharePoint Server 2016, you can identify, monitor, and automatically protect sensitive information across your site collections. • Search for sensitive content in your existing eDiscovery Center enabling real time searching while keeping content in place. • Searches across SharePoint 2016, One Drive for Business and SharePoint Online.
Examples of Sensitive Information Data loss prevention (DLP) includes 80 sensitive information types that are ready for you to use in your DLP policies. • Personal Identifiable Information (PII) • Credit Card Numbers • Social Security Numbers • Bank Account Numbers • Passport Numbers • Driver’s License Numbers • https://technet.microsoft.com/en-us/library/jj150541(v=exchg.160).aspx
DLP Processing in SharePoint 2016 Content Sources UserCrawler Content Processing Index Policy Definitions Unified Policy Processing Tasks Query
DLP Queries & Policies • DLP Queries • See what and where sensitive information exists. • Better understand your risks, • Determine what and where is the content that your DLP policies need to protect • DLP Policies • Conditions that the content must match before the rule is enforced -- for example, look only for content containing Social Security numbers that have been shared with people outside your organization. • Actions that you want the rule to take automatically when content matching the conditions is found -- for example, block access to the document and send both the user and compliance officer an email notification.
eDiscovery Center To create and run DLP queries, you must set up an eDiscovery Center site collection.
Compliance Policy Center To create DLP Policies, you must set up a Compliance Policy Center site collection.
DLP Templates • When you create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. • Each DLP template identifies specific types of sensitive information
DLP Queries • Before you create your DLP policies, you might want to see what sensitive information already exists across your site collections. To do this, you create and run DLP queries in the eDiscovery Center.
DLP Queries • A DLP query works the same as an eDiscovery query. • Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information.
DLP Policies • A DLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. • You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. • A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. • Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
Creating DLP Policies • You create and manage DLP policies in the Compliance Policy Center. • Creating a DLP policy is a two- step process: first you create the DLP policy, and then you assign the policy to a site collection.
Step 1 – Create DLP Policy • When you create a DLP policy, you choose a DLP template that looks for the types of sensitive information that you need to identify, monitor, and automatically protect. • When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information, it can automatically protect the sensitive information by taking the following actions: • Send an Incident Report • Notify the user with a policy tip • Block access to the content
Step 2 - Assign the DLP Policy • After you create a DLP policy, you need to assign it to one or more site collections, where it can begin to help protect sensitive information in those locations. • A single policy can be assigned to many site collections, but each assignment needs to be created one at a time.
Policy Tips • You want people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. • A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy • You can use policy tips to increase awareness and help educate people about your organization’s policies. • Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
Viewing or overriding a policy tip • To take action on a document, such as overriding the DLP policy or reporting a false positive, you can select the Open ... menu for the item > View policy tip. • The policy tip lists the issues with the content, and you can choose Resolve, and then Override the policy tip or Report a false positive.
How DLP Policies Work • DLP detects sensitive information by using deep content analysis. • This deep content analysis uses keyword matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies. • Potentially only a small percentage of your data is considered sensitive. A DLP policy can identify, monitor, and automatically protect just that data.. • After you create a DLP policy in the Compliance Policy Center, it’s stored as a policy definition in that site. • Assign the policy to different site collections, it starts to evaluate content and enforce actions like sending incident reports, showing policy tips, and blocking access.
Policy Evaluation in Sites • Across all of your site collections, documents are constantly changing. • They are continually being created, edited, shared, and so on. • This means documents can conflict or become compliant with a DLP policy at any time. • DLP policies check documents for policy matches frequently in the background. • You can think of this as asynchronous policy evaluation.
View DLP Events in the Usage Logs • You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. • Example - view the text entered by users when they override a policy tip or report a false positive. • Turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). • For more information about usage logging, see Configure usage and health data collection.
Limitation • Cannot Create Custom Rules • 1 Policy Center Per Web Applications • No “Clean” PowerShell CMDLETS for Automation • One-to-one Site Collections & Policy Mappings • Hybrid Does not Work That Well… • Systems actions – Blocking, flagging, etc. works by timer jobs • Office 365 cannot access On-Premises timer jobs • Cannot Edit Emails That Are Sent To End User
DLP Reminders • Start the search service and define a crawl schedule for your content. • Turn on out-going email. • To view user overrides and other DLP events, turn on the usage report. • For DLP queries, create the eDiscovery Center site collection. • For DLP policies, create the Compliance Policy Center site collection. • Create a security group for your compliance team, and add security group to the Owners group in the eDiscovery Center or Compliance Policy Center. • To run DLP queries, view permissions are required for all content that the query will search – for more information
Questions?
References • https://technet.microsoft.com/en- us/library/mt346121(v=office.16).aspx • https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/1 3/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint- online/ • Vlad Catrinescu - blog at https://absolute-sharepoint.com/
Wait there is more… • Data Theft • Bad actors • SharePoint 2016 – monitors but can’t stop • Office 365 can stop
Data Theft • Data theft is a term used to describe when information is illegally copied or taken from a business or other individual. Commonly, this information is user information such as passwords, social security numbers, credit card information, other personal information, or other confidential corporate information.
Bad Actors • Snowden • Gov Contractors • Wikileaks

More Related Content

PDF
Overview of Data Loss Prevention Policies in Office 365
byDock 365
 
PPTX
SharePoint Saturday NL 2016 - Security & Compliance
byAlbert Hoitingh
 
PPTX
Intro to Office 365 Security & Compliance Center
byCraig Jahnke
 
PPTX
Data Loss Prevention in Office 365
byCloudFronts Technologies LLP.
 
PPTX
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 
PPTX
Tips for a successful SharePoint Migration strategy
byDon Daubert
 
PPTX
M365 Records Management Community Webinar
byDrew Madelung
 
PDF
Information protection & classification
byDavid De Vos
 
Overview of Data Loss Prevention Policies in Office 365
byDock 365
 
SharePoint Saturday NL 2016 - Security & Compliance
byAlbert Hoitingh
 
Intro to Office 365 Security & Compliance Center
byCraig Jahnke
 
Data Loss Prevention in Office 365
byCloudFronts Technologies LLP.
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 
Tips for a successful SharePoint Migration strategy
byDon Daubert
 
M365 Records Management Community Webinar
byDrew Madelung
 
Information protection & classification
byDavid De Vos
 

What's hot

PPTX
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
byAlbert Hoitingh
 
PPTX
Azure Information Protection - Taking a Team Approach
byJoanne Klein
 
PDF
Communication Compliance in Microsoft 365
byJoanne Klein
 
PPTX
Protecting your Teams Work across Microsoft 365
byJoanne Klein
 
PPTX
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
byRencore
 
PPTX
SPFest Chicago - Information Management and Data Governance in Office 365
byJoanne Klein
 
PPTX
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
byEuropean Collaboration Summit
 
PPTX
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
PPTX
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
byJoanne Klein
 
PDF
IRMS UG Principles of Retention in Microsoft 365
byJoanne Klein
 
PPTX
Information management and data governance in Office 365
byJoanne Klein
 
PDF
File Security in Microsoft SharePoint and OneDrive
byDavid J Rosenthal
 
PPTX
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
byDrew Madelung
 
PPTX
Microsoft Teams in the Modern Workplace
byJoanne Klein
 
PPTX
SharePoint Saturday Cambridge: Security & compliance
byAlbert Hoitingh
 
PPTX
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
byChristian Buckley
 
PPTX
Create a Compliance Strategy for Office 365
byErica Toelle
 
PDF
Protect your data in / with the Cloud
byGWAVA
 
PPTX
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
byDrew Madelung
 
PDF
Share point encryption
bycsmith2009
 
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
byAlbert Hoitingh
 
Azure Information Protection - Taking a Team Approach
byJoanne Klein
 
Communication Compliance in Microsoft 365
byJoanne Klein
 
Protecting your Teams Work across Microsoft 365
byJoanne Klein
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
byRencore
 
SPFest Chicago - Information Management and Data Governance in Office 365
byJoanne Klein
 
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
byEuropean Collaboration Summit
 
Microsoft Information Protection: Your Security and Compliance Framework
byAlistair Pugin
 
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
byJoanne Klein
 
IRMS UG Principles of Retention in Microsoft 365
byJoanne Klein
 
Information management and data governance in Office 365
byJoanne Klein
 
File Security in Microsoft SharePoint and OneDrive
byDavid J Rosenthal
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
byDrew Madelung
 
Microsoft Teams in the Modern Workplace
byJoanne Klein
 
SharePoint Saturday Cambridge: Security & compliance
byAlbert Hoitingh
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
byChristian Buckley
 
Create a Compliance Strategy for Office 365
byErica Toelle
 
Protect your data in / with the Cloud
byGWAVA
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
byDrew Madelung
 
Share point encryption
bycsmith2009
 

Similar to Intro to Data Loss Prevention in SharePoint 2016

PDF
Azure Data Loss Prevention
byMario Worwell
 
PPTX
Data Loss Prevention in O365
byDon Daubert
 
DOCX
Office 365 data loss prevention
byssuser1eca7d
 
PPT
Proteccion de datos (DLP) usando MS 365-
byRalSejas
 
PPTX
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
PDF
Data Lost Prevention (DLP).pdf
byAgusto Sipahutar
 
