ASD - Australian Signals Directorate

ASD's Blueprint for Secure Cloud

Data Loss Prevention: Limit disclosure of potentially PROTECTED information

This section describes the configuration of Data Loss Prevention (DLP) policies within Microsoft Purview associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Name

ItemValue
NameLimit disclosure of potentially PROTECTED information
DescriptionLimit distribution and provide a warning notification to users distributing PROTECTED information

Admin units

ItemValue
Admin unitsFull directory

Locations

ItemValue
Exchange emailAll groups
SharePoint sitesAll sites
OneDrive accountsAll users & groups
Teams chat and channel messagesAll users & groups
Devices
On-premises repositories
Power BI workspaces

Advanced DLP rules

Warn users sending information relating to PROTECTED information

ItemValue
NameWarn users sending information relating to PROTECTED information
Description
Conditions
ItemValue
Content is shared from Microsoft 365with people outside my organization
AND
Content contains
Group nameDefault
Group operatorAny of these
Sensitivity info types
- PROTECTED classified informationMedium confidence
Instance count: 1 to Any
- PROTECTED Personal-Privacy classified informationMedium confidence
Instance count: 1 to Any
- PROTECTED Legal-Privilege classified informationMedium confidence
Instance count: 1 to Any
- PROTECTED Legislative-Secrecy classified informationMedium confidence
Instance count: 1 to Any
- PROTECTED NATIONAL-CABINET classified informationMedium confidence
Instance count: 1 to Any
- PROTECTED CABINET classified informationMedium confidence
Instance count: 1 to Any
Actions
ItemValue
Restrict access or encrypt the content in Microsoft 365 locationsBlock users from receiving email or accessing shared SharePoint, OneDrive, and Teams files
- Block only people outside your organization
User notifications
ItemValue
Use notifications to inform your users and help educate them on the proper use of sensitive infoOn
Notify users in Office 365 service with a policy tipChecked
- Notify the user who sent, shared, or last modified the content
Customize the policy tip textThis PROTECTED item requires limited dissemination. Please be aware of this and ensure that it is only distributed to users with need for access
Show the policy tip as a dialog for the end user before sendChecked
User overrides
ItemValue
Allow overrides from M365 servicesChecked
Require a business justification to overrideChecked
Override the rule automatically if they report it as a false positiveChecked
Require the end user to explicitly acknowledge the overrideChecked
Incident reports
ItemValue
Use this severity level in admin alerts and reportsLow
Send an alert to admins when a rule match occursOff
Use email incident reports to notify you when a policy match occursOff
Additional options
ItemValue
If there’s a match for this rule, stop processing additional DLP policies and rulesNot checked
Priority0

Policy mode

ItemValue
Policy modeTurn the policy on immediately

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra