As data security becomes a top priority, protecting sensitive information is critical. One powerful tool in safeguarding data is Microsoft’s Data Loss Prevention (DLP) technology, designed to prevent leaks and breaches before they occur. A recent addition to Microsoft 365’s Outlook includes a proactive DLP email scanning feature, which holds outgoing emails for review and flags any sensitive content, allowing users to make corrections before the email is sent. This not only improves security but also ensures compliance with organizational policies. Integrating DLP with Intune further elevates email security by streamlining the enforcement of these policies across managed endpoints.
Continue Reading
The DLP email scanning feature
Data Loss Prevention might not be a topic that everyone is well-versed in, but it’s crucial for anyone involved in governance and compliance. Recently, a new DLP feature in Outlook was introduced that scans emails for sensitive information before they are sent. If sensitive content is detected, a policy tip is displayed, giving the user a chance to address the issue before the email leaves the outbox.
Previously, users would only be notified of policy violations after an email had already been sent, resulting in the email being bounced back. With this new feature, organizations can avoid confusion and streamline the user experience by providing real-time alerts. Users are informed immediately if their email contains sensitive information, prompting them to take corrective action.
Deploying the feature using Microsoft Intune
Microsoft Intune is a powerful tool that organizations can use to manage and configure settings across their endpoints. Although there isn’t extensive documentation for setting up the DLP email scanning feature with Intune, the process is fairly straightforward.
To configure the oversharing popup, you can create a new device configuration profile in Intune for Windows 10 and later versions. Using the “Settings catalog” profile type, you’ll need to enable the “Specify wait time to evaluate sensitive content” setting in Microsoft Outlook. This setting ensures that emails are scanned for sensitive data before they are sent, and a pop-up notification appears if sensitive content is detected.
The configuration allows organizations to define a time limit for the DLP policy evaluation. If the policy check is not completed within the set time, a “Send Anyway” option is presented to users, allowing them to bypass the check in specific scenarios. However, if a higher sensitivity is required, the feature can be set to hold the message until the policy evaluation is complete, without the option for users to override.
Streamlining end-user experience
Without the oversharing configuration, users would experience the traditional DLP process, where the email leaves the outbox and then bounces back if it violates any DLP rules. This can confuse users and disrupt workflow. The new oversharing popup provides a more user-friendly approach by alerting users before they send an email, helping them address any compliance issues within the original workflow.
For example, if an email contains a document labeled with a sensitive classification, the oversharing popup will alert the user that sharing this information is not allowed. This seamless integration into the user’s workflow ensures they remain compliant without unnecessary delays or confusion.
Testing in different environments
The DLP feature works consistently across different versions of Outlook, including the new Outlook client. When users attach a sensitive document to an email, the DLP policy will automatically apply the appropriate sensitivity label and provide a notification if external sharing is restricted. This immediate feedback helps users take corrective action before any data is compromised.
This functionality also extends to other Microsoft applications like Word, where users are similarly notified when trying to share a sensitive document directly. These policies ensure that sensitive information remains secure no matter how users attempt to share it.
Conclusion
Implementing the DLP email scanning feature via Microsoft Intune is a significant enhancement in data security. Rather than waiting for bounced-back emails, users receive real-time notifications and can resolve potential data breaches before they happen. With Intune, organizations can deploy this feature across all managed devices, ensuring consistency and compliance throughout the entire network.
By integrating DLP with Intune, AVASOFT helps organizations protect their data effectively, streamlining security measures and enhancing the overall email experience.
