Thank you so much for all your videos. Great explanations. Also, I really enjoyed the one you did for Microsoft 365 Endpoint which really helped me during my interview.
Why do we need DLP if we have Labels? I am unable to understand the exact use case here because it looks Labels have the capability of Labelling as well as protecting.
Hi Andy, Thank you very much for this video explanation, However I want to ask you about the DLP policy override, I have restrict the actions to send an email externally. But allow user override the policy. In this scenario, if the user override the policy, will the email delivered to the external recipient or will it get blocked ? Really appreciate your support here. Thank you
With the override option you’re basically authorising your user to send the message. So yes, the recipient would receive the message. But, the sender would need to input a reason, which would then be audited. I hope this makes sense 👍
Hi Andy. Does DLP extend to protecting local files in the computer? Like what happens if a file is stored locally then transferred to a usb drive? And should I choose DLP or Azure information protection?
Windows server has a service called the file, classification service or FCS. This combines with RMS or rights management services. There is a connector that you can install locally which allows you to copy files across from on premises into SharePoint. The files meta data will include any DLP policies and adjust them accordingly in the cloud. Check out docs.microsoft.com for more details. Thanks again.
I would be very interested to see a video that looks under the hood of the DLP for example how does it work for example where are the matching tables for the data saved how does the matching engines work , where in the file structure is the Data Label added etc Are there any best practice recommendations for setting up the EDM and then applying them in a Small or Medium size firm etc
Thanks so much. You know I’m not a developer. However, you may want to look at the graph API or even the security graph API. There is also a tool called the graph API explorer which you may find useful.
I'm currently trying to implement a couple of sensitivity labels with client side auto-labelling enabled. I published the policy to a few users on Wednesday and so far the auto-label feature has only trickled out to the Excel desktop clients and the word web client when tested. I know these things aren't instant in 365 but 5 days and counting is really testing my patience.. Once done I eventually hope to hook the labels into DLP policies as a fallback to prevent data leaking out in the event of users mislabelling
That is unusual. It could either be a licensing issue, but if not it sounds like a technical problem. I would submit a support ticket. Thanks again for the comment and great to have you on board
I've spent an hour on the phone with Microsoft checking the configuration, which is all fine. The label just stubbornly refuses to work in Word/Outlook/PowerPoint. They have run a resync on the tenant I'm told so I'll need to sit tight and await the outcome. I'll update this thread if we ever get to a resolution in case anyone else happens to come across this situation in future.
Absolutely brilliant, you explain really well for a newbie like me. I would appreciate if you create a playlist on videos to go through in sequence for data protection and governance (MIP/DLP/MDM/MAM). How does right management works on M365, is it ON by default?
Hey thanks for the nice comments I really appreciate it. I have created a bunch of playlists, and I hope that the content is in a reasonable order. However, as an instructor I’m sure you will appreciate that I cannot put everything in sequential order. I would never work again! And I’m not ready to retire yet LOL
Great video and thank you. When I go to test a sensitive info type by opening it up and click TEST and upload a file which contains the words aba routing and a legit routing number, the test states "no sensitive content was found" ? I can't seem to trigger a simple info type? Have you run thru this test and/or would have an idea why a simple file with "aba routing" and a routing number in the file I am loading will not trigger? I would like to see it work in action to better understand. Thank you
I understand your frustration, however you should know actually can take up to 72 hours in order for this to work. If you have no luck after let’s say, a couple of days I would put in a support ticket and I’m sure somebody can help you. Thanks so much for visiting the channel and I really appreciate it.
I tried policy tips in email but they don't appear to work for attachments that contain PII prior to the email being sent like they do for PII detected in the body of the email. Is that your experience? Thx
Hello Andy, when i don't have the option Data loss prevention in mij compliance menu, what am i missing? I have a Microsoft 365 Business Standard license at this moment.
This feature is not supplied in standard, however you do get limited features in business premium. The full feature is only available with E5 plus EM&S
Hello sir. Awesome content. I am new to DLP and maybe get a job working in the area. What would you recommend I can get my hands on to get some hands-on experience and practice? Thanks a lot for your time.
