@@DougDoesTech I agree with Ant. A series on this would great because MS have added so much into this admin centre since it was the original Security & Compliance Centre. As a Global Admin it's impossible to keep up to date with all the capabilities. Great video, and thank you.
Fantastic video. I watched first video only so far, and learned enough to be confident to start working on DLP. Awesome presentation and wonderful content. Thank you.
Great job here, really. Clear and conscise, used this to setup basic rules in our environment. Thank you! Microsoft documentation is horrible and changes all the time, this is exactly what I needed.
Glad I could help! I have had too many customer that tried to implement DLP all the way too fast. So I made this flow to help customers see a practical way to ease into there DLP journey.
Anything in the works for the new purview portal? How about the purview scanner, on-prem file shares, azure blob storage, azure sql server, and what dlp features will work with all of that. Thanks!
Hi, i have a question that i am strugeling with, is it possible to set a minimum unique count, so that the rule doesn't activate when there is the same world of a sensitive info type that is repeated multiple times, but when there is three diffrent worlds for example. Thank you in advance
I don’t believe that is something we can do. But I haven’t tested that scenario. The documentation mentions unique instances but i don’t think it works how you want it. docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-worldwide#instance-count-supported-values-for-sit
Hi Doug your videos are awesome bro. I've learned a great deal watching this over and over. What would an exchange DLP policy look like that would be in compliance with a SOC 2 audit? Any help or references are greatly appreciated 🙏
Great video, it just helped us get started. One problem I was hoping you can help with. We don't see the "Exceptions" section in the Policy rules. I went Googling and some forum posts are saying MS removed that function. A Microsoft article alludes to using tenant-level configs somehow. But now I'm also wondering if it's a permissions issue maybe, but that would be a little odd since we can see everything else. The exceptions specifically we want to do is outbound domains (don't alert on specific domains) and specific email addresses. Do you have any insight into this by any chance? Thank you!
Yeah I just realized that the other day. When they updated the rule builder they removed the exclude. So now if you want to do it you need to add a group then you can toggle a not on it which becomes your exclude, but i think it will work a little differently.
@@DougDoesTech Wow, thanks for the quick response! Don't want to bother you too much but when you say group, are you referring to the DG group selection when choosing the Exchange mail location? I don't see a section to add a NOT qualifier. Under Conditions I see AND/OR but no NOT.
All good, I am on mobile so I can’t 100% confirm in the portal but I think this is what you are looking for. learn.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide#complex-rule-design
@@DougDoesTech Once again, thank you for your time. I think I just figured it out and posting here for future visitors (your statement above clued me in). It appears I don't get to add a huge load of conditions unless the Locations is set to just Exchange. If I choose any other options than Exchange, it appears that it constricts the level of options/conditions allowed in the rules. I'm sure this applies to other Locations as well. Also, the NOT operator only appears for an OR statement...logical but when trying to learn the system it may not be straight-forward for people. I appreciate your help, you're guidance helped me figure this beast out. Very much appreciated!
I have set up policies in DLP and they don't seem to work the information just goes right through i do get the reporting was hoping this video will help with that but this was a different focus