Configure Office 365 DLP for SharePoint and OneDrive

Get this blog post sent to you as a PDF file to read later

Enter your email address and press Send Now

If you want to stop users leaking sensitive financial or medial information to people outside your organisation then you need the Data Loss Prevention (DLP) of Office 365. It comes with several UK and US regulatory based rules to help protect your business from data protection issues. Users can easily accidentally or sometimes on purpose share documents or send emails containing credit card numbers and think nothing of it when in fact they have caused a serious and potentially expensive data breach.

Lets see how we can configure DLP to help protect your clients personal information and your organisation from data leaks.

First log into the portal as a tenant administrator and click on the Admin tile


Next expand Admin centres and click on Compliance.


Next expand Threat management then click Data loss prevention


Click on the plus symbol to start creating a DLP rule


There are a number of ready made policies you can choose from, from financial, medial, privacy or roll your own. In this example we are going to setup a policy to detect financial information which includes credit card numbers.

Click Financial then U.K Financial Data or U.S Financial Data depending on your location and press Next.


Next select to protect all SharePoint and OneDrive Sites and press Next.


Next you can customise the DLP rules, these rules seem to baffle some people but they are really simple to understand. This DLP policy contains two rules in this case. The first rule says alert to any documents which are shared outside of the organisation that contains between 1 and 9 instances of financial information. So the first rule will fire if one credit card or swift number is found.

The second rule fires if there are 10 or more instances of financial information.

Each rule will alert the creator of the document which contains financial information so they can fix it but the second rule has an additional action which occurs if it fires, it actually blocks access to the document to people its been shared with.

A document which contains 1-9 bits of financial information may be acceptable with a warning where as documents with 10 or more requires some more serious automated action by blocking access.

These rules are fine for our example and will be a good starting point for you so leave their settings as their defaults and press Next.


Give the Policy a Name and select Turn it on and start protecting content and press Create.


The DLP policy will how show with a status of On which confirms it is active.


Now to test the policy, lets create a new word document in SharePoint which contains some financial information. Here we list two credit card numbers and save the file.


Next we need to share the document with someone outside of the organisation. Right click the document and click Share.


Enter the email address of the person you want to share the document with and press Share.


After approximately 15 minutes the SharePoint search will run and fire the rule. The owner of the document, site and the person who shared the file will receive an email informing them that the document conflicts with a policy letting them know that they need to remove the credit card numbers. You can customise these emails once you are familiar with how the system works by editing the rules later.


When you return to the document you will now see an exclamation mark next to it highlighting an issue.



I hope this guide serves as a quick starter to using DLP. Use this feature to protect your organisations from data loss and prevent a possible serious issue.


Author: Ian@SlashAdmin

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *