Menu

Data Loss Prevention – User Guide

To protect sensitive data (email, documents) from being erroneously sent or shared externally, SUNY Downstate has implemented Office 365 Data Loss Prevention (DLP).  DLP will scan all email and documents sent or shared externally for sensitive information.  If sensitive information is found, users will be presented a warning and be blocked from trying to email or share Onedrive or Sharepoint documents externally. Users will be able to override the warning and still be able to send as long as a valid business reason is entered. Any sensitive email that is sent outside Downstate will also automatically be encrypted by the system.  Sensitive data includes any email or document containing a Social Security Number, Credit Card, HIPAA or other information deemed sensitive by Security and Compliance.

 

When trying to send an email containing sensitive information externally using Microsoft Outlook, a policy tip will appear on the top the email telling the user that the message conflicts with a policy in your organization.   This message will appear when sensitive information is typed into the body of the message or if an attachment being sent contains sensitive information.  The user can then click “override” to continue sending with proper business justification or just remove the external users from the recipient list.

screen shot 1

 

If the user just clicks send, the message is blocked from being sent and the following message will be displayed:

screen shot 2

 

If the user clicks the override then the dialog below will be displayed.  If the user determines that the email should be allowed, then they must enter a business justification in the line provided and click Override.  If they believe the message was blocked in error and that there is no sensitive data included they can click “This message does not contain sensitive information” and click Override.

screen shot 3

 

Once overridden, the policy tip will change indicating that the user chose to send the message even though the message contains sensitive information.  The user can then click send to send the message.

screen shot 4

 

Once the message is sent, the user will also receive an email message from Postmaster telling them that a message was sent outside that conflicts with a policy and what type of sensitive information was included.  The system administrator will also receive a similar email notifying them that sensitive information was sent externally.  The system will also automatically encrypt the message and the external recipient of the message will receive this message encrypted.  The message the sending user receives will look something like this:

screen shot 5

Here is what users will see when trying to send an email containing sensitive information externally using Microsoft Outlook Web Access (OWA).  A policy tip will appear on the top the email telling the user that the message conflicts with a policy in your organization.   This message will appear when sensitive information is typed into the body of the message or if an attachment being sent contains sensitive information.  The user can then click Show details to see more information on the type of data that was caught.  In addition there will an option presented to override the block and be allowed to continue sending the message with proper business justification or just remove the external users from the recipient list.

screen shot 6

 

Press Show Details to see more detail and options.

screen shot 7

 

If the user just clicks Send, the message is blocked from being sent and the following message will be displayed:

screen shot 8

 

If the user clicks the Override, then the dialog below will be displayed.  If the user determines that the email should be allowed, then they must enter a business justification in the line provided and click Override.  If they believe the message was blocked in error and that there is no sensitive data included they can click “This message does not contain sensitive information” and click Override.

screen shot 9

 

Once the message is overridden, the policy tip will change indicating that the user chose to send the message even though the message contains sensitive information. The user can then click Send to send the message.

screen shot 10

 

Once the message is sent, the user will also receive an email message from Postmaster telling them that a message was sent outside that conflicts with a policy and what type of sensitive information was included.  The system administrator will also receive a similar email notifying them that sensitive information was sent externally.  The system will also automatically encrypt the message and the external recipient of the message will receive this message encrypted.  The message the sending user receives will look something like this:

screen shot 11

Here is what users will see when trying to share a file externally from OneDrive or Sharepoint containing sensitive information.  When clicking the Share option and enter an external email address to share the document with, a policy tip will appear on the top of the Send Link dialog box telling the user that the document contains sensitive information and cannot be shared externally..  The user can then click View policy tip to see more information on the type of data that was caught.  In addition, there will an option presented to override the block and be allowed to continue sharing the document with proper business justification or report that the document was caught in error. 

screen shot 12

 

The user is blocked from sharing the document and the Send button is greyed out.  Press View policy tip to see more detail and options.

screen shot 13

 

If the user clicks the Override, then the dialog box is expanded to allow the user to enter a business justification in the line provided and can then click Submit to continue sharing the document.  You can also additionally report the issue as a false positive and that the document was blocked in error by click the Report an issue button.   You will still need to click Override and submit a business justification to continue sharing the document.

screen shot 14

 

Once overridden, a message will appear on the bottom indicating that the policy has been overridden and can click the back button to continue sharing the document.

After clicking the back arrow, the Send Link dialog will appear again but this time the Send button can be clicked to send the link.  Click Send to send the document.

screen shot 15

 

Once the document has been shared, the user will also receive an email message from no-reply@sharepointonline.com (shown below) telling them that an item was shared outside that conflicts with a policy and what type of sensitive information was included.  The system administrator will also receive a similar email notifying them that sensitive information was shared externally.

screen shot 16