Skilling Tasks

Tasks:

  1. Create a DLP policy in simulation mode
  2. Modify a DLP policy
  3. Create a DLP policy in PowerShell
  4. Activate a policy in simulation mode

Task 1 – Create a DLP policy in simulation mode

In this exercise, you’ll create a data loss prevention (DLP) policy to protect sensitive data from being shared by users. The DLP policy that you create will inform your users if they want to share content that contains credit card information and allow them to provide a justification for sending this information. The policy will be implemented in simulation mode because you don’t want the block action to affect your users yet.

  1. In Microsoft Edge, navigate to https://purview.microsoft.com and log into the Microsoft Purview portal as the user you selected to have Compliance Administrator rights.

  2. Select Solutions from the left sidebar, then select Data Loss Prevention.

  3. On the left sidebar, select Policies.

  4. On the Policies page, select + Create policy to start the configuration for creating a new data loss prevention policy.

  5. On the Start with a template or create a custom policy page, select Custom as the category, then select Custom policy under Regulations.

  6. Select Next.

  7. On the Name your DLP policy page enter:

    • Name: Credit Card DLP Policy
    • Description: Protect credit card numbers from being shared

  8. Select Next.

  9. On the Assign admin units page select Next.

  10. On the Choose locations to apply the policy page, enable the location for Teams chat and channel messages only. If any other locations are selected, deselect them.

  11. Select Next.

  12. On the Define policy settings page, select Create or customize advanced DLP rules, then select Next.

  13. On the Customize advanced DLP rules page, select + Create rule.

  14. On the Create rule flyout page, enter Credit card information as name in the Name field.

  15. Under Conditions, select + Add Condition, then select Content contains.

  16. In the new Content contains area, select Add, then select Sensitive info types.

  17. On the Sensitive info types page, select Credit Card Number then select Add.

  18. Select + Add condition, then select Content is shared from Microsoft 365.

  19. In the new Content is shared from Microsoft 365 section, select the only with people inside my organization option.

  20. Under Actions select + Add an action, then select Restrict access or encrypt the content in Microsoft 365 locations.

  21. In the new Restrict access or encrypt the content in Microsoft 365 locations area select Block everyone.

  22. Under User notifications, turn On the option for Use notifications to inform your users and help educate them on the proper use of sensitive info., then select the checkbox to Notify users in Office 365 service with a policy tip.

  23. Under User overrides select the checkbox to Allow users to override policy restrictions Fabric (including Power BI), Exchange, SharePoint, OneDrive and Teams.

  24. Select the checkbox to Require a business justification to override.

  25. Under Incident reports, in the Use this severity level in admin alerts and reports dropdown, select Low.

  26. At the bottom of the Create rule flyout panel, select Save.

  27. Back on the Customize advanced DLP rules, select Next.

  28. On the Policy mode page select Run the policy in simulation mode and select the checkbox for Show policy tips while in simulation mode.

  29. Select Next.

  30. On the Review and finish page review your settings then select Submit.

  31. On the New policy created page select Done.

You have now created a DLP policy that scans for credit card numbers in Microsoft Teams chats and channels, allowing users to provide a business justification to override the policy.

Task 2 – Modify a DLP policy

In this task, you’ll modify the existing DLP policy created in the previous task to also scan emails for credit card information. This modification ensures that sensitive data is protected across more communication channels.

  1. You should still be logged into Microsoft 365 as the user you selected to be your Compliance Administrator.

  2. You should still be on the Policies page in Microsoft Purview. If not, open Microsoft Edge and navigate to https://purview.microsoft.com. Select Solutions > Data Loss Prevention > Policies.

  3. On the Policies page select the checkbox for the recently created Credit Card DLP Policy, then select Edit policy to open the policy configuration.

  4. On the Name your DLP policy page, select Next.

  5. On the Assign admin units page select Next.

  6. On the Choose locations to apply the policy page, select the checkbox for Exchange email to add this location to your DLP policy.

  7. Select Next until you reach the Review and finish page.

  8. Select Submit on the Review and finish page to apply the change you made to the policy.

  9. Once the policy is updated select Done on the Policy updated page.

You have successfully modified the DLP policy to include email scanning, enhancing the protection of sensitive information.

Task 3 – Create a DLP policy in PowerShell

In this task, you’ll use PowerShell to create a DLP policy to protect Contoso employee IDs and prevent them from being shared via Exchange. This policy will notify users attempting to share this sensitive data and block the email if it contains Employee IDs.

  1. On your desktop, open an elevated PowerShell window by right clicking the Windows button in the task bar, then select Terminal (Admin).

  2. Run the Connect-IPPSSession cmdlet to connect to the Security & Compliance PowerShell:

    Connect-IPPSSession

  3. Sign in as the user you selected as your Compliance Administrator in the Sign in to your account pop-up window.

  4. Run the New-DlpCompliancePolicy cmdlet to create a DLP policy that scans all Exchange mailboxes:

    New-DlpCompliancePolicy -Name "EmployeeID DLP Policy" -Comment "This policy blocks sharing of Employee IDs" -ExchangeLocation All

  5. Run the New-DlpComplianceRule cmdlet to add a DLP rule to the DLP policy you created in the previous step:

    New-DlpComplianceRule -Name "EmployeeID DLP rule" -Policy "EmployeeID DLP Policy" -BlockAccess $true -ContentContainsSensitiveInformation @{Name="Contoso Employee IDs"}

  6. Run the Get-DLPComplianceRule cmdlet to review the EmployeeID DLP rule:

    Get-DLPComplianceRule -Identity "EmployeeID DLP rule"

You have successfully created a DLP policy using PowerShell that scans for Contoso Employee IDs in Exchange.

Task 4 – Activate a policy in simulation mode

In this task, you’ll activate the Credit Card DLP Policy you created in simulation mode so it enforces its protective actions.

  1. You should still be logged into Microsoft 365 as the user you selected as your Compliance Administrator.

  2. In Microsoft Edge, navigate to DLP policies by going to https://purview.microsoft.com > Solutions > Data Loss Prevention then select Policies from the left sidebar.

  3. On the Policies page select the checkbox for the Credit Card DLP Policy and select Edit policy to open the policy configuration.

  4. Select Next until you reach the Policy mode page and select Turn the policy on immediately.

  5. On the Review and finish select Submit.

  6. On the Policy updated page select Done.

You have successfully activated the DLP policy, ensuring that any attempts to share credit card information are blocked and require a business justification.