In the scenario where you have configured more than a single DLP policy, you can change the priority/order. An example of this is if you have a personal data DLP policy and a different financial data DLP policy. In our scenario, you would like the personal data DLP policy to have higher precedence than the financial data DLP policy. To configure this, we would need to complete the following steps:
- From within Microsoft 365 Compliance Center, click on Policies > Data loss prevention.
Figure 7.7 – Data loss prevention option
- Click on the three vertical dots at the end of the policy’s name.
Figure 7.8 – Choosing the option to move policy priority
- After clicking the three vertical dots, you will see the option to Move down or Move to the bottom. Select Move down to give this policy lower precedence.
Figure 7.9 – Moving the policy’s precedence
The preceding instructions show how to make the necessary changes from within Microsoft 365 Compliance Centre. However, you can make these changes via PowerShell as well. The following cmdlet can be run within PowerShell to change the priority of the EU Financial Data Policy DLP policy to the value 1:
Set-DLPCompliancePolicy -Identity “EU Financial Data Policy” -Priority 1
It is good practice to prioritize policies with less constricting actions underneath policies that are more constrictive. In addition to this good practice regarding policy precedence, it is also good practice to prioritize rules with less constrictive actions below rules with more constrictive ones. This helps stop the less restrictive rules from overwriting any block actions of the more constrictive rules and policies.
You should now have an understanding of the recommended data loss prevention policies for different organizations, as well as how to configure and change policy precedence. In the next part of this chapter, we will look at configuring DLP policies for Microsoft 365 SaaS services, including Exchange Online, SharePoint sites, OneDrive, and Microsoft Teams.
Configuring policies for Exchange Online, SharePoint sites, OneDrive, and Microsoft Teams
There are many SaaS applications within the Microsoft 365 family, and it is always recommended to add an extra layer of protection where possible. In this section, we will take a closer look at how DLP policies can protect Exchange Online, SharePoint sites, OneDrive, and Microsoft Teams.
Leave a Reply