Administration, OneDrive for Business, Security and Compliance, SharePoint

Office 365 Data Loss Prevention Block Access with SharePoint and OneDrive

Last week we announced Office 365 Data Loss Prevention Block Access (https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Policy-Tips-in-SharePoint-Online-and-OneDrive-for-Business-at/ba-p/116158) with SharePoint Online and OneDrive for Business.  Office 365 Data Loss Prevention Block Access prevents the potential for overexposure of sensitive information by allowing a Tenant administrator to configure Data Loss Prevention Policies limiting how and with whom sensitive information can be shared.

For example, if a document is determined to contain sensitive information, for example U.S. Financial Data, a DLP policy can prevent that information from being shared externally or with guests while providing real-time policy information to the user attempting to initiate the share.

Users are presented with a Policy Tip when viewing information about the document in addition to the option to view the specific policy that limits sharing of the document.

In addition, if the user attempts to share content that violates the policy configuration, they are notified at the time of sharing with a Policy Tip and link to additional information.

Configuring Office 365 Data Loss Prevention Block Access policies in the Security and Compliance Center

To configure Office 365 Data Loss Prevention Block Access policies browse to https://protection.office.com/, and expand Data loss prevention.

Under Data loss prevention select Policy.

Select Create new policy to create a policy and choose from one of the available templates.

Provide a Name and Optional description of the policy and click Next.

Select one or more locations to protect and click Next.

Under Policy settings select Detect when this content is shared: and choose With people outside of my organization and click Next.

On the What do you want to do if we detect sensitive info? dialog select Restrict who can access to the content and override the policy and click Next.

Optionally you can configure additional settings for the policy such as:

  • The ability to block specific people from accessing sensitive content that meets the criteria of the policy.
  • Allowing policy override with or without business justification.

Click Next to save the policy settings.

On the Review your settings page, click Create to save and apply the policy.

Configuring Existing DLP Policies

In addition to the creation of new policies, a Tenant administrator can use Windows PowerShell to configure existing data loss prevention policies for block access.

To update one or more existing policies, connect to Office 365 Security and Compliance Center PowerShell, refer to the Windows PowerShell example below:

Get-DlpComplianceRule | Where-Object {$_.BlockAccess -eq 'true' -and $_.BlockAccessScope -ne 'PerUser' -and $_.AccessScope -eq 'NotInOrganization' -and $_.NotifyUser -ne ''} | Set-DLPComplianceRule -BlockAccessScope 'PerUser'

NOTE

The script above will turn any DLP policy rules that previously blocked everyone (except Last Modifier, Owner, and Site Administrator) into a rule that only blocks access to external users.

Resources

To learn more about data loss preventions policies in Office 365 visit Overview of data loss prevention policies at https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e.

Standard
Security and Compliance

Unified eDiscovery and Data Loss Prevention in Office 365 Recap and Updates

Unified eDiscovery and Data Loss Prevention in Office 365 allows Tenant Administrators to create, manage, and secure content from a unified console (Office 365 Security and Compliance Center).

To date, Tenant Administrators have had to manage Data Loss Prevention for SharePoint, OneDrive for Business, and Exchange in two separate locations, the Office 365 Security and Compliance Center and the Exchange Admin Center respectively.  In January 2017, Data Loss Prevention was centralized for SharePoint, OneDrive for Business and Exchange in the Office 365 Security and Compliance Center.  This unified Data Loss Prevention platform allows you to manage a variety of Office 365 scenarios through a single management layer – reducing time spent configuring and organizing policies across tools.

sc-all

On July 1st, 2017 eDiscovery will also be unified in the Office 365 Security and Compliance Center.  After July 1st, 2017 the ability to create new In-Place eDiscovery searches and In-Place Holds (*-MailboxSearch) in the Exchange Admin Center in Exchange Online and the creation of new cases in the eDiscovery Center in SharePoint Online will be disabled and new cases and searches should be created and managed through the Office 365 Security & Compliance Center to fulfill eDiscovery needs. In both cases, you will still be able to edit and run existing searches in the Exchange Admin Center and work with existing cases in the SharePoint eDiscovery Center.

sc-disc-all

These discrete solutions are being disabled due to their limited breadth across Office 365 services.  The Security & Compliance Center supports permissions, cases, holds and exports as well as Advanced eDiscovery features such as Themes, Email Threading, Near Duplicate Detections, and Predictive coding.  These changes only apply to the Exchange Admin Center in Exchange Online and the eDiscovery Center in SharePoint Online.

