Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the M s. 3. 65 Security Administration. Course.
00:05
I'm your instructor, Jim Danes.
00:07
We're a module for industry 65 3rd protection less than three. Data loss prevention,
00:14
part two. Working with deal t
00:18
This lesson. We're going to go over how deal? P integrates with the foul classification and thanks F c I.
00:24
We're gonna look more at deal P policy creation, configuration and customization.
00:29
And how does Cindy lp alert Stewed administrators
00:33
in this 3 65 can use a deal p policy to identify, monitor and protect sensitive information.
00:40
The deal P policy can be created in Mystery 65 that recognizes properties that Windows server FC I has applied the documents.
00:50
Oh, wait.
00:52
This kind of blurs on prim and in the clown, doesn't it? Yes, it does
00:59
deal P policies or not retroactive.
01:02
When you create a policy doesn't automatically go out and do everything.
01:06
Only new content edit. The content will be detected automatically after policies enabled.
01:11
A manual re index is needed to detect existing content.
01:18
If you create a new deal P policy and you have 1000 documents sitting on your file server
01:23
isn't me like OK, well, I don't care about this.
01:26
However,
01:27
if a new documents created after the policies created is gonna check it out
01:33
to get those 1000 documents that pretty existed that policy,
01:36
you have to do a manual re index. Then that policy will go through those 1000 documents.
01:42
That's an important key to remember
01:47
before Policy can be enforced
01:49
course as to be created.
01:51
So let's look at creating the policy from a building policy template.
01:57
We go into the security compliance center, go to data loss prevention, got a policy
02:00
creative policy
02:02
for this one must do financial and US financial data. So US financial data is one of the built in pre defined, sensitive information types.
02:14
We're gonna name it US financial data
02:16
and choose locations.
02:19
You can have it unified, which is the first radio button toe where you protect content in exchange teams.
02:25
One drop in SharePoint
02:28
or, if you want, you have a deal P policy for one specific service. If you just want for exchange, for example,
02:36
if you go into customized of locations,
02:38
it was just like a content search. Like it, he discovered search
02:43
so you can go then exclude accounts
02:46
there's tons of capabilities. If you want a policy that just applies to starting members within the department, you could do that
02:53
if you want to just applies to
02:55
three SharePoint sites. Yeah, you can do that. It's very granular and very flexible.
03:01
So now since we define the location, we're gonna look at
03:07
customization settings.
03:09
We're going to detect the content when it's shared. You can do people outside
03:15
or only on the inside.
03:16
If something's shared externally, you can have a different policy than if something shared internally.
03:23
So here's some of the advanced settings we can do. We could have multiple rules in the same policies. You can have your internal and external sharing
03:31
within the same policy.
03:34
Do you detect your volume
03:36
if it's a low volume with high volume, so you can go say at there's five
03:43
financial records within undocumented triggers. What there's 10 with was one was theirs, too.
03:47
If all these different thresholds that you can set
03:53
next, we're going to choose what happens when the policy triggers this is the action
03:59
because some policy tips and you know notifications can be set up here
04:02
for restrictions and encryption. Weaken block the content from being shared. Or we can force encryption and exchange FX a email message.
04:12
We can
04:13
test out the policy
04:15
or turn it on right away.
04:18
You can even restrict the scope of your testing
04:20
if you choose the locations
04:24
and do your test base from that,
04:27
the policy is ready to go off. Then you can go back,
04:30
open the scope up,
04:31
widens, go
04:33
and enable it.
04:35
That's always best practice.
04:38
Usually, we test things in I T.
04:40
Or his financial made will be test and auto department purchasing.
04:44
H or for P I.
04:46
You can never just go down, even to a couple of users.
04:49
Test them, see how it works.
04:51
Make sure everything's correct. Feedback is good. Expanded Tesco.
04:57
The back is good, then expanded out to your whole organization.
05:00
Remember, you don't have to turn it one for everybody. All lost testing is a good thing.
05:05
Helps eliminate user frustration, which increases adoption.
05:11
Once everything was good. We just review our settings and click on create
05:17
to edit an existing DLP policy.
05:20
We sign in the n 3 65 admin and go to the security compliance. Seven.
05:25
Get a policy that most prevention policy then we select the policy we want to edit.
05:30
We pull it up and we got at it.
05:33
This is a
05:34
closer view of the volume thresholds
05:39
within those policies, and within those rules,
05:42
accuracy tweaking can help decrease false positives.
05:46
Always tweet during testing.
05:48
Testing is your time to determine efficacy
05:51
and determined false positives
05:54
that match your policies. Risk
06:00
instance. Count one to any there's could be customized accuracy. Men Max. There's going to customize as well.
06:08
Additional rule settings conclude user over US Exceptions Actions User notification incident Report Options.
06:15
You can require a user to provide a business justification to overrun,
06:20
or you can Voronin automatically if they reported as a false positives.
06:26
Incident Reports admits. Configure inaction to generate incident reports f an event occurs.
06:32
Here's an example of the incident report
06:35
to where the service was exchanged.
06:38
It goes through
06:40
all of these different informations person sharing to from severity. If it's a false positive or over Ron that the user did those that we just saw in the previous frame that will be long as well.
06:54
It will tell you how it mass
06:55
the rule that amassed
06:57
the action Taken one. It's a very good
07:00
mechanism when you start to develop the LP policies,
07:06
quis the quickest way to start using Deal P policies is to create a new policy from any existing template. True or false.
07:15
Of course, the answer to that is true.
07:17
Same place where, therefore, reason the template makes something harder.
07:21
It shouldn't be a template
07:26
to create a custom DLP policy. The first couple steps you upload a document with the need of property into industry. 65.
07:32
You create a manage property insert 0.1 on
07:38
this
07:39
crawls the property within industry. 65.
07:44
Step three. We created the LP policy. It's a condition document. Contains Values are not available in the U on. We gotta east ourselves
07:53
ourselves to the rescue.
07:54
We have new set. Get those with the verbs.
07:58
National Command
07:59
GOP Compliance policy
08:01
So new GOP compliance policy said
08:05
deal. Be compliance policy. Get DLP components policy
08:11
to recap The lesson. A deal P policy can be created in Mystery. 65 recognizes properties that Windows Server FC I has applied the documents
08:20
before Deal P can be enforced. A GOP policy isn't heated.
08:26
Administrators can configure inaction to generate incident reports
08:30
F A DLP event occurs.
08:33
Thank you for joining me on this lesson. All about GOP.
08:37
You see, for the next one take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor