…Data Loss Prevention

Large (and small) government agencies deal with very sensitive information, from social security numbers to credit card information to personally identifiable information (PII) on a daily basis. Many of these agencies use written policies to attempt to prevent users from purposefully or accidentally sending or sharing this information in an unauthorized way. However, most of these agencies do not have technology in place to monitor and prevent this data from leaving their network and are completely unaware it is even happening. Something my daughters taught me from a popular red character on TV, 'Accidents Happen'. Even when people are being careful this old adage is true, accidents do happen. But these accidents can have huge consequences not only for the sender of the confidential data but the administrators and organization that allowed it to happen.

In a simple search from the Open Security Foundation's Data Loss Data website reveals a myriad of data loss scenarios ranging from personally identifiable information (PII) to Social Security Numbers. In these instances several were accidental, where the user didn't even know the data was in the form or document they were sharing.


Records Lost

U.S. Department of Treasury


NY Department of Homeless Services


Cameron County Texas


California Department of Consumer Affairs


Clark County Nevada District Court


City of Uma, Arizona


Ohio Police and Fire Pension Fund


New Hampshire Department of Health and Human Services



Office 365 is looking to help organizations better manage their data by providing built in data loss prevention capabilities to the platform. This is going to be the first of a series of four blog postings between myself and Dennis that will cover the following topics:

  • An introduction to Office 365 DLP
  • Understanding and using the built in Office 365 DLP templates
  • Modifying the DLP templates to focus on specific needs
  • Creating custom DPL rules from scratch

So with that let's talk about some of the nuts and bolts around DLP in Office 365 from an Exchange perspective. One of the primary roles in Exchange is the transport role, think of it as the sorting room in a post office. All messages come through the transport server and are checked for various things such as the sender and receiver to ensure the message is properly delivered. During this time administrators can configure rules to check the content of the message and take the appropriate action. These actions can include simple notifications within the Outlook client, redirecting messages for authorization prior to being delivered, forcing encryption or outright blocking the message from being delivered. In addition to this the DLP reporting mechanism allows authorized users to review statistics and drill down into the reports to perform analytics against the report to determine the severity of the attempted data breach.

Out of the box Exchange Online provides several templates to help administrators quickly and easily deploy DLP policies. We will dive into these policies in the next blog post, but as you can see from the screenshot below, there are several to choose from that cover common compliance policies required in government agencies.

In addition to the U.S. based rules above there are approximately 32 additional DLP policies that cover compliance rules around the globe.

From an administrative perspective it is very easy to run a report on the rules in play, below is a sample report for a rule capturing the transmission of social security numbers.

A few additional advantages of the Exchange Online DLP templates are around the update feature. As an example let's say HIPAA laws have now changed to say that any email correspondence including the words 'Jorge Diaz' must immediately be blocked. You as an administrator don't have to go and update the policy, as you can imagine keeping pace with potentially hundreds of policies would be near impossible. Microsoft will automatically update the policy based on changes without requiring your administrators to update them individually.  

In conclusion, Microsoft is investing significant resources to help government agencies protect their data from both malicious and accidental data breaches. The introduction of the Data Loss Prevention component to Exchange Online is a powerful component that is provided at no additional cost for customers using the G3 or G4. Stay tuned for some deeper technical dives into the templates, creating rules from scratch and modifying existing templates for specific business cases. Below are some additional resources around DLP technologies:

Data Loss Prevention

DLP Policy Templates

Comments (0)

Skip to main content