All organizations, regardless of size and industry, have data that they consider sensitive. Data Loss Prevention (DLP) is an important capability for protecting this information from getting into the wrong hands. We are always looking to enhance the DLP solution in Office 365 to help meet this organizational need. Today, we are pleased to announce a single management experience for DLP policy creation and reporting across Exchange Online, SharePoint Online and OneDrive for Business. In addition, we are introducing enhancements to the DLP data delivered via the Management Activity API.
Unified policy creation
To date, IT admins have managed DLP for Exchange Online via the Exchange admin center (EAC), while managing DLP for SharePoint Online and OneDrive for Business from the Office 365 Security and Compliance Center. Now admins can create a single DLP policy in the Office 365 Security and Compliance Center that covers Exchange Online, SharePoint Online and OneDrive for Business. The unified DLP platform allows organizations to manage multiple workloads from a single management experience, reducing the time required to set up and maintain security and compliance within your organization.
Apply a single policy to protect across Exchange Online, SharePoint Online and OneDrive for Business.
These changes do not impact any existing policies created via the EAC, and you will still be able to create new email DLP policies in the EAC. However, we recommend you check out the new DLP management experience in the Office 365 Security and Compliance Center, as this is where you’ll see new capabilities show up in the future.
Along with unified policy creation, we also now provide a single location to view reports for your DLP policies across Exchange Online, SharePoint Online and OneDrive for Business. This makes it easier to understand the business impact of your DLP polices and uncover actions that violate policies across multiple workloads.
Report that shows DLP policies matches from Exchange Online, SharePoint Online and OneDrive for Business.
DLP events in the Activity Management API
Lastly, based on customer feedback, we are providing additional details for DLP events published via the Activity Management API. The Activity Management API enables organizations to connect DLP event data from Office 365 with third-party tools, such as a security information and event management (SIEM) system. Now event details provided via the Activity Management API will contain the same data as the alerts generated in Office 365 to notify IT admins when a DLP event occurs. This data requires separate permissions in Azure AD called, “Read DLP policy events including detected sensitive data,” which an admin can grant. To learn more, check out the API schema reference.
We will continue to invest in DLP and are currently working on new functionality—such as the ability to create custom sensitive types for unified DLP polices and a simplified DLP administrative experience. If you want to learn more about the investments we are making, watch sessions from Microsoft Ignite around our DLP investment areas and how to customize and tune DLP.