The mass shift to remote and hybrid work since the onset of the pandemic has completely transformed workflows in many organizations. Unfortunately, collaborating and sharing data outside of a safe corporate environment could put an organization at greater risk of data loss, breach, or leaks.

The need for data safety in remote work

A remote or hybrid work system means that you can’t limit data movement within the secure confines of internal networks. The data will probably have to travel between corporate data systems and remote workers across multiple apps, devices, and networks. The issue is, there’s very little you can do to control external data paths because remote collaborations lack direct supervision and hands-on management.

But despite this, the pressure on organizations to guarantee data safety has never been higher than it is currently. Cyber incidents such as data breaches, ransomware, malware, and social engineering attacks are at an all-time high. Moreover, data loss is becoming more devastating. According to a new report, the average cost of a data breach rose by 72 percent between 2019 and 2020, from USD 2.24 million to USD 3.86 million. Remote work was one of the main factors for this sharp spike. Additionally, we now have several stringent data privacy and protection laws with severe implications for non-compliance.

The point is, organizations need to rethink their security strategies, especially when supporting remote or hybrid work. Office 365, the go-to solution for all remote collaboration needs, includes a in-built feature to help organizations protect data while working in a cloud environment.

Let’s look at how Data Loss Prevention (DLP) in Office 365 manages to secure corporate data:

What is data loss prevention in Office 365?

Data Loss Prevention is part of the Security and Compliance Center for Office 365, launched back in 2017. A DLP -policy scans and secures data by identifying and preventing sensitive information from leaving a network, storage location, or cloud environment through unauthorized means.

Microsoft recently extended Data Loss Prevention capabilities to Teams Chat and Channel messages and Microsoft Cloud App Security. DLP is also available to Exchange Online, SharePoint Online, and OneDrive users. However, you will require at minimum an Office 365 E5/A5/G5 licence to enable DLP for these services.

How does Office 365 data loss prevention work?

Like most data loss prevention systems, Office 365’s DLP works by identifying sensitive information and preventing it from falling into the wrong hands. This whole process follows a specified set of rules defined in a DLP policy. The system allows you to create and customize a DLP policy telling it the kind of information you want to protect, the privacy compliance standard required, and what to do if it detects sensitive information in documents or text messages. For instance, you can set the policy to trigger various actions when presented with sensitive information, such as:

  • Remind users to handle the information responsibly
  • Restrict the individuals who can access the information or override the policy
  • Alert admins via email or notifications
  • Send detailed reports of data transactions matching the policy’s criteria
  • Stop users from inadvertently sharing the data with the wrong people

How does the DLP system detect sensitive information?

Sensitive data refers to any bit of information that shouldn’t be accessible to outsiders or unauthorized persons. Generally, this includes personally identifiable information (PII), financial data, trade secrets, and intellectual property.

Office 365’s DLP automatically detects, classifies, and flags sensitive information through a combination of regular expression pattern matching (RegEx) and other keyword indicators. It performs checksum calculations on numbers and text against known string patterns to determine if an email, chat message, or document contains sensitive data. For instance, the DLP can distinguish an actual credit card number from a harmless 16-digit string by analyzing the proximity and use of related keywords such as “VISA” and date values.

The system has a massive library of entity definitions for over 200 types of standard sensitive datasets from various parts of the world. In addition to these, you can also create custom matching definitions for unique sensitive data types using a PowerShell XML script. However, Microsoft does not support developing, testing, or debugging custom content matching rules or RegEx.

Office 365 Data Loss Prevention Best Practices

In addition to the automated Data Loss Prevention measures, you can also chip in to ensure data safety by following these data privacy best practices on Office 365:

  • Understand what types of sensitive data are uploaded to Office 365 and track the data flow across the platform.
  • Educate employees on the need to exercise caution when handling and sharing sensitive information.
  • Create and enforce consistent DLP policies across the entire Office 365 platform and any other collaboration or file-sharing tools in use.
  • Restrict data access to just a few individuals.
  • Minimize redundant data and don’t work with any information that you don’t need.

Developing a DLP policy

Before setting up a DLP policy on Office 365, you have to draw it up on paper. You must understand how sensitive data flows on the platform—all the different types involved, where it comes from, who has access to it, how it’s shared, and where it eventually ends up. With that knowledge, curve out the safest data path, ideally the one with the least touchpoints. From there, determine which actions to take if data flow deviates from this path. Finally, translate all that to the DLP policy by creating filters, access rules, and countermeasures for breaking the expected flow of sensitive information.

Developing and deploying an active DLP policy that works exactly as expected can be a bit of a headache if you’re unfamiliar with the platform or don’t fully understand your data estate. Luckily, Softlanding can help you out with that. We are a Microsoft Gold-Certified Partner, so we know our way around the Microsoft 365 suite. Enlist our technical expertise and experience to take full advantage of robust Microsoft enterprise solutions, such as Office 365, Azure, Teams, and more. Reach out to get started.

Written By:


Softlanding is a long-established IT services provider of transformation, professional services and managed IT services that helps organizations boost innovation and drive business value. We are a multi-award-winning Microsoft Gold Partner with 13 Gold Competencies and we use our experience and expertise to be a trusted advisor to our clients. Headquartered in Vancouver, BC, we have staff and offices in Toronto, Montreal and Calgary to serve clients across Canada.

More By This Author