Everywhere your data exists, moves or is shared, we want to protect it. Office 365 has provided Data Loss Prevention (DLP) capabilities for email since Exchange 2013. As collaboration extends beyond email to sites and documents, we are extending the DLP capabilities to these services. Last year at TechEd Barcelona, we showed a quick glimpse of our vision for expanding DLP and today we are pleased to share more details on these capabilities.

Announcing upcoming public preview of DLP for SharePoint Online/OneDrive for Business

For the last couple of months, we have worked hard to test some of these cool new capabilities in a private preview with select customers. Later this quarter, we will bring a public preview of these capabilities to every single eligible Office 365 tenant.

Last year we made some early DLP capabilities from Phase 1 available allowing you to find sensitive information in SharePoint Online/OneDrive for Business. These helped you identify high-risk items and allowed you to take manual actions on that sensitive content. But with the Phase 2 public preview, you can now create proactive policies to remediate violations and empower your users with policy tips and notification emails so they can take the right decision while working with sensitive data, just like you do today with DLP in Exchange. Let us now look at these enhancements in detail.

Easily set up your DLP policies for your organization

With the public preview, admins can now easily set up DLP policies for SharePoint Online/OneDrive for Business from the Office 365 compliance center. Policies take the simple construct of conditions, actions and exceptions and admins can use any of the existing out of box templates to get started.

End users empowered through constant policy education

We understand that end users are a critical part of the solution to keeping data safe. As such, we help them make the right decisions when working with sensitive data, providing them with rich notifications in the context of where they are working. Furthermore, if they move out of context, we send an email notification with the policy tip information. All of this is configurable by the admin, who can set up rules that allow users to override policies by providing a business justification, which allows users to be productive while still being compliant.

Tracking policy usage and incident management

Admins can track the effectiveness of policies with the rich reporting built into Office 365. In addition, they can create admin-facing incident reports with information about each incident that can later be reviewed by their security teams.

What’s available now? What’s coming later?

With all the great new capabilities, you might ask, “What is coming next?” Well, we are not done here, we will continue to innovate and release a new set of capabilities in our Phase 3 release. Here is a view of what’s available now versus what is coming in Phase 3, which is planned for second half of 2015.

Available in Phase 2 public preview Coming in Phase 3
Create automated policies with any of the
available built-in sensitive information types
Exceptions for locations and conditions
Detect external sharing and apply appropriate actions Ability to encrypt content as an action
Scope the policies to specific locations or sites Support for custom classifications and document fingerprinting
Scanning for document properties (metadata) Shared by/by member of conditions
Block or restrict access to the sensitive content Detect content scanning errors
Customizable Policy tips and user notifications via policy tip and email Richer content types and more enforcement endpoints
Admin facing Incident reports and reporting

Announcing public preview of DLP for Office 2016 applications

Last month when we announced the Office 2016 preview, we mentioned DLP as one of the core capabilities within the Office applications. Later this quarter, we will make these DLP capabilities available in the preview for three different Office applications—Word, Excel and PowerPoint. With these capabilities, end users can be notified in real-time on the sensitive content they are working right within the familiar Office applications they love and use.
Let’s look at some of these capabilities in detail.

Admins can easily set up policies for SharePoint Online/OneDrive for Business that will automatically apply to Word, Excel and PowerPoint 2016 applications. If users open a sensitive file from SharePoint Online/OneDrive for Business, they will be notified of the sensitive information in context within the Office application.

Depending on the policy, the user can simply choose to ignore the policy or be asked to provide a business justification in order to continue working on the sensitive data. Users also have the option of turning off notification policies from within the Office applications.

With these advanced capabilities, you will have the ability to create DLP policies across different services while retaining the best end user experience

We look forward to you using these capabilities.

—Shobhit Sahay
Source: Evolving Data Loss Prevention in SharePoint Online/OneDrive for Business and Office applications - Office Blogs