Configuring Data Loss Prevention for Microsoft Teams

Data Loss Prevention has now been included into Microsoft but being a Skype for Business consultant have you ever configured DLP? Probably not.

So this post will look how it is configured from Start to Finish so let’s start with the standard prerequisites;

  • Office 365 Global Administrator Account

Launch Microsoft 365 Admin Center –> Select Security from under Admin Center

Admin Center

Click “More resources” and Open for Office 365 Security and Compliance Center

Click Data Loss Prevention –> Click Policy –> Click Create a policy

Data Loss Prevention

For the purpose of this post I will be creating a policy for covering UK National Insurance Numbers / Passport Numbers. DLP has a list of generic policies or you can configure a custom policy

Select –> Privacy –> Select UK Personally Identifiable Information (PII) Data –> Click Next

Polices

Click Next

Create Policy

At this stage you can select if you want to configure this policy for Exchange email, Microsoft Teams chat and channel messages, OneDrive and SharePoint Documents or specify a subset of services.

Select your required option –> Select Next

Microsoft Teams or All

Example of specifying a subset of services, at this stage you can also Include/Excludes Groups, Accounts and Sites.

Select options

Select Find content that contains

For this post, I am looking for PII data that is being shared outside my organisation.

Select Next

Configure Policy

Using the default options here but you can configure option to send incident report to a Distribution List or individuals.
Select Next

Configure Policy

Select “I’d like to test it out first” or Yes, turn it on right away. This is depending if your organisation is ready for the big switch on. The tenant being used in this post is a test tenant will small amount of users.

Press Next

Configure policy

Review your configured settings –> Select Create

Review

Testing – DLP for Micorsoft Teams

So like with all things Microsoft, we have to wait for replication to take place before we can really start testing DLP. Please dont expect your change to work straight away as its needs to work its way through the big Microsoft cloud.

Email Notification that NINO Number has been shared using Microsoft Teams
Warning Message to the User that sent the NINO Number
Email Notification that NINO Number detected in Exchange

So its safe to say DLP is now working within my tenant.

Regards

The Author – Blogabout.Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *