As we already know, a custom DLP policy enables you to configure conditions, rules, and actions that can assist you in meeting specific requirements for your organization. For DLP policies within Exchange Online, the possible rule conditions that are at your disposal include the standard mail flow rules (these were formerly known as transport rules), as well as the information types that can be found at the following Microsoft doc link: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/data-loss-prevention/sensitive-information-types?view=exchserver-2019.
Before configuring DLP policies within Exchange Online, ensure you have assigned the relevant permissions to your admin account, which in this scenario will be the Organization Management Compliance Management permissions. The following steps will walk through how to create a custom DLP policy for Exchange Online:
- From within Microsoft 365 Compliance Center, navigate to Policies > Data > Data loss prevention. Please see the Amending rule priority section of this chapter for images for these individual steps.
- On the Data loss prevention pane, select Policies and then click on +Create policy.
Figure 7.10 – Creating a new DLP policy
3. On the Start with a template or create a custom policy page, select one of the existing templates or create a custom policy if you require one. For our example, we will create a custom policy. Click on Custom policy and then Next.
Figure 7.11 – Custom policy
4. On the Name your DLP policy page, enter a relevant name for the policy and a description and click on Next. In the following screenshot, you can see that I have named the policy Exchange Online – Test Policy and entered a relevant description.
Figure 7.12 – Name and Description boxes for the Exchange DLP policy
5. On the Choose locations to apply the policy page, ensure that only the Exchange email location status is set to On, as shown in the following screenshot:
Figure 7.13 – Choosing Exchange Online as the location
6. You have the option to include or exclude specific email distribution groups if your requirement needs this. Click on Next.
Figure 7.14 – Included or Excluded distribution groups
7. On the Define policy settings page, select Create or customize advanced DLP rules and click on Next.
Figure 7.15 – Define policy settings
8. On the Customize advanced DLP rules page, click on +Create rule.
9. On the Create rule page, enter an appropriate Name and Description for the rule. Under Condition, click on the Add condition dropdown and select the appropriate condition for this rule. For our example, I am adding a sender domain that the policy will apply.
Figure 7.16 – Adding a condition
10. To add an exception to the rule, under Exceptions, click on +Add exception.
Figure 7.17 – Adding an exception to the rule
11. In the same way you added a Condition and an Exception, you can also add an Action, User notification, User overrides, Incident reports, and Additional options:
Figure 7.18 – Customizing more settings
12. Once you have completed all the configurations, you need to click on Save. On the Customize advanced DLP rules page, click on Next.
- On the Test or turn on the policy page, you can choose from one of the following three options:
• Test it out: This allows you to review alerts to assess the policy’s impact. Any restrictions that are configured will not be enforced.
• Turn it on right away: Once the policy has been enabled, it can take up to an hour for its effects to kick in.
• Keep it off: You can either test it or turn it on at a later date. - Click on Next to review the policy and click on Submit to complete the DLP policy for Exchange.
Now that we have configured a custom DLP policy in Exchange Online, we will take a look at custom policies with SharePoint sites.
Leave a Reply