Setting up Unified Data Loss Prevention Policies in Office 365

Introduction to Unified Data Loss Prevention Policies in Office 365

Every organization is concern about their data security. Regardless of the size of the organization or industry they deal in, organizations want to ensure the security of their data. Office 365 Data Loss Prevention (DLP) helps organizations protect their sensitive information from getting into the wrong hands. Data Loss Prevention policies in Office 365 help organization to protect the confidential data based on business requirements. Earlier this month, Microsoft introduced unified Data Loss Prevention policies in Office 365 to empower IT admins to create, manage and report DLP policies for Exchange Online, SharePoint online and OneDrive for Business from single admin pane.

Administrators are no longer required to setup and manage DLP policies separately for Exchange online, SharePoint Online and OneDrive for Business.

Unified Data Loss Prevention Policies in Office 365 is provided via the the Office 365 Security and Compliance Center. We have discussed Office 365 Security and compliance center in my previous blog post for enabling the auditing of admin users in Office 365. Now with new enhancements in Office 365, admins can create a single DLP policy in the Office 365 Security and Compliance Center that covers Exchange Online, SharePoint Online and OneDrive for Business. The unified DLP platform allows organizations to manage multiple workloads from a single management experience, reducing the time and complexity required to set up and maintain security and compliance within your organization.

New unified DLP Policies experience in Office 365 do not impact any existing policies configuration created

Setting up Unified Data Loss Prevention Policies in Office 365

Setting up unified DLP policies in Office 365 requires you to perform the following steps.

Setting up Unified Data Loss Prevention Policies in Office 365

  • Click on icon to create a new DLP policy.
  • In new policy wizard, select the DLP policy type and click next. In my case, I have selected the policy type of “Medical and Health Regulation” and creating a HIPPA compliance policy

Setting up Unified Data Loss Prevention Policies in Office 365

  • Next step is to select the services to which you would like to apply the DLP policy. I have selected all the workloads to apply the policy

Setting up Unified Data Loss Prevention Policies in Office 365

By default, SharePoint online and OneDrive is selected. You can also specify the users to whom you would like to apply the policy in SharePoint online and OneDrive for Business.

  • Click next and customize the rule if required.

Setting up Unified Data Loss Prevention Policies in Office 365

  • Once you finalized the policies, click next and define the name and description of the policy. You are also required to turn on or off your compliance policy. By default, when you create a compliance policy from Office 365 Security and Compliance center, it’s setup with the option of “Test it out”.

Setting up Unified Data Loss Prevention Policies in Office 365

Once the policies are being created, it will be applied to the users based on your criteria defined during the policy creation.

Unified Data Loss Prevention Policies Reporting in Office 365

With Office 365 Security and Compliance center, Microsoft also provide you unified reporting capabilities for your DLP policies. You can view reports for your DLP policies across Exchange Online, SharePoint Online and OneDrive for Business. This makes it easier to understand the business impact of your DLP polices and uncover actions that violate policies across multiple workloads. To view the report of your DLP policies, you are required to perform the following steps.

Setting up Unified Data Loss Prevention Policies in Office 365

DLP Policy matches will give you a unified report of your DLP policies across all platform.

View OneDrive for Business files of a user in Office 365

Introduction to OneDrive for Business

OneDrive for Business is an integral part of Office 365 or SharePoint Server, and provides place in the cloud where you can store, share, and sync your work files. You can update and share your files from any device with OneDrive for Business. You can even work on Office documents with others at the same time.

OneDrive for Business is different from OneDrive, which is intended for personal storage separate from your workplace. OneDrive for Business is also different from your Office 365 team site, which is intended for storing team or project-related documents. OneDrive for business provides 1TB of personal storage to a user.

Sometimes when a user leaves the organization or for any reason, administrator is being asked to access users OneDrive for Business environment or monitor the activities of user in his personal space given by Office 365 as part of organizational subscription. Recently i came across a scenario where a user reported that he is unable to access his OneDrive for Business content after a tenant migration and i was being asked to verify the content still exist in source tenant. I didn’t have the credentials of user account. As we all know, OneDrive for Business is SharePoint Online under the hood. By default only the user has administrative access of his OneDrive for Business as its a personal storage. If you open OneDrive for Business for another user you can only see files that are shared with you or everyone.

View OneDrive for Business files of a user

To view OneDrive for Business documents of a user, we need to have administrative access to My Site of user as OneDrive For Business stores the content of user in “My Site”. Below are the steps that you need to perform to gain the access.

  • Login to Office 365 tenant using Global Admin account
  • Navigate to SharePoint Admin Center from Office 365 admin centers

View OneDrive for Business files of a user

 

  • Under SharePoint admin Center, Select “User Profiles” on the left

View OneDrive for Business files of a user

 

  • Under user profiles, click on “Manage User Profiles”

View OneDrive for Business files of a user

 

  • Search for the user account to whom you would like to have access and click on “Manage site collection owners”

View OneDrive for Business files of a user

  • Add the user account to whom you would like to provide access to user OneDrive for Business

View OneDrive for Business files of a user

  • Once you’ve assigned the permissions, Click on “Manage Personal site” 

View OneDrive for Business files of a user

  • Under “Manage Personal Site” click on Documents to view the documents of the user stored in OneDrive for Business

View OneDrive for Business files of a user

  • As you can see, I’m logged in with a user “Riaz Javed Butt” and can view the OneDrive for Business content of user “Phil Garcia”.

View OneDrive for Business files of a user