Microsoft Purview Data Loss Prevention

Summary

Data Loss Prevention (DLP) helps protect sensitive data like PII, financial info, and HIPAA-regulated content across Microsoft 365. It alerts users, alerts to risky actions, and logs incidents.

Body

Purpose

This guide helps employees understand how Data Loss Prevention (DLP) works within Microsoft Purview, and how it protects sensitive data across Microsoft 365 tools like Outlook, Teams, SharePoint, OneDrive, Copilot, and files.

By the end of this guide, you'll know:

  • What DLP is and why it matters
  • What types of data are protected
  • What happens when a DLP policy is triggered
  • What actions you should take if you receive a DLP notification

What Is DLP?

Data Loss Prevention (DLP) is a security feature that automatically monitors and protects sensitive information from being shared inappropriately. It helps our organization stay compliant with data protection laws and internal policies.

DLP is active across Microsoft 365 services, including:

  • Outlook
  • Teams
  • SharePoint
  • OneDrive
  • Microsoft Copilot
  • Files

Why DLP Is Important

DLP helps safeguard:

  • HIPAA-protected health information
  • Financial data (e.g., credit card numbers, bank account info)
  • Personally Identifiable Information (PII) (e.g., names, SSNs, addresses)
  • Confidential documents, especially when used in Copilot

It ensures we meet legal and regulatory requirements and prevents data breaches that could harm individuals or the organization.

What Happens When DLP Detects Sensitive Data

When DLP identifies sensitive content, it may:

1. Notify You

  • You’ll see a policy tip in Outlook, Teams, or other apps.
  • You may receive an email alert explaining what was flagged.

2. Restricted Actions

  • In Copilot, referencing or uploading a confidential document may be prevented.

3. Log a Cyber Incident

  • If sharing sensitive data externally, an alert notifies the security team.
  • The event is automatically logged as a cyber incident.
  • Our security team investigates and follows up as needed.

Examples of DLP in Action

Scenario What You’ll See
You email a spreadsheet with SSNs Email sends an alert to the security team
You upload a financial report to Copilot Upload is prevented, and an incident is logged
You share a medical record in Teams Message generates an alert, and you may be notified of the data in question

What You Should Do

If you receive a DLP notification:

  1. Read the message carefully – it explains what was flagged.
  2. Do not try to bypass the restriction – this could trigger further investigation.
  3. Contact the Security Team or MSB Support if you believe the action was flagged in error.

Tools & Resources

Tools Involved

  • Microsoft Purview
  • Microsoft 365 (Outlook, Teams, SharePoint, OneDrive, Copilot)

Helpful Resources

Details

Details

Article ID: 407
Created
Thu 8/28/25 6:35 PM
Modified
Fri 9/5/25 5:12 PM