Using DLP to protect sensitive sites

by HubSite 365 about AlbertHoitingh.com

Pro UserSecurityLearning Selection

Reading time: 5 minutes During some configuration on DLP rules, I came across the term “sensitive sites”.

The author's previous examination of data loss prevention (DLP) led to the discovery of the term "sensitive sites". The term was found during configurations on DLP rules within the DLP policy Actions section. The focus of this post is endpoint DLP, noted as one of the most complex components within Microsoft Purview. "Sensitive sites" relate to endpoint DLP's functionality of monitoring sensitive files activity on endpoints, such as Windows or Mac.

Proper licensing and onboarding to Microsoft Purview is required for this to function.
Endpoint DLP distinguishes itself with its wide range of configurable options.
Settings pertaining to sensitive sites are located in the "Browser and domain restrictions to sensitive data" component.

"Sensitive sites" is not used terminology-wise in this interface as it was renamed "Sensitive service domain". The usage of "sensitive sites" in the DLP rule while absent in the interface can potentially lead to confusion. Exploration and explanatory interest is sparked on other settings such as Unallowed Browsers, Service Domains, and Sensitive service domain groups.

Diving Deeper Into Sensitive Sites

The categorization of "sensitive sites" within DLP rules involves complex aspects of Microsoft's data protection mechanisms. Crucial distinctions are drawn between settings like Unallowed Browsers, Service Domains, and Sensitive service domain groups. Understanding these settings is vital for effective implementation and functioning of DLPs. Adequate licensing, Microsoft Purview and Microsoft Defender for Endpoint onboarding are prerequisites for successful utilization. Endpoint DLP, with its array of configuration options, further underscores the depth and breadth of data protection considerations in Microsoft's frameworks.

Read the full article Using DLP to protect sensitive sites

Learn about Using DLP to protect sensitive sites

Data Loss Prevention (DLP) is a powerful tool for protecting sensitive data on endpoints such as Windows or Mac computers. Endpoint DLP can be used to monitor actions that are performed on sensitive files, and includes the ability to set up restrictions for certain browsers and domains. These restrictions are known as "sensitive sites," and can be configured through the "Browser and domain restrictions to sensitive data" component of the DLP policy. Sensitive sites can be further divided into "Unallowed browsers", "Service domains", and "Sensitive service domain groups". Unallowed browsers are browsers that are not allowed to access sensitive data, while Service domains are domains that can access sensitive data. The Sensitive service domain groups are a combination of the two, allowing certain domains to access sensitive data while blocking others. In addition, safe USB devices can also be identified and trusted, allowing for the secure transfer of sensitive data from one endpoint to another.

Keywords

Microsoft DLP, Data Loss Prevention, Endpoint Protection, Endpoint DLP, Unallowed Browsers, Service Domains, Sensitive Service Domains.