DLP Policy

By default, the DLP policy scans the uploaded files to OneDrive for potentially leaked information, such as credit card number and Social Security Number (SSN).

What Actions are Supported

Office 365 OneDrive DLP policy supports these actions:

  • Send files with sensitive data to the vault.

  • Alert owner: Sends an email notification to the user who uploaded a file that contains sensitive information.

  • Alert admin(s): Sends an email notification to the admin(s) about the files that contain sensitive information.

  1. Access the Avanan Administrator Portal.
  2. From the left navigation panel, click Policy.
  3. Click Create New Policy Rule.
  4. From the Choose SaaS drop-down list, select Office 365 OneDrive.
  5. From the Choose Security drop-down list, select DLP and click Next.
  6. Select the desired protection mode.
    • Detect and Remediate

    • Detect

    (Optional) If required, you can change the Rule Name.

  7. In the Scope section, select the users and/or group of users for whom the policy is applicable.
    • To apply the policy to all users and groups in your organization, enable All Users and Groups checkbox.

    • To apply the policy to specific users or groups, select the users/groups and click Add to Selected.

    • To exclude specific users or groups from the policy, select the required users/groups and click Add to Excluded.

  8. Scroll down to the DLP Criteria, enable Check Point DLP Categories and select the required DLP categories for the policy.

    For more information about the DLP Data Types and categories, see Appendix E: DLP Built-in Data Types and Categories.

  9. Select the required sensitivity level for the policy.
    • Very high (hit count > 0)

    • High (hit count > 2)

    • Medium (hit count > 5)

    • Low (hit count > 10)

    • Very Low (hit count > 20)

  10. To exclude DLP policy for the files shared only with the internal users, enable the Skip Internal items checkbox.
  11. Configure Actions for the policy.
    1. To send a detected file with sensitive data to its owner's vault, enable the Send files with sensitive data to vault checkbox.

      Note:

      This option is available only in Detect and Remediate protection mode.

    2. To send email alerts to admins about DLP, enable the Alert admin(s) checkbox.

      To configure alerts to the specific users, click Select Users next to the Alert admin(s).

    3. To quarantine drive files, enable the Quarantine drive files checkbox.

      Note:

      This option is available only in Detect and Remediate protection mode.

    4. To send email alerts to the file owner about DLP, enable the Alert file owner(s) checkbox.

    Note:

    For a policy, you can only enable Send file with sensitive data to vault or Quarantine drive files.

  12. Click Save and Apply.