Microsoft Office 365 Data Loss Prevention FAQ

What is Office 365 Data Loss Prevention? 

Office 365 Data Loss Prevention (DLP) is a service that ensures files within your OneDrive cloud storage (and other Office 365 products) that contain protected or sensitive data are stored and shared appropriately and securely.    

Why does Fordham have Office 365 Data Loss Prevention? 

Fordham has an obligation to the University community to protect information from unauthorized access and illicit use. The Office of Information Technology is a partner in carrying out that obligation ensuring we use all available means to manage secure data in accordance with best practices and compliance regulations. Office 365 Data Loss Prevention assists in ensuring that protected and sensitive data within a Fordham member’s Office 365 account is stored and shared in an appropriate and secure manner. 

Is Office 365 Data Loss Prevention looking at my files? 

Office 365 Data Loss Prevention assesses files in Fordham Office 365 accounts and looks for patterns within those files that match those of protected and sensitive data (such as Social Security numbers, credit card numbers, Fordham ID numbers, etc.) and may not be shared in a secure manner in accordance with Fordham’s Data Classification Policy. 

Is Office 365 Data Loss Prevention making changes to my OneDrive files, or other files within my Office 365 account? 

Office 365 Data Loss Prevention is not making any changes to the data within the files, only the sharing permissions of files in OneDrive accounts that contain numerous unique instances of data Fordham classifies as protected or sensitive. Improperly shared files containing sensitive data may have sharing permissions modified to “private” to only be accessible to you.  

What is considered protected and sensitive data?  

Protected data contains personally identifiable information (PII) such as Social Security numbers and credit card numbers. Sensitive data has been deemed sensitive based on internal standard operating procedures. It contains data such as employee compensation and annual budget information. You can read more about how data is classified within Fordham’s Data Classification Guidelines. The Data Classification Grid describes regulations and policies governing protected and sensitive data. Use it to determine where and how to store your files.

For a list and explanation of the various types of sensitive data that Fordham actively monitors for, via our DLP rules, please click here.

What does Office 365 Data Loss Prevention do when it finds a file with protected and sensitive data? 

If Office 365 Data Loss Prevention finds protected or sensitive data in a file, you may receive an alert from “Office365 (no-reply@sharepointonline.com)” notifying you that the file was shared in an improper manner. The file is not modified, but when you receive the alert it is advised you perform the following steps: 

  1. While viewing or editing the shared file, from the “File” menu select “Share”… 
  1. On the menu that pops up, click the three dots in the upper right corner, then click “Manage access.” 
     
     
  1. On the next menu, click the three dots next to the sharing link, then hit the X to remove the link. Then click “Save” or the back arrow.  
  1. When the sharing is removed, the file should only be shared with specific people. Uncheck “Allow editing” if you want the recipients to only be able to read the file and not change it.   

Sharing protected information with non-Fordham email addresses (including your own personal email addresses) may be inadvisable in many circumstances. Always consult Fordham’s Data Classification Guidelines when in doubt about how best to store and share protected data.