Monday, May 25, 2026

What is DLP (Data Loss Prevention) in SharePoint Online? – Easy Explanation

 

What is DLP (Data Loss Prevention) in SharePoint Online? – Easy Explanation

Think of DLP as a security guard for your documents and emails.

Its job is to prevent users from accidentally or intentionally sharing sensitive information such as:

  • Credit Card Numbers
  • Aadhaar Numbers
  • PAN Numbers
  • Passport Numbers
  • Bank Account Details
  • Patient Health Information (PHI)
  • Clinical Trial Data
  • Confidential Company Documents

Real-Time Example

Suppose an employee uploads an Excel file to SharePoint containing:

Employee Name
PAN Number
Aadhaar Number
Salary

If a DLP policy is configured:

SharePoint detects the sensitive information.

User receives a warning.

External sharing can be blocked.

Compliance team gets notified.

An audit record is created.

Without DLP:

User may accidentally share the file externally.

Sensitive data could be exposed.

 

Where Does DLP Work?

DLP can protect data across:

 

DLP Architecture

User Uploads File
        |
        V
SharePoint Online
        |
        V
DLP Engine Scans Content
        |
        +---- Sensitive Data Found?
                    |
            ----------------
            |              |
           Yes             No
            |
            V
Apply Policy Action
(Block/Notify/Audit)

 

Common Sensitive Information Types

Microsoft provides hundreds of built-in detectors.

Examples:

Data Type

Example

PAN Card

ABCDE1234F

Aadhaar

1234 5678 9012

Passport

A1234567

Credit Card

4111-1111-1111-1111

Bank Account

Account Number

US SSN

123-45-6789

 

Types of DLP Actions

1. Show Policy Tip

Displays a warning.

Example:

Warning:
This file contains sensitive information.

 

2. Block Access

Prevents sharing.

Example:

This document cannot be shared externally.

 

3. Restrict Download

Users can view but not download.

 

4. Send Alert

Emails compliance or security teams.

 

5. Generate Incident Report

Logs the violation.

 

How to Create a New DLP Policy (Step-by-Step)

Step 1: Open Microsoft Purview

Go to:

Microsoft Purview Portal

Login with Compliance Administrator or Global Administrator permissions.

 

Step 2: Navigate to DLP

Solutions
   |
   +-- Data Loss Prevention

Click:

Policies

 

Step 3: Create Policy

Click:

+ Create Policy

 

Step 4: Choose Template

Microsoft provides templates:

Examples:

  • Financial Data
  • Privacy Data
  • Healthcare Data
  • GDPR
  • PCI-DSS
  • Custom Policy

For example:

Privacy Data

 

Step 5: Name the Policy

Example:

Protect PAN and Aadhaar Data

Description:

Prevent sharing of PAN and Aadhaar numbers.

 

Step 6: Select Locations

Choose where DLP should apply:

SharePoint Sites

OneDrive Accounts

Exchange Emails

Teams Chat

Example:

Apply to SharePoint Online only

 

Step 7: Create Rule

Click:

Create New Rule

Rule Name:

Block PAN Information Sharing

 

Step 8: Configure Conditions

Choose:

Content Contains

Select Sensitive Information Types:

  • India PAN Number
  • India Aadhaar Number

Condition:

If content contains at least 1 PAN number

 

Step 9: Configure Actions

Example:

Block External Sharing
Send Alert to Security Team
Show Policy Tip

 

Step 10: Configure User Notifications

Enable:

Notify users

Message:

This document contains sensitive information.
External sharing is not allowed.

 

Step 11: Incident Reports

Send reports to:

security@company.com
compliance@company.com

 

Step 12: Test Mode

Before enforcing:

Run Policy in Test Mode

Benefits:

  • No user impact
  • See what would be blocked
  • Validate policy

Recommended in production.

 

Step 13: Turn On Policy

After testing:

Enable Policy

Policy becomes active.

 

Real-Time Pharma / Clinical Research Example

In a CRO environment (such as clinical trials):

Sensitive data includes:

  • Patient IDs
  • Medical Records
  • Lab Reports
  • Adverse Event Data
  • Trial Participant Information

DLP Rule:

If Patient Information Found
     |
     +--> Block External Sharing
     +--> Notify Compliance Team
     +--> Log Incident

This helps support GDPR, HIPAA, and GxP compliance requirements.

 

How to Verify DLP is Working

Upload a Test File

Example:

Employee: John
PAN: ABCDE1234F

Upload to SharePoint.

Expected:

  • Warning appears
  • Sharing restrictions apply
  • Alert generated

 

PowerShell Verification

Connect to SharePoint Online and verify policy effects through Purview compliance reporting and audit logs.

Useful audit locations:

Microsoft Purview
  |
  +-- Audit
  +-- DLP Alerts
  +-- Activity Explorer

 


Posted by at
Labels:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)