Hi Andy, as others have stated some great content on there. I haven't seen much content on implementing DLP and Classification on Azure Files and was wondering if this is something you may be looking into since the release of Purview. Thanks MP
To be honest Michael DLP in Microsoft 365 is very similar to DLP in Microsoft azure. The technology is the same. I covered this topic in a number of other videos, you may want to check them out on my site. But yes, the next time I feel that an update is due I will certainly take your comments on board. Many thanks, and I’m delighted to have you on board.
I highly recommend your channel and already subscribe. I have one scenario based query. In my current organization if any user saves document in pdf from print , an alert is triggered. Is there any process to bypass this.. Please help me out resolving this query.
Hi thanks for the question. There must be a setting somewhere that’s triggering this. At the moment I can’t think for the life of me where it would be. Have you checked out docs.microsoft.com? This is where you find the definitive information that you need. I will try and investigate this further for you and if I find anything, I’ll report back. Thanks again
@@royalrein5314 I'l try but I'd reach out to Microsoft support as I do not provide product support on my channel. I hope you understand, I'm just crazy busy. Sorry.
@@govind7394 search you’ll have to study materials which you can find learn.microsoft.com. You can also book the exam here as well. Good luck and all the best
@@AndyMaloneMVP HI Andy, Thank you for your reply. I am talking about click to run outlook on which it does not work. Please share MS article where it says "Other version require that you download a Client"
@@bhaskarsharma9450 My apologies, I don’t have time to search the web for every question I receive. That said if you search in docs.microsoft.com I’m sure your answer will be there. Ensure that you specify to run software. It’s also important to know that if you are deploying this as an Azure active directory client it can be managed in InTune and you would need an appropriate license. As I’ve said on my channel I cannot provide product support for every product, I hope you understand thanks again and all the best
@@bhaskarsharma9450 this is a good start. If you have continued problems I'd submit a support ticket. I'm sorry I cannot provide technical support. docs.microsoft.com/en-us/office365/troubleshoot/data-loss-prevention/data-loss-prevention-policy-tips#:~:text=In%20Outlook%2C%20select%20File%20%3E%20Options,tip%20notification%20option%20is%20selected. www.c-sharpcorner.com/blogs/office-365-dlp-not-working-office-365-data-loss-prevention-measures
I am addicted to your videos Sir.
Andy might be the most pleasant RUclipsr there is. And good content also.. highly recommended for cert prep..
Aw what a lovely thing to say I really appreciate that. And I’m delighted to have you on board. All the best, Andy.👍😊
Thank you so much for all your videos. Great explanations. Also, I really enjoyed the one you did for Microsoft 365 Endpoint which really helped me during my interview.
Hey, that’s awesome, thanks so much for the feedback 👍
How can I verify the DLP or Label Data encryptions?
Thank you for video.
learn.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide
You are the best.
My all best wishes for you.liked and subscribed your channel.
Thank you so much 😀 it's much appreciated
Why do we need DLP if we have Labels? I am unable to understand the exact use case here because it looks Labels have the capability of Labelling as well as protecting.
Labelling is something that is user controlled. Whereas DLP is rule based and can be applied either automatically or manually.
Is there any settings needs to be enable to link up with Microsoft Intune and Microsoft Purview Compliance for Endpoint DLP ?
Yes, there is an agent that you can install. Look in the settings page in Microsoft Per Vue and you’ll see the agent for data loss prevention.
Hi Andy. Great Video. Thanks a lot.
Glad you enjoyed it
Hi Andy, Thank you very much for this video explanation, However I want to ask you about the DLP policy override,
I have restrict the actions to send an email externally. But allow user override the policy.
In this scenario, if the user override the policy, will the email delivered to the external recipient or will it get blocked ?
Really appreciate your support here.
