Microsoft 365 enable sensitive word ( DLP Data Loss Prevention ) policies beginners guide

To enable Sensitive Word detection in Microsoft 365 Exchange Admin Center, you can use DLP (Data Loss Prevention) policies to identify and protect sensitive information, including words or phrases that you define as sensitive.

Here’s how to enable and configure sensitive word detection:

1. Access the Microsoft 365 Compliance Center:

• Sign in to the Microsoft 365 Compliance Center at https://compliance.microsoft.com.
• In the left navigation pane, go to Solutions > Data loss prevention (DLP).

2. Create or Modify a DLP Policy:

• Click on + Create a policy to start a new DLP policy, or select an existing policy to modify.
• Choose a template or start from Custom policy depending on your needs. For custom policies, you’ll be able to define the sensitive words.

3. Configure Sensitive Information Types:

• Under the policy settings, select the Sensitive information types.
• Click Create to create a custom sensitive information type if you want to define specific words or phrases (e.g., your organization’s proprietary terms or sensitive information that’s not already recognized in built-in types).
  • Use the Word list option to specify the list of sensitive words that you want to detect in email content.

4. Add Sensitive Words:

• Under Custom Sensitive Information Types, choose to create a Word List or a Regular Expression (Regex), where you can define the specific sensitive words you want to detect.
  • You can include terms that you consider sensitive and need protection, such as client names, legal terms, financial figures, etc.

5. Set Up Actions for Detection:

• Choose actions for what happens when a sensitive word is detected, such as:
  • Block access to emails containing the sensitive word.
  • Notify recipients or administrators when a sensitive word is detected.
  • Encrypt the email to prevent unauthorized access.

6. Apply the Policy:

• Select the locations where you want to apply the DLP policy (e.g., Exchange email, OneDrive, SharePoint).
• Configure Policy Settings to start applying the detection to emails and documents across your organization.

7. Review and Test the Policy:

• After creating or modifying the DLP policy, review the policy to ensure it covers the sensitive words appropriately.
• Optionally, run the policy in test mode to see what will be detected before enforcing the actions.

8. Monitor and Adjust:

• Monitor DLP policy activity under the Policy and Compliance section in the Microsoft 365 Compliance Center.
• Adjust the policy based on the results and feedback from employees and administrators.

Additional Notes:

• Built-in Sensitive Information Types: Microsoft 365 provides built-in sensitive information types for things like credit card numbers, Social Security numbers, and more. You can combine these with custom word lists.
• Regular Expression (Regex): If you want more advanced word matching (e.g., detecting variations of sensitive terms), use regex patterns to enhance the detection rules.

By following these steps, you’ll enable Microsoft 365 to detect sensitive words and take actions accordingly, ensuring your organization’s data remains protected.