PPTX
Global Security and Compliance Community conference 2021
byAlbert Hoitingh
 
PDF
SPUnite17 SharePoint and Data Loss Prevention
byNCCOMMS
 
PDF
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
PPTX
Lect_11.pptx
byARUNC20BCE0294
 
PDF
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
byArethaSimons
 
PDF
Deep Dive into Data Loss Prevention: Securing Microsoft 365, Copilot, and End...
byNikki Chapple
 
PDF
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
PDF
2010 za con_stephen_kreusch
byJohan Klerk
 
PDF
Microsoft Purview Data Loss Prevention Deep Dive
byNikki Chapple
 
PDF
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
PPTX
SharePoint and Office 365 Data Compliance Made Easy: Site Classifications, La...
byJoel Oleson
 
PDF
SCB 2013 DLP, công nghệ, và phương pháp triển khai
bySecurity Bootcamp
 
PDF
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
byIRJET Journal
 
PPTX
Office 365 DLP SUNUMU ICIN POWERPOINT SUNUMU
byalbea3455
 
Azure Data Loss Prevention
byMario Worwell
 
Data Loss Prevention in O365
byDon Daubert
 
Office 365 data loss prevention
byssuser1eca7d
 
Proteccion de datos (DLP) usando MS 365-
byRalSejas
 
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
Data Lost Prevention (DLP).pdf
byAgusto Sipahutar
 
Global Security and Compliance Community conference 2021
byAlbert Hoitingh
 
SPUnite17 SharePoint and Data Loss Prevention
byNCCOMMS
 
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
Lect_11.pptx
byARUNC20BCE0294
 
Data Loss Prevention and Compliance in Microsoft 365 Safeguarding Your Tenant...
byArethaSimons
 
Deep Dive into Data Loss Prevention: Securing Microsoft 365, Copilot, and End...
byNikki Chapple
 
The Definitive Guide to Data Loss Prevention
byDigital Guardian
 
2010 za con_stephen_kreusch
byJohan Klerk
 
Microsoft Purview Data Loss Prevention Deep Dive
byNikki Chapple
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
SharePoint and Office 365 Data Compliance Made Easy: Site Classifications, La...
byJoel Oleson
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
bySecurity Bootcamp
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
byIRJET Journal
 
Office 365 DLP SUNUMU ICIN POWERPOINT SUNUMU
byalbea3455
 

Recently uploaded

PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
PDF
Data Structure - 12 Graph
byAndiNurkholis1
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
Data Structure - 12 Graph
byAndiNurkholis1
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 

Intro to Data Loss Prevention in SharePoint 2016

  • 1.
    Intro to DataLoss Prevention In SharePoint 2016 By Craig Jahnke Strategic Advisor March 30, 2017
  • 2.
    Agenda • What isData Loss Prevention (DLP) ? • Sensitive Data • DLP in SharePoint 2016 • DLP Queries & Policies • Limitations • Reminders • Questions
  • 3.
    What is DataLoss Prevention (DLP)? • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. • DLP Software products help a network administrator control what data end users can transfer so that users cannot accidentally or maliciously share data that could put the organization at risk.
  • 4.
    Types of Datain Regards to DLP • In Use • In Motion • Exchange Online • At Rest • SharePoint On-Premises
  • 5.
    Data Loss PreventionIn SharePoint 2016 • With a data loss prevention (DLP) policy in SharePoint Server 2016, you can identify, monitor, and automatically protect sensitive information across your site collections. • Search for sensitive content in your existing eDiscovery Center enabling real time searching while keeping content in place. • Searches across SharePoint 2016, One Drive for Business and SharePoint Online.
  • 6.
    Examples of SensitiveInformation Data loss prevention (DLP) includes 80 sensitive information types that are ready for you to use in your DLP policies. • Personal Identifiable Information (PII) • Credit Card Numbers • Social Security Numbers • Bank Account Numbers • Passport Numbers • Driver’s License Numbers • https://technet.microsoft.com/en-us/library/jj150541(v=exchg.160).aspx
  • 7.
    DLP Processing inSharePoint 2016 Content Sources UserCrawler Content Processing Index Policy Definitions Unified Policy Processing Tasks Query
  • 8.
    DLP Queries &Policies • DLP Queries • See what and where sensitive information exists. • Better understand your risks, • Determine what and where is the content that your DLP policies need to protect • DLP Policies • Conditions that the content must match before the rule is enforced -- for example, look only for content containing Social Security numbers that have been shared with people outside your organization. • Actions that you want the rule to take automatically when content matching the conditions is found -- for example, block access to the document and send both the user and compliance officer an email notification.
  • 9.
    eDiscovery Center To createand run DLP queries, you must set up an eDiscovery Center site collection.
  • 10.
    Compliance Policy Center Tocreate DLP Policies, you must set up a Compliance Policy Center site collection.
  • 11.
    DLP Templates • Whenyou create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. • Each DLP template identifies specific types of sensitive information
  • 12.
    DLP Queries • Beforeyou create your DLP policies, you might want to see what sensitive information already exists across your site collections. To do this, you create and run DLP queries in the eDiscovery Center.
  • 13.
    DLP Queries • ADLP query works the same as an eDiscovery query. • Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information.
  • 14.
    DLP Policies • ADLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. • You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. • A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. • Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
  • 15.
    Creating DLP Policies •You create and manage DLP policies in the Compliance Policy Center. • Creating a DLP policy is a two- step process: first you create the DLP policy, and then you assign the policy to a site collection.
  • 16.
    Step 1 –Create DLP Policy • When you create a DLP policy, you choose a DLP template that looks for the types of sensitive information that you need to identify, monitor, and automatically protect. • When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information, it can automatically protect the sensitive information by taking the following actions: • Send an Incident Report • Notify the user with a policy tip • Block access to the content
  • 17.
    Step 2 -Assign the DLP Policy • After you create a DLP policy, you need to assign it to one or more site collections, where it can begin to help protect sensitive information in those locations. • A single policy can be assigned to many site collections, but each assignment needs to be created one at a time.
  • 18.
    Policy Tips • Youwant people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. • A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy • You can use policy tips to increase awareness and help educate people about your organization’s policies. • Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
  • 19.
    Viewing or overridinga policy tip • To take action on a document, such as overriding the DLP policy or reporting a false positive, you can select the Open ... menu for the item > View policy tip. • The policy tip lists the issues with the content, and you can choose Resolve, and then Override the policy tip or Report a false positive.
  • 20.
    How DLP PoliciesWork • DLP detects sensitive information by using deep content analysis. • This deep content analysis uses keyword matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies. • Potentially only a small percentage of your data is considered sensitive. A DLP policy can identify, monitor, and automatically protect just that data.. • After you create a DLP policy in the Compliance Policy Center, it’s stored as a policy definition in that site. • Assign the policy to different site collections, it starts to evaluate content and enforce actions like sending incident reports, showing policy tips, and blocking access.
  • 21.
    Policy Evaluation inSites • Across all of your site collections, documents are constantly changing. • They are continually being created, edited, shared, and so on. • This means documents can conflict or become compliant with a DLP policy at any time. • DLP policies check documents for policy matches frequently in the background. • You can think of this as asynchronous policy evaluation.
  • 22.
    View DLP Eventsin the Usage Logs • You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. • Example - view the text entered by users when they override a policy tip or report a false positive. • Turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). • For more information about usage logging, see Configure usage and health data collection.
  • 23.
    Limitation • Cannot CreateCustom Rules • 1 Policy Center Per Web Applications • No “Clean” PowerShell CMDLETS for Automation • One-to-one Site Collections & Policy Mappings • Hybrid Does not Work That Well… • Systems actions – Blocking, flagging, etc. works by timer jobs • Office 365 cannot access On-Premises timer jobs • Cannot Edit Emails That Are Sent To End User
  • 24.
    DLP Reminders • Startthe search service and define a crawl schedule for your content. • Turn on out-going email. • To view user overrides and other DLP events, turn on the usage report. • For DLP queries, create the eDiscovery Center site collection. • For DLP policies, create the Compliance Policy Center site collection. • Create a security group for your compliance team, and add security group to the Owners group in the eDiscovery Center or Compliance Policy Center. • To run DLP queries, view permissions are required for all content that the query will search – for more information
  • 25.
  • 26.
  • 27.
    Wait there ismore… • Data Theft • Bad actors • SharePoint 2016 – monitors but can’t stop • Office 365 can stop
  • 28.
    Data Theft • Datatheft is a term used to describe when information is illegally copied or taken from a business or other individual. Commonly, this information is user information such as passwords, social security numbers, credit card information, other personal information, or other confidential corporate information.
  • 29.
    Bad Actors • Snowden •Gov Contractors • Wikileaks

