Use data loss prevention (DLP) policies to protect your data

To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personal information, such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across your environment.

Think of DLP as also meaning Data Lifecycle Protection. It’s an opportunity to consider the entire data lifecycle, beginning with data creation. It also provides the information management/protection and security teams with a framework that describes where they want data protection and classification to be rather than concentrating on preventing loss.

There are four key areas for preventing data loss and managing the data lifecycle.

Detect/Discover. Identify the data you want to protect. To detect sensitive data, you can use a content scan, such as Azure Information Protection Scanner, and define data through data classification.

Protection. Consider the range of DLP enforcement actions you can apply to documents and emails containing sensitive information, such as block sending, block sharing, warning end-users or auditing activity.

Visibility. Protect sensitive data while keeping its visibility for appropriate uses such as:

  • Forensics
  • Risk management reporting
  • Compliance

Data immunization. When you apply security controls based on classification at the source (moment of creation), you can:

  • Minimize data exposure time
  • Provide context to help ensure that the data classification is correct

Most of your organization’s data might not be RMS-protected but still require some level of DLP short of RMS encryption. AIP classification at document creation can be the start of the data protection process. An end user who applies AIP classification at document creation can assist identifying and protecting sensitive data that isn't easily detected through content inspection or other means.

Learn more

When you're done with a link, use the Back arrow in your browser to come back to this page.