Karim Zaki

Information protection lifecycle


In this article we will be talking how to protect and secure your information using Microsoft protection suite.

We will be more concerning on a new feature in the DLP for endpoint devices

We will talk on how the information is created, edited and transferred outside the organization

Table of contents

What is information life cycle steps?

How to create protection policy for files

How to monitor files and policies

What are the products used?

How to monitor

  • File is created

Regardless of where the file is created, sensitivity labeling in Office apps can enforce information protection based on the labels attached to the data.

  • User edits the file

The label is updated based on the user’s changes and the content’s sensitivity. This ensure the file has the right protection.

  • User shares the file with another user in the organization

As an additional layer of protection, Data Loss Prevention (DLP) policies in Office 365 help prevent the accidental or inadvertent sharing of sensitive documents and emails.

  • User opens the file on their phone

    If a user receives and opens the data on a mobile device, Intune enforces protection of the data.

  • User uploads the file to another cloud service such as Dropbox

    If a user uploads the data to other clouds for external sharing, services such as Microsoft Cloud App Security can apply policies based on the data’s labels.


Microsoft 365 security center and azure

Microsoft compliance center

Intune endpoint protection

Cloud app security

Create labels

AIP classic (old version)


UL new version


How to create DLP for Endpoint devices

First you need to onboard the devices either by

Microsoft defender ATP or by going to compliance center

As described in the onboarding devices

Also you will be able to View Endpoint DLP data in activity explorer


Now endpoint appears in the activity explorer


You can start first by excluding some noisy paths

File path exclusions


Start creating the policy

In this demo I ll block the devices from USB

The Endpoint is only available in the compliance center

https://compliance.microsoft.com/datalossprevention?viewid=policies


In the location choose the devices

Note: it is in preview so please use it as a test and choose a user or group don’t apply on all


Start creating your Rule


Ill create for usb to Audit only


My test is a set the label to internal



You must check the activity explorer


Monitor and analyze sensitive data

File created or user edit file

https://security.microsoft.com/labelanalytics

For DLP

Advertisement

Published by Karim Zaki

MBA Major MIS MCP (Microsoft Certified Professional) Windows XP. Microsoft Certified in (Managing and Maintaining Microsoft server 2003). Microsoft Certified in (implementing, Managing and Maintaining a Microsoft windows server 2003 infrastructure) Microsoft Certified in (Maintaining a MS Win Server 2003 Active Directory) MCSA 2003 ISA 2006 Microsoft Internet Security and Acceleration Server 2006, Configuring MCTS Microsoft Certified Technology specialist MCITP 2008 (Microsoft Certified IT professional) MCSA 2012 Server (Microsoft Certified solution Associate) AZURE Administrator Associate MS 365 Identities and services MS 365 Mobility and security Microsoft 365 Certified: Security Administrator Associate Microsoft 365 certified enterprise administrator expert, MS 365 System administrator, configuring designing and securing. Azure Active Directory administrator configuration and securing identities. Plan identity synchronization for azure active directory Microsoft advanced threat Protection, Access for external users B2B for Microsoft workloads, Azure Advanced Threat Protection, Intune Endpoint administrator designing and securing, Microsoft Cloud App Security configuring and designing. SCSM designing and configuration, Automating IT Operations, Securing and designing exchange online, SharePoint online, MS teams, OneDrive, azure, and MS 365, Intune designing, configuring and supporting.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.