How to Create a Data Loss Prevention (DLP) Policy in Microsoft 365

Protecting sensitive data isn't just important, it's essential. Microsoft 365's Data Loss Prevention (DLP) is an effective solution that helps stop the accidental sharing of confidential information. By using DLP (Data Loss Prevention) policies, we can detect, monitor, and automatically protect sensitive information in E-mails, Teams chats and SharePoint/OneDrive files.

As data breaches become more frequent and regulations like GDPR require strict data protection, DLP acts as a proactive approach to ensure compliance. It lowers the chances of expensive data leaks and encourages a culture of security awareness among staff. In short, DLP is essential for strengthening an organisation's defences against both internal and external threats.

This is a short article on how to create a custom DLP policy. We start by accessing our Microsoft 365 Compliance Center and then to Solutions > Information Protection > Data Loss Prevention.

Microsoft 365 Data Loss Prevention (DLP) policies dashboard showing compliance rules for GDPR, HIPAA, and custom data protection. The interface displays policy status indicators, configuration settings, and monitoring options. Filters and tabs help manage security policies to protect sensitive business data and meet regulatory compliance requirements

On the Policies page, click on Create policy and choose from the available templates or create a custom policy. In the section for choosing where to apply the policy, select the locations you wish to have protected by the DLP policy.

Interface for configuring Microsoft 365 Data Loss Prevention (DLP) policy locations. Shows options to apply the policy to Exchange email, SharePoint, OneDrive, Teams messages, and devices. Each location has toggles for enabling protection, with include/exclude filters for accounts or groups. Designed to safeguard sensitive data and meet compliance requirements

On the Define policy settings, you can choose Review and customize default settings from the template, or Create or customize advanced DLP rules.

Azure and Microsoft 365 Data Loss Prevention (DLP) policy configuration interface, showing options to either use default template settings,such as Credit Card Number, U.S. Bank Account Number, and ABA Routing Number,or create advanced DLP rules. Helps administrators manage sensitive data protection across cloud environments.

The Info to protect page will show the current conditions set for the policy based on the template. If you need to make changes to meet business needs, click on Edit. On the Protection actions page, choose the actions you want the system to take in addition to making detailed activity reports. Then, click Next.

Policy Mode Page. Azure DLP configuration screen showing protection actions like alerts, incident reports, and sensitive info detection with rule thresholds.

On the Policy mode page, decide if you want to enable the policy immediately, test it first, or keep it disabled. Then, press Next.

Incident Reports and Alerts. Azure DLP policy mode options: test mode with alerts and tips, active enforcement, or disabled setting.

Next step would be establishing Incident Reports and Alerts where we are determining the recipients of incident reports and alerts when the policy is triggered. Before applying the policy, evaluate it to confirm it operates as intended. Start in Test mode to observe actions without restricting content. Review the results and refine the policy settings if required. The final step is to apply the policy. When you are happy with how the policy is set up, change it from Test mode to Turn it on right away mode. Keep an eye on the policy and make changes as necessary to enhance its performance.

This guide provides a brief overview of the steps to create a DLP policy. For more detailed instructions, best practices, and additional configuration options, please refer to the official Microsoft documentation at the link Create and deploy a data loss prevention policy | Microsoft Learn