These changes do not impact any existing policies, searches or holds created via the EAC, and you will still be able to create new email DLP policies in the EAC (you will not be able to create new eDiscovery searches and In-Place Holds after July 1, 2017). However, it’s recommended to use the new DLP management experience in the Office 365 Security and Compliance Center, as this is where new capabilities will be delivered in the future.

Resources

Learn more about the Office 365 Security and Compliance Center at https://support.office.com/en-us/article/Office-365-Security-Compliance-Center-7e696a40-b86b-4a20-afcc-559218b7b1b8.

Learn more about eDiscovery in Office 365 at https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bfce?ui=en-US&rs=en-US&ad=US.

Learn more about Data Loss Prevention in Office 365 at https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e.

FAQ

Where can I learn more about eDiscovery in the Office 365 Security & Compliance Center?
https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf…

Where can I learn more about Advanced eDiscovery in Office 365?
https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf…

Does this change my Office 365 pricing or plan?
Although Advanced eDiscovery requires E5 Licensing, the base eDiscovery offering is available for all enterprise plans.

When will this happen?
New cases in the eDiscovery Center in SharePoint Online and new In-Place eDiscovery searches and holds in the Exchange Admin Center will be disabled on July 1, 2017. This might vary slightly based on the actual deployment schedule.

Will I still have access to my existing cases in the SharePoint eDiscovery Center?
Yes, you can continue to interact will all existing cases, you can add searches, holds and export from these cases.  We are only removing the ability to add new cases.  All new cases should be created in the Security & Compliance Center. For more information, see Manage eDiscovery cases in the Office 365 Security & Compliance Center.

Will I still have access to my existing searches and holds in the Exchange Admin Center?
Yes, you can continue to interact with all existing searches and holds in the Exchange Admin Center.  We are only removing the capability to create new searches.  All new searches should be created in the Security & Compliance Center. For more information, see Run a Content Search in the Office 365 Security & Compliance Center.

I use the Exchange Admin Center or SharePoint eDiscovery Center for Retention and Preservation, how do I do this now?
The Security & Compliance Center has a full set of features for preserving content. For more information, see Overview of preservation policies.

Can I migrate searches in the Exchange Admin Center or cases in the SharePoint eDiscovery Center to the Security & Compliance Center?
No. eDiscovery cases in the Security & Compliance Center and cases in the eDiscovery Center in SharePoint Online are completely different objects, and their underlying architecture is also different. The same is true for In-Place eDiscovery searches in the Exchange Admin Center and Content Searches the Security & Compliance Center. Thus, existing cases and searches can’t be migrated to the Security & Compliance Center. If you have existing cases in the eDiscovery Center, we recommend that you continue to manage them in the eDiscovery Center until they are completed and you close them. If you need to support a new legal investigation in your organization, we recommend that you use eDiscovery cases in the Security & Compliance Center.

If you have existing searches in the Exchange Admin Center, you can create a corresponding Content Search in the Security & Compliance Center.

What about my existing holds, will they continue to preserve data?
Yes, all existing holds from the Exchange Admin Center and eDiscovery Center will continue to hold content. Only the creation of new In-Place Holds in the Exchange Admin Center and new cases in the SharePoint eDiscovery center are being disabled.

How do I get access to the Security & Compliance Center?
By default, global administrators have access to the Security & Compliance Center. Administrators can assign permissions to other users so they can the eDiscovery tools in the Security & Compliance Center.

How do I access the Security & Compliance Center?
You can navigate directly from https://protection.office.com/ or from the app launcher, choose the Security & Compliance tile.

Standard