Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #252 from MicrosoftDocs/master
PR 251
- Loading branch information
Showing
14 changed files
with
189 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
microsoft-365/enterprise/infoprotect-data-loss-prevention.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
title: "Step 5: Configure Office 365 Data Loss Prevention" | ||
ms.author: josephd | ||
author: JoeDavies-MSFT | ||
manager: laurawi | ||
ms.date: 04/25/2019 | ||
ms.audience: ITPro | ||
ms.topic: article | ||
ms.service: o365-solutions | ||
localization_priority: Priority | ||
ms.collection: | ||
- M365-security-compliance | ||
- Strat_O365_Enterprise | ||
ms.custom: | ||
description: Understand and deploy Office 365 Data Loss Prevention in Microsoft 365. | ||
--- | ||
|
||
# Step 5: Configure Office 365 Data Loss Prevention | ||
|
||
*This step is optional and applies to both the E3 and E5 versions of Microsoft 365 Enterprise* | ||
|
||
![](./media/deploy-foundation-infrastructure/infoprotection_icon-small.png) | ||
|
||
With data loss prevention (DLP) policies in the Office 365 Security & Compliance center, you can identify, monitor, and automatically protect sensitive information across Microsoft 365. With DLP policies, you can: | ||
|
||
- Identify sensitive information across many locations, such as Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. | ||
- Prevent the accidental sharing of sensitive information by blocking access to a document or blocking the email that contains it. | ||
- Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint, and Word. | ||
- Help users learn how to stay compliant without interrupting their workflow with email notifications and policy tips. | ||
- View DLP reports showing content that matches your organization's DLP policies. | ||
|
||
A DLP policy specifies: | ||
|
||
- **Where:** Locations such as Exchange Online, SharePoint Online, and OneDrive for Business sites, as well as Microsoft Teams chats and channels. | ||
- **When:** Conditions the content must match within a specific policy rule. | ||
- **How:** Actions within that matching policy rule to take automatically for the matching conditions. | ||
|
||
In other words: | ||
|
||
- For a document in this location (where), if the content matches the conditions of a rule (when), then automatically take the actions specified in the rule (how). | ||
|
||
To determine the set of DLP policies you need, you must analyze your documents and the types of data within them that need protection from data loss. For example, if you are a financial organization in the United States of America, you would create a DLP policy that prevents documents with social security numbers from being shared outside the organization or sent in email to locations outside the organization. | ||
|
||
Next, you configure and test the policies with test locations to ensure the correct DLP behavior and to minimize false positives. | ||
|
||
Finally, you roll it out to your organization by informing the employees of the new policies and their desired behavior and widening the scope of the locations. | ||
|
||
For more information, see [Get started with DLP policy recommendations](https://docs.microsoft.com/office365/securitycompliance/get-started-with-dlp-policy-recommendations). | ||
|
||
As an interim checkpoint, see the [exit criteria](infoprotect-exit-criteria.md#crit-infoprotect-step5) corresponding to this step. | ||
|
||
## Next step | ||
|
||
|
||
||| | ||
|:-------|:-----| | ||
|![](./media/stepnumbers/Step6.png)|[Configure privileged access management for Office 365](infoprotect-configure-privileged-access-management.md)| | ||
|
||
|
50 changes: 50 additions & 0 deletions
50
microsoft-365/enterprise/infoprotect-deploy-windows-information-protection.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
--- | ||
title: "Step 4: Configure Windows Information Protection" | ||
ms.author: josephd | ||
author: JoeDavies-MSFT | ||
manager: laurawi | ||
ms.date: 04/25/2019 | ||
ms.audience: ITPro | ||
ms.topic: article | ||
ms.service: o365-solutions | ||
localization_priority: Priority | ||
ms.collection: | ||
- M365-security-compliance | ||
- Strat_O365_Enterprise | ||
ms.custom: | ||
description: Understand and deploy Windows Information Protection in Microsoft 365. | ||
--- | ||
|
||
# Step 4: Configure Windows Information Protection | ||
|
||
*This step is optional and applies to both the E3 and E5 versions of Microsoft 365 Enterprise* | ||
|
||
![](./media/deploy-foundation-infrastructure/infoprotection_icon-small.png) | ||
|
||
With more personal devices being used for work, there’s increased risk for apps and devices to leak private organization data. For example, an employee inadvertently sends a picture of a marketing plan for a future product to a social media site or saves a file containing highly confidential information to their public cloud storage. | ||
|
||
Windows Information Protection (WIP) helps protect against these types of data leakage on Windows 10 devices. For more information, see [Protect your enterprise data using WIP](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). | ||
|
||
In Microsoft 365 Enterprise, WIP is a combination of Windows 10 Enterprise and Microsoft Intune, which is included with Enterprise Mobility + Security (EMS) in your subscription. | ||
|
||
To deploy WIP in your organization with Microsoft 365 Enterprise: | ||
|
||
1. Enroll your Windows devices in Intune. You should have done this in [Phase 4: Mobile Device Management](mobility-infrastructure.md). | ||
2. Create an [Intune policy for WIP](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure). | ||
- Ensure that you have filled out your Protected apps list. | ||
- Choose your WIP protection level. | ||
|
||
You can also use WIP with [System Center Configuration Manager](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm). | ||
|
||
See [WIP best practices]( https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip) for more information. | ||
|
||
As an interim checkpoint, see the [exit criteria](infoprotect-exit-criteria.md#crit-infoprotect-step4) corresponding to this step. | ||
|
||
## Next step | ||
|
||
|
||
||| | ||
|:-------|:-----| | ||
|![](./media/stepnumbers/Step5.png)|[Configure Office 365 Data Loss Prevention](infoprotect-data-loss-prevention.md)| | ||
|
||
|
Oops, something went wrong.