Microsoft 365™ Data Loss Prevention FAQs
What is Microsoft 365™ Data Loss Prevention?
Microsoft 365 Data Loss Prevention (DLP) is a service that ensures files within your Microsoft OneDrive™ cloud storage (and other Microsoft 365 products) that contain protected or sensitive data are stored and shared appropriately and securely.
Why does Fordham have Microsoft 365 Data Loss Prevention?
Fordham is obliged to the University community to protect information from unauthorized access and illicit use. The Office of Information Technology is a partner in carrying out that obligation, ensuring we use all available means to manage secure data per best practices and compliance regulations. Microsoft 365 Data Loss Prevention assists in ensuring that protected and sensitive data within a Fordham member’s Microsoft 365 account is stored and shared appropriately and securely.
Is Microsoft 365 Data Loss Prevention looking at my files?
Microsoft 365 Data Loss Prevention assesses files in Fordham Microsoft 365 accounts. It looks for patterns within those files that match those of protected and sensitive data (such as Social Security numbers, credit card numbers, Fordham ID numbers, etc.) and may not be shared securely per Fordham’s Data Classification Policy.
Is Microsoft 365 Data Loss Prevention making changes to my OneDrive files or other files within my Microsoft 365 account?
Microsoft 365 Data Loss Prevention is not making any changes to the data within the files, only the sharing permissions of files in OneDrive accounts that contain numerous unique instances of data Fordham classifies as protected or sensitive. For example, improperly shared files containing sensitive data may have sharing permissions modified to “private” to only be accessible to you.
What is considered protected and sensitive data?
Protected data contains personally identifiable information (PII) such as Social Security and credit card numbers. Sensitive data has been deemed sensitive based on internal standard operating procedures. It contains data such as employee compensation and annual budget information. You can read more about how data is classified within Fordham’s Data Classification Guidelines. The Data Classification Grid describes regulations and policies governing protected and sensitive data. Use it to determine where and how to store your files.
Please click here for a list and explanation of the various types of sensitive data that Fordham actively monitors via our DLP rules.
What does Microsoft 365 Data Loss Prevention do when it finds a file with protected and sensitive data?
If Microsoft 365 Data Loss Prevention finds protected or sensitive data in a file, you may receive an alert from “Microsoft 365 ([email protected])” notifying you that the file was shared improperly. The file is not modified, but when you receive the alert, it is advised you perform the following steps:
1. While viewing or editing the shared file, from the “File” menu, select “Share”…
2. On the menu that pops up, click the three dots in the upper right corner, then click “Manage access.”
3. Click the three dots next to the sharing link on the next menu, then hit the X to remove the link. Then click “Save” or the back arrow.
4. The file should only be shared with specific people when the sharing is removed. Uncheck “Allow editing” if you want the recipients only to be able to read the file and not change it.
Sharing protected information with non-Fordham email addresses (including your own personal email addresses) may be inadvisable in many circumstances. Always consult Fordham’s Data Classification Guidelines when in doubt about how best to store and share protected data.