I have to say I have been waiting awhile for the new SharePoint Online DLP solution to be released. It is super exciting because we now see this DLP capability being applied to both Exchange Online and SharePoint Online with a strategy to centrally manage both. Here is a brand new blog discussing the new SharePoint Online DLP capability - http://blogs.office.com/2014/08/27/search-sensitive-content-sharepoint-onedrive-documents/. In this blog I will talk about the solution, important facts, plus talk about the future statements made in the Microsoft blog.
As of this posting, according to the Office 365 Public Roadmap, the feature is in Rolling Out phase - http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx. If you are an Office 365 for Enterprises customer, you have signed up for the First Release program, you will have the ability to get early access.
The new solution provides the ability to discover sensitive data that may be in SharePoint Online and OneDrive for Business. The solution looks very similar to the eDiscovery Center. What this solution is initially providing the ability to use 51 built-in sensitive security types. For instance SSN, Passport number, credit card numbers, etc. You will be able to identify the SharePoint Online and OneDrive for Business locations to search. When items are found you can:
- Preview the results.
- Refine with complex query.
- Export the results with a report and then remediate. Remediation would be anything from deleting the data, changing permissions around the data, check for false positives, etc.
- Ability to save and re-execute the query.
The Details for Implementing the DLP Policy
Additionally here is a TechNet Article that explains the actual steps to use the new SharePoint Online DLP capability - http://technet.microsoft.com/library/dn798914.aspx. As you see, the steps are same for using the eDiscovery Center. The great thing about this is the compliance officers do not need to be trained on a new solution, they will use what they already know to perform DLP operation.
Here are some important facts found out while reading this blog:
- Information types being used for SharePoint Online are the same as the one for Exchange Online. This link was referenced - http://technet.microsoft.com/library/jj150541(v=exchg.150).aspx. I like the consistency. These are basically complex regular expressions that are defined for you, and you have the ability to modify them.
- Data file types that can be detected is listed here - http://technet.microsoft.com/en-us/library/jj219530(v=office.15).aspx
In the blog, the referred to the future. The important fact is this is not the only release. If you have been an Office 365 customer for a while now, you know that Microsoft is releasing new enterprise features and capabilities quickly. This is reflected in public roadmap. In regards to futures on SharePoint DLP:
- They mention that they are building a capability to create policies that can automatically detect sensitive data along with taking an action once discovered, like quarantining or delete the data. I absolutely love this. SharePoint Online DLP will then have the same concepts that are built into Exchange Online DLP as data is going through transport rules.
- They also mention they plan to create a unified policy experience for DLP across all of Office 365. This will allow a compliance officer to define a DLP policy that would apply to Exchange Online, SharePoint Online and OneDrive for Business.