Thank you
With the override option you’re basically authorising your user to send the message. So yes, the recipient would receive the message. But, the sender would need to input a reason, which would then be audited. I hope this makes sense 👍
@@AndyMaloneMVP Thank you very much Andi
Hi Andy. Does DLP extend to protecting local files in the computer? Like what happens if a file is stored locally then transferred to a usb drive? And should I choose DLP or Azure information protection?
Windows server has a service called the file, classification service or FCS. This combines with RMS or rights management services. There is a connector that you can install locally which allows you to copy files across from on premises into SharePoint. The files meta data will include any DLP policies and adjust them accordingly in the cloud. Check out docs.microsoft.com for more details. Thanks again.
@@AndyMaloneMVP thanks Andy. As always 🙂
I would be very interested to see a video that looks under the hood of the DLP for example how does it work for example where are the matching tables for the data saved how does the matching engines work , where in the file structure is the Data Label added etc Are there any best practice recommendations for setting up the EDM and then applying them in a Small or Medium size firm etc
This is the definitive source of info. docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
Excelent video!!! thanks for share your knowledge. :)
You’re most welcome 🎉👍😊
Thanks Andy. I did enjoy this one. Are you aware of any way. To apply these programmatically?
Thanks so much. You know I’m not a developer. However, you may want to look at the graph API or even the security graph API. There is also a tool called the graph API explorer which you may find useful.
Thanks for the video. I’m sure it will help me with this MS Cert I am working on getting.
That’s awesome to hear and the very best of luck 👍😊
I'm currently trying to implement a couple of sensitivity labels with client side auto-labelling enabled. I published the policy to a few users on Wednesday and so far the auto-label feature has only trickled out to the Excel desktop clients and the word web client when tested. I know these things aren't instant in 365 but 5 days and counting is really testing my patience.. Once done I eventually hope to hook the labels into DLP policies as a fallback to prevent data leaking out in the event of users mislabelling
That is unusual. It could either be a licensing issue, but if not it sounds like a technical problem. I would submit a support ticket. Thanks again for the comment and great to have you on board
I've spent an hour on the phone with Microsoft checking the configuration, which is all fine. The label just stubbornly refuses to work in Word/Outlook/PowerPoint. They have run a resync on the tenant I'm told so I'll need to sit tight and await the outcome. I'll update this thread if we ever get to a resolution in case anyone else happens to come across this situation in future.
@@gdr1174 please do I’d be interested to know you’re resolution.
Absolutely brilliant, you explain really well for a newbie like me. I would appreciate if you create a playlist on videos to go through in sequence for data protection and governance (MIP/DLP/MDM/MAM). How does right management works on M365, is it ON by default?
Hey thanks for the nice comments I really appreciate it. I have created a bunch of playlists, and I hope that the content is in a reasonable order. However, as an instructor I’m sure you will appreciate that I cannot put everything in sequential order. I would never work again! And I’m not ready to retire yet LOL
Ah but if I did that I'd never get any work ;-D Also in class most courses do not teach these in any particular order
Great video and thank you. When I go to test a sensitive info type by opening it up and click TEST and upload a file which contains the words aba routing and a legit routing number, the test states "no sensitive content was found" ? I can't seem to trigger a simple info type? Have you run thru this test and/or would have an idea why a simple file with "aba routing" and a routing number in the file I am loading will not trigger? I would like to see it work in action to better understand. Thank you
I understand your frustration, however you should know actually can take up to 72 hours in order for this to work. If you have no luck after let’s say, a couple of days I would put in a support ticket and I’m sure somebody can help you. Thanks so much for visiting the channel and I really appreciate it.
I tried policy tips in email but they don't appear to work for attachments that contain PII prior to the email being sent like they do for PII detected in the body of the email. Is that your experience? Thx
Check your users are licensed and also it can take up to 24 hours to propagate
Hello Andy, when i don't have the option Data loss prevention in mij compliance menu, what am i missing? I have a Microsoft 365 Business Standard license at this moment.
