Teams Security Baselines: Data Loss Prevention
Spending 10 minutes or less will help your M365 environment be a little more secure
In Oct. 2022, CISA released a document called Microsoft Teams: M365 Minimum Viable Secure Configuration Baseline. This document outlines 13 steps to take to raise your Microsoft Teams environment to a minimum viable security posture. In this series, we’ll take a look at these 13 steps over a series of articles.
Baseline 11: Data Loss Prevention
This baseline reads “Data Loss Prevention Solutions SHALL Be Enabled.”
What is it?
Data Loss Prevention (DLP) refers to data leakage, either intentional or unintentional. Microsoft offers DLP services that can be accessed in the M365 compliance admin center. There are 3rd party DLP providers, as well.
Why is it bad?
Any data leakage of sensitive information, whether intentional or unintentional, should be seen as a danger.
What should you know before enforcement?
At a minimum, the sharing of credit card numbers, taxpayer ID numbers, and Social Security Numbers should be restricted.
How do you enforce it?
DLP isn’t configured inside of Teams, but rather through the M365 compliance center at compliance.microsoft.com, then Policies —> Data Loss Prevention —> Policies. If you have current DLP policies configured, ensure that Teams has been added as a data source like below.
If you do not have any DLP policies configured, setting up a DLP policy is beyond the scope of this article, but in general will involve creating a policy from compliance.microsoft.com, then Policies —> Data Loss Prevention —> Policies —> + Create Policy. When setting up the policy, a wizard will walk you through selecting which data you would like to protect, and which MS products you’d like to use as protected data sources.
Note: The articles in the Security Baselines series aren’t being sent via the subscriber emails. Once the series is complete, I’ll be publishing a single article with links to all of the articles in the series.