Editor's Notes

  • #8 Typically Search works like this Backend You have searchable content It is crawled – goes in the content and capture all the information Content processing will analyze and apply exclusion and pass to index Front End A user makes a query The query searches the index for the information and responds back to the user DLP creates uses the Policy Definition Looks for information in the index. You need to have the information in the index before you can apply policies to it *** If you don’t search a site collection you can’’ apply policies to it. If you are doing daily crawls, you could have a gap of 24 hours before it is indexed.
  • #12 When you create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. Each DLP template identifies specific types of sensitive information – for example, the template named U.S. Personally Identifiable Information (PII) Data identifies content that contains U.S. and U.K. passport numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), or U.S. Social Security Numbers (SSN).
  • #13 A DLP query works the same as an eDiscovery query. Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information. First choose the locations you want to search, and then you can fine tune the query because it supports Keyword Query Language (KQL). In addition, you can narrow down the query by selecting a date range, specific authors, SharePoint property values, or locations. And just like an eDiscovery query, you can preview, export, and download the query results.
  • #14 A DLP query works the same as an eDiscovery query. Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information. First choose the locations you want to search, and then you can fine tune the query because it supports Keyword Query Language (KQL). In addition, you can narrow down the query by selecting a date range, specific authors, SharePoint property values, or locations. And just like an eDiscovery query, you can preview, export, and download the query results.
  • #15 A DLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
  • #17 When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information that you choose – for example, five credit card numbers, or a single social security number – then the DLP policy can automatically protect the sensitive information by taking the following actions: Sending an incident report to the people you choose (such as your compliance officer) with details of the event. This report includes details about the detected content such as the title, document owner, and what sensitive information was detected. To send incident reports, you need to configure outgoing e-mail settings in Central Administration. Notifying the user with a policy tip when documents that contain sensitive information are saved or edited. The policy tip explains why that document conflicts with a DLP policy, so that people can take remedial action, such as removing the sensitive information from the document. When the document is in compliance, the policy tip disappears. Blocking access to the content for everyone except the site owner, document owner, and person who last modified the document. These people can remove the sensitive information from the document or take other remedial action. When the document is in compliance, the original permissions will be automatically restored. It’s important to understand that the policy tip gives people the option to override the blocking action. Policy tips can thus help educate users about your DLP policies and enforce them without preventing people from doing their work.
  • #19 You want people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. This is where policy tips can help. A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy — for example, content like an Excel workbook that contains personally identifiable information (PII) and that’s saved to a site. You can use policy tips to increase awareness and help educate people about your organization’s policies. Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
  • #20 Details about how policy tips work Note that it’s possible for content to match more than one DLP policy, but only the policy tip from the most restrictive, highest-priority policy will be shown. For example, a policy tip from a DLP policy that blocks access to content will be shown over a policy tip from a rule that simply notifies the user. This prevents people from seeing a cascade of policy tips. Also, if the policy tips in the most restrictive policy allow people to override the policy, then overriding this policy also overrides any other policies that the content matched. DLP policies are synced to sites and contented is evaluated against them periodically and asynchronously (see the next section), so there may be a short delay between the time you create the DLP policy and the time you begin to see policy tips.
  • #21 DLP detects sensitive information by using deep content analysis (not just a simple text scan).
  • #22 Across all of your site collections, documents are constantly changing — they’re continually being created, edited, shared, and so on. This means documents can conflict or become compliant with a DLP policy at any time. For example, a person can upload a document that contains no sensitive information to their team site, but later, a different person can edit the same document and add sensitive information to it. For this reason, DLP policies check documents for policy matches frequently in the background. You can think of this as asynchronous policy evaluation. Here’s how it works. As people add or change documents in their sites, the search engine scans the content, so that you can search for it later. While this is happening, the content’s also scanned for sensitive information. Any sensitive information that’s found is stored securely in the search index, so that only the compliance team can access it, but not typical users. Each DLP policy that you’ve turned on runs in the background (asynchronously), checking search frequently for any content that matches a policy, and applying actions to protect it from inadvertent leaks. Finally, documents can conflict with a DLP policy, but they can also become compliant with a DLP policy. For example, if a person adds credit card numbers to a document, it might cause a DLP policy to block access to the document automatically. But if the person later removes the sensitive information, the action (in this case, blocking) is automatically undone the next time the document is evaluated against the policy. DLP evaluates any content that can be indexed. For more information on what file types are crawled by default, see Default crawled file name extensions and parsed file types.
  • #23 You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. For example, you can view the text entered by users when they override a policy tip or report a false positive. First you need to turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). For more information about usage logging, see Configure usage and health data collection.
  • #28 Working on this… Not for this presentation…