This feature is not supplied in standard, however you do get limited features in business premium. The full feature is only available with E5 plus EM&S
Hello sir. Awesome content. I am new to DLP and maybe get a job working in the area. What would you recommend I can get my hands on to get some hands-on experience and practice? Thanks a lot for your time.
Creat a free E5 trial subscription with O365 and practice. You don’t need a credit card and will get 30 days of free practice 😀🎉
Hi Andy, as others have stated some great content on there. I haven't seen much content on implementing DLP and Classification on Azure Files and was wondering if this is something you may be looking into since the release of Purview. Thanks MP
To be honest Michael DLP in Microsoft 365 is very similar to DLP in Microsoft azure. The technology is the same. I covered this topic in a number of other videos, you may want to check them out on my site. But yes, the next time I feel that an update is due I will certainly take your comments on board. Many thanks, and I’m delighted to have you on board.
you should have created how it looks at the end user level
It's help me lot thanks buddy
Great content!! thank you!
You are very welcome thanks very much
Very interesting video. Thanks for the support of Ukraine.
You’re welcome, and my pleasure
@@AndyMaloneMVP Now I'm setting up DLP for my organization. your video helped a lot thanks
I would love to hear what dlp policies healthcare IT admins are using.
There are policies for healthcare customers. Have you seen them?
@@AndyMaloneMVP yessir but curious what other custom ones healthcare folks may have setup too.
@@jstump1972 Not sure I’m afraid, it’s not really my area, I’m not a healthcare professional.
@@AndyMaloneMVP I understand sir, which is why I asked what other healthcare admins are doing in that space lol
@@jstump1972 fair enough 😀
I highly recommend your channel and already subscribe. I have one scenario based query. In my current organization if any user saves document in pdf from print , an alert is triggered. Is there any process to bypass this.. Please help me out resolving this query.
Hi thanks for the question. There must be a setting somewhere that’s triggering this. At the moment I can’t think for the life of me where it would be. Have you checked out docs.microsoft.com? This is where you find the definitive information that you need. I will try and investigate this further for you and if I find anything, I’ll report back. Thanks again
Thanks Andy for prompt response. Unfortunately I don't find any such option. It would be great help if you kindly come up with solutions
@@royalrein5314 I'l try but I'd reach out to Microsoft support as I do not provide product support on my channel. I hope you understand, I'm just crazy busy. Sorry.
Hello Sir, I want to know as a support engineer, how can I troubleshoot dlp related issues
Take Microsoft course SC-400 to learn all you need to know
@@AndyMaloneMVP ok..how much it costs and how to get it
@@govind7394 search you’ll have to study materials which you can find learn.microsoft.com. You can also book the exam here as well. Good luck and all the best
informative content 😊
Appreciate your comment
Custom dlp policy tip does not work with outlook client with any version and built.
It works with 2016 and 2019 versions. Other versions require that you download a Client. Check out Microsoft Docs for more details
@@AndyMaloneMVP HI Andy, Thank you for your reply. I am talking about click to run outlook on which it does not work. Please share MS article where it says "Other version require that you download a Client"
@@bhaskarsharma9450 My apologies, I don’t have time to search the web for every question I receive. That said if you search in docs.microsoft.com I’m sure your answer will be there. Ensure that you specify to run software. It’s also important to know that if you are deploying this as an Azure active directory client it can be managed in InTune and you would need an appropriate license. As I’ve said on my channel I cannot provide product support for every product, I hope you understand thanks again and all the best
@@bhaskarsharma9450 this is a good start. If you have continued problems I'd submit a support ticket. I'm sorry I cannot provide technical support. docs.microsoft.com/en-us/office365/troubleshoot/data-loss-prevention/data-loss-prevention-policy-tips#:~:text=In%20Outlook%2C%20select%20File%20%3E%20Options,tip%20notification%20option%20is%20selected. www.c-sharpcorner.com/blogs/office-365-dlp-not-working-office-365-data-loss-prevention-measures
Is there a way to prevent external senders from getting notified when they send sensitive information, I mean outside of the organization.
Probably, there is probably a rule. I’m not familiar with every single rule though. 👍