Getting started with Data Loss Prevention (DLP) in Microsoft environments


Data loss prevention (DLP) is a security measure that prevents sensitive or critical information from being accidentally or intentionally sent outside of a corporate network. It is often implemented through software products that help organizations control the data that users can transfer.

In Microsoft environments, DLP policies can be used to monitor, identify, and take action against actions that match the DLP policies. These policies can be applied to various Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive, as well as Office applications like Word, Excel, and PowerPoint. DLP can also be applied to non-Microsoft cloud apps, on-premises file shares and SharePoint, and to Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) endpoints.

To accurately identify sensitive information, DLP solutions use various mechanisms such as keyword and regular expression analysis, internal function validation, and machine learning algorithms to analyze the content of documents and files. All DLP-monitored activities are logged in the Microsoft 365 Audit log and can be viewed in the Activity Explorer. If alerts are configured, DLP will provide alerts in the DLP alert management dashboard when a user performs an action that meets the criteria of a DLP policy.

More details on how this work can be found here:

Getting started

To get started with DLP, it’s important to consider technology and business process requirements, as well as organizational requirements such as user training and awareness. Once these requirements have been identified, DLP policies can be defined and tested in test mode to fine-tune them before they are put into production. Microsoft provides a default DLP policy that can be used as a starting point and DLP templates that can be customized for specific needs.

DLP policies require certain licenses to be enabled, which can vary depending on the features needed. It is important to carefully consider the license requirements for DLP to ensure that all necessary features are available.

For a comprehensive overview of the license requirements, please have a look at:

DLP Default policy

To make things easy and to get customers started, Microsoft has provided a default DLP Policy already available and configured for your environments.

This policy is configured to monitor credit card information contained within documents and emails. Alerts have been configured to report on actions done with these documents.

This will give you a starting point in terms of how policies work. You are able to edit and fine-tune this default policy step-by-step.

For more information have a look at:

DLP Templates

Another great thing Microsoft provides to get started with, are DLP Templates. You can use one of these templates as is, or customize the rules to meet your organization’s specific compliance requirements.

To get started with creating a DLP policy you would need to be a member of the compliance admin role. But once you have that, you can start creating DLP policies from these templates.

For more information about DLP templates have a look at: