ASD's Blueprint for Secure Cloud

Data Loss Prevention: Warn users distributing OFFICIAL: Sensitive items

This section describes the configuration of Data Loss Prevention (DLP) policies within Microsoft Purview associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Name

ItemValue
NameWarn users distributing OFFICIAL: Sensitive items
DescriptionProvide a warning notification to users distributing OFFICIAL: Sensitive information

Admin units

ItemValue
Admin unitsFull directory

Locations

ItemValue
Exchange emailAll groups
SharePoint sitesAll sites
OneDrive accountsAll users & groups
Teams chat and channel messages
Devices
On-premises repositories
Power BI workspaces

Advanced DLP rules

Caution users distributing OFFICIAL: Sensitive information

ItemValue
NameCaution users distributing OFFICIAL: Sensitive information
Description
Conditions
ItemValue
Content is shared from Microsoft 365with people outside my organization
AND
Content containsSensitivity labels
Group nameDefault
Group operatorAny of these
Sensitive info types
- OFFICIAL Sensitive classified informationMedium confidence
Instance count: 1 to Any
- OFFICIAL Sensitive Legislative-Secrecy classified informationMedium confidence
Instance count: 1 to Any
- OFFICIAL Sensitive Personal-Privacy classified informationMedium confidence
Instance count: 1 to Any
- OFFICIAL: Sensitive Legal-Privilege classified informationMedium confidence
Instance count: 1 to Any
- All Credential TypesMedium confidence
Instance count: 1 to Any
Trainable classifiersNon disclosure agreement
Loan agreements and offer letters
Health/Medical forms
Personal Financial Information
Actions

None

User notifications
ItemValue
Use notifications to inform your users and help educate them on the proper use of sensitive infoOn
Microsoft 365 services
- Notify users in Office 365 service with a policy tipChecked
Email notificationsNotify the user who sent, shared, or last modified the content
- Attach matching email message to the notificationNot checked
- Customize the policy tip textChecked
This item appears to contain Classified or otherwise sensitive information. Disclosure of this information may result in harm to the Australian Government or individuals. Please be sure you understand your obligations to protect this information
- Show the policy tip as a dialog for the end user before sendChecked
- Provide a compliance URL for the end user to learn more about your organization’s policiesNot checked
User overrides
ItemValue
Allow overrides from M365 servicesNot checked
Incident reports
ItemValue
Use this severity level in admin alerts and reportsLow
Send an alert to admins when a rule match occursOff
Use email incident reports to notify you when a policy match occursOff
Additional options
ItemValue
If there’s a match for this rule, stop processing additional DLP policies and rulesNot checked
Priority0

Policy mode

ItemValue
Policy modeTurn the policy on immediately

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra