Office 365 Data Loss Prevention Gets Proactive

In the next phase of the company's plan to strengthen Office 365's data loss prevention capabilities, customers will be able to nip potential compliance violations in the bud.

Office 365 data loss prevention

Microsoft is beefing up the data loss prevention (DLP) capabilities in SharePoint Online and OneDrive, helping Office 365 customers prevent potentially costly leaks of sensitive information.

The company announced that it is entering the second phase of a multi-phase rollout of DLP technologies for the cloud-enabled productivity software platform. Microsoft kicked off the first phase last year with features that enabled organizations to take stock of their SharePoint and OneDrive data, allowing them to find sensitive information and take manual actions to protect it.

Now, as part of Phase 2, Microsoft is readying a public preview of new DLP capabilities, which the company plans to release sometime later this quarter.

Shobhit Sahay, technical product manager for the Office 365 team, wrote in an April 21 blog post that the new features will enable customers to "create proactive policies to remediate violations and empower [their] users with policy tips and notification emails so they can take the right decision while working with sensitive data, just like you do today with DLP in Exchange." Exchange 2013 and Exchange Online offer several DLP capabilities, including document fingerprinting and policy tips that warn users that an email they're composing may run afoul of a company's policies regarding sensitive information.

New to the upcoming preview are automated policies that can kick off actions when SharePoint Online and OneDrive encounter suspect activity.

"With the public preview, admins can now easily set up DLP policies for SharePoint Online/OneDrive for Business from the Office 365 compliance center," said Sahay. In typical Microsoft fashion, the company provides a graphical user interface, allowing administrators to configure and implement policies by pointing and clicking within the Compliance Center dashboard. "Policies take the simple construct of conditions, actions and exceptions and admins can use any of the existing out-of-box templates to get started."

Part of the battle against data leaks is end-user education, according to Sahay. "As such, we help them make the right decisions when working with sensitive data, providing them with rich notifications in the context of where they are working." Administrators can also configure override rules, enabling actions with a business justification, allowing "users to be productive while still being compliant."

A new incident reporting tool helps organizations track the effectiveness of their DLP policies. In the second half of 2015, Microsoft is planning yet another DLP update that includes conditional and location-based policy exceptions, content encryption as an action and custom document fingerprinting.

DLP capability is also coming to select Office 2016 applications, keeping sensitive information safe as users work on Office files, added Sahay.

"Later this quarter, we will make these DLP capabilities available in the preview for three different Office applications—Word, Excel and PowerPoint," he said. "With these capabilities, end users can be notified in real time on the sensitive content they are working right within the familiar Office applications they love and use."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...