One of the key tenets of our approach to security with Office 365 is to give you the right set of tools and services to address your organization’s specific security and compliance needs. Data loss prevention (DLP) is a critical part of the security capabilities we’ve built right into Office 365. We first rolled out DLP  in Exchange and Outlook and then expanded into Outlook Web App (OWA), adding new features along the way, such as policy tips in OWA and document fingerprinting.

But people collaborate and share sensitive information in many ways beyond email. For example, they might have sensitive content in Word documents or Excel spreadsheets created in client applications, and then share those documents with others in SharePoint or OneDrive for Business. As we enhance the collaboration capabilities within Office 365, we also want to make it easier for you to control your data and act on it in real-time. With this, we are pleased to announce the expansion of DLP across Office 365 and beyond.


DLP in SharePoint Online and OneDrive for Business

Over the past few months, we’ve introduced new DLP capabilities in SharePoint Online and OneDrive for Business, allowing you to search for sensitive content through eDiscovery. We are now releasing active policy evaluation and enforcement on your sensitive data in SharePoint Online and OneDrive for Business. This includes policy actions to restrict and block access, as well as user education with email notifications. These capabilities will be rolled out over the coming months to eligible tenants worldwide, with additional policy controls and actions like Information Rights Management, coming in the first quarter of 2015.

DLP in Office 365 to protect Windows classified content

Windows File Server has had file classification infrastructure (FCI) for some time now. Starting in the first quarter of 2015, we are enabling the detection of Windows FCI content classifications for Office documents in Exchange Online, SharePoint Online and OneDrive for Business. This includes the full range of FCI content classifications, from automatic to manual content tagging. For example, you will be able to create an Exchange transport rule that is able to detect the FCI classified Office document as Protected Health Information, and apply appropriate action to prevent disclosure. Over time we will expand on this capability so you can educate your users in real-time with policy education and centrally manage the policies from Office 365 Compliance Center.

DLP in Office applications

Starting in early 2015, we will enable DLP natively in Microsoft applications that your users are very familiar with. This will enable you to enforce polices for content creation and sharing rights at the time of content creation, and will provide users with policy tips, similar to the experience they already receive in Outlook and OWA when they try to share sensitive content. Excel will receive this application initially, and then we will introduce similar capabilities for Word and PowerPoint later in 2015.

With these new DLP capabilities, you can have complete control to protect sensitive information anywhere in your organization. Whether in email, a document library, an OneDrive for Business folder or in an actual Office file itself—DLP in Office 365 will help you identify, monitor and proactively protect sensitive information and empower your users to make informed, secure choices.

Have questions? Join our YamJam to ask them

On Thursday, November 6th, the Office 365 Technical Network will host a DLP YamJam from 9:00 – 10:00 a.m. PDT / 4:00 – 5:00 p.m. UTC to discuss the announcements in this blog post about our expansion of DLP in Office 365. For those unfamiliar with a YamJam, it is similar to a “TweetJam” on Twitter or an “Ask Me Anything (AMA)” on Reddit, except it takes place on Yammer. It provides the opportunity for the community to ask questions and have a discussion with a panel of Microsoft experts on a particular topic.

Here’s how to participate:

  1. Request access to the Office 365 Technical Network. All requests will be approved as quickly as possible.
  2. Join the “Security & Compliance” group. You can find it through by using the Browse Groups function, or through the search bar.
  3. Log in at 9:00 – 10:00 a.m. PDT / 4:00 – 5:00 p.m. UTC on Thursday, November 6th to ask questions and get answers and perspective from the Microsoft team that built the product. The hashtag #dlp will be used in the conversation.


Published: 10/28/2014 12:23