Data Loss Prevention (DLP) in Microsoft 365
DLP policies detect and prevent the sharing of sensitive information — like credit card numbers, Aadhaar numbers, or confidential documents — across email, Teams, SharePoint, and OneDrive.
### Accessing DLP
Go to **compliance.microsoft.com** → Data loss prevention → Policies
### Creating a DLP Policy
1. **New policy** → Choose a template or start blank
2. **Name your policy** (e.g. "Block Credit Card Sharing")
3. **Choose locations:** Exchange, SharePoint, OneDrive, Teams, Endpoint devices
4. **Define conditions:**
- Content contains: sensitive info types (e.g. Credit Card Number, PAN Card, Aadhaar)
- Shared externally vs internally
5. **Define actions:**
- Restrict access
- Send policy tip to user
- Send incident report to admin
- Block the activity
### Sensitive Information Types
Microsoft 365 includes 200+ pre-built types:
- Credit card numbers
- India PAN Card
- India Aadhaar
- Passport numbers
- Bank account numbers
- Custom regex patterns (for your own data)
### Policy Tips
When a user tries to share sensitive content, they see a pop-up explaining the policy — and can optionally override with a business justification.
### Testing a Policy
Set policy to **Test mode** first — logs activity but does not block.
Review alerts: DLP → Activity explorer → see matched events
Switch to Enforce after reviewing.
### Common Scenarios
- Block emails with credit card numbers leaving the organisation
- Warn users sharing files with Aadhaar numbers externally
- Prevent confidential SharePoint documents from being downloaded by guests