One of our previous articles reviewed a new solution from Microsoft, called Purview. It is essentially a governance tool, designed to help your organization come under compliance with the many data privacy laws (such as those of the GDPR, CCPA, HIPAA, etc.). But data leakage continues to be a problem, and in this article, we take a look at some of the newer steps that have been incorporated into Purview to help avoid this serious issue.

What Is Included?

When you include the components of Data Loss Prevention, the following functionalities are achieved:

  • The protection of M365 across all of the major applications (this includes Teams, Exchange, OneDrive, and SharePoint).
  • The protection Office applications such as Word, PowerPoint, and Excel.
  • The deployment of endpoint security for Windows 10, Windows 11, even the macOS.
  • Other non-related Azure applications that may reside in your Cloud environment.
  • The protection of file sharing between On Prem and Cloud based workstations and servers.

It is important to note that the Data Loss Prevention (DLP) tools that come with Purview are probably amongst the most sophisticated that are available today.  For example, rather than just taking a holistic view of the data to find any unusual trends, it utilizes “Deep Content Analysis” to find sensitive data and trends that are not visible at first glance.

It does this by:

  • Matching the primary information and data to various keywords;
  • Making use of regular expressions;
  • Conducting other matches that have some sort of association with the established keywords;
  • Making use of Machine Learning (ML) tools to find other pieces of information/data that have even have a distant correlation with the keywords.

How DLP Risk Is Mitigated

DLP does not guarantee  a 100% stop of data leakage from happening, it does a tremendous job mitigating the chances from it happening.  Here is what it can do:

  • Remind employees of the DLP policies with a pop-up message if they are about to do something that is against IT Security policy.
  • Real Time blocking of any sharing of data files if any suspicious activity has been detected.
  • Protect against data loss Via Email, Teams, USB, Printers, third party file sharing sites like
  • For any data that is archived and not being used, a special lock will be placed on that particular database, and stored in a quarantined area that few people will have access to.
  • Automatically encrypt sensitive data based on certain criteria.
  • Any pieces of sensitive information and data that was shown on a screen shared in Teams will be hidden from view in the chatting component.

In order to for the IT Security team to keep track of all that is going on with the enforcement of the DLP policies, all activity is actually recorded and stored into the M365 Audit Log.  Click here to learn more about this.  Any alerts that are transmitted can also be viewed at the DLP dashboard, and more information about this can be seen here.

How To Get DLP Ready For Your Organization

To do this, there are five distinct steps that you must follow:

1. Planning for the deployment:

This typically involves determining the kinds of datasets that to need to be protected.  Typically this will your highly classified PII information and data. Also, you will need to take into account the Windows based platforms that they all reside upon, and how much you want to store in the Cloud and/or On Prem.

2. Examining your business processes:

The DLP will have an impact on just about all of the processes that you are running.  Therefore, you will need to first conduct a very thorough audit and review of what the impacts will be like.  For example, the DLP can very easily shut down one group of employees when they need access to something, so you need to make sure also that all rights, permissions, and privileges have been properly reviewed and implemented.  A toll that can help you in this regard is the Activity Explorer.  More about this can be seen here.

3. Train your employees:

In parallel with security awareness, companies need to train staff for your DLP policies.

  • provide a high-level overview of it
  • explain the consequences if they don’t follow them
  • Train them on the role they have to play in preventing data loss
  • Test everything first:

Before you release the DLP policies into the production environment, first test them in a sandbox.  This will give your IT Security team the chance to see how well it will work with the current business processes that you have in place, and if any corrections have to be made.

4. Release it:

Once your IT Security team is satisfied with the results in the last step, then you should be confident enough to put those DLP policies into action.  But remember, unforeseen things can and do happen, so therefore, you need to have the ability to tweak these policies on a real time basis as well.

Conclusions

Overall, this article has examined some of the key functionalities of the DLP, especially when it is used in conjunction with Purview.  If you have any questions, please contact us.

Sources