Microsoft 365™ Data Loss Prevention FAQs

What is Microsoft 365™ Data Loss Prevention? 

Microsoft 365 Data Loss Prevention (DLP) ensures that files within your Microsoft OneDrive™ cloud storage (and other Microsoft 365 products) containing protected or sensitive data are stored and shared appropriately and securely.    

Why does Fordham have Microsoft 365 Data Loss Prevention? 

Fordham is obliged to the University community to protect information from unauthorized access and illicit use. The Office of Information Technology is a partner in carrying out that obligation, ensuring we use all available means to manage secure data per best practices and compliance regulations. Microsoft 365 Data Loss Prevention ensures that protected and sensitive data within a Fordham member’s Microsoft 365 account is stored and shared appropriately and securely. 

Is Microsoft 365 Data Loss Prevention looking at my files? 

Microsoft 365 Data Loss Prevention assesses files in Fordham Microsoft 365 accounts. It looks for patterns within those files that match those of protected and sensitive data (such as Social Security numbers, credit card numbers, Fordham ID numbers, etc.). It may not be shared securely per Fordham’s Data Classification and Protection Policy. 

Is Microsoft 365 Data Loss Prevention changing my OneDrive or other files within my Microsoft 365 account? 

Microsoft 365 Data Loss Prevention does not change the data within the files, only the sharing permissions of files in OneDrive accounts that contain numerous unique instances of data Fordham classifies as Fordham Protected or Fordham Sensitive. For example, improperly shared files containing sensitive data may have sharing permissions modified to “private” only to be accessible to you.  

What is considered protected and sensitive data?  

Protected data contains personally identifiable information (PII) such as Social Security and credit card numbers. Sensitive data has been deemed sensitive based on internal standard operating procedures. It contains data such as employee compensation and annual budget information. You can read more about how data is classified within Fordham’s Data Classification Guidelines. The Data Classification describes regulations and policies governing protected and sensitive data. Use it to determine where and how to store your files.

An explanation of the various types of sensitive data that Fordham actively monitors via our DLP rules may be found here.

What does Microsoft 365 Data Loss Prevention do when it finds a file with protected and sensitive data? 

If Microsoft 365 Data Loss Prevention finds protected or sensitive data in a file, you may receive an alert from “Microsoft 365 ([email protected])” notifying you that the file was shared improperly. The file is not modified, but when you receive the alert, it is advised you perform the following steps: 

1. While viewing or editing the shared file, from the “File” menu, select “Share”…

2. On the menu that pops up, click the three dots in the upper right corner, then click “Manage access.”

3. Click the three dots next to the sharing link on the next menu, then hit the X to remove the link. Then click “Save” or the back arrow. 

4. The file should only be shared with specific people when the sharing is removed. Uncheck “Allow editing” if you want the recipients only to be able to read the file and not change it. 

Sharing protected information with non-Fordham email addresses, including your personal ones, may be inadvisable in many circumstances. Always consult Fordham’s Data Classification Guidelines when in doubt about how best to store and share protected data.