This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
o365dlp [2018/11/27 13:42] sjoerd |
o365dlp [2018/11/27 13:58] (current) sjoerd |
||
---|---|---|---|
Line 54: | Line 54: | ||
*** Click Next | *** Click Next | ||
** Click Create | ** Click Create | ||
- | * | ||
+ | == Troubleshooting and Testing == | ||
+ | To test the policy you need to send an email with a credit card number. You can use [[https://www.paypalobjects.com/en_AU/vhelp/paypalmanager_help/credit_card_numbers.htm|these creditcard numbers]] to test. \\ | ||
+ | \\ | ||
+ | Sometimes the tooltips do not work. Most common cause is that outlook [[https://support.office.com/en-us/article/outlook-mailtips-options-7839a4ac-e45f-4289-a127-4ce702bedcc2|tooltips are not enabled]]. You can also test the tooltips in https://outlook.office.com. It could also take some time for the tooltips to show. I also experiences the tooltips to randomly work for users. | ||
+ | = GDPR Policy = | ||
+ | The GDPR policy needs a little tweaking. By default only the EU confidential data is protected, but not the Dutch BSN Number. | ||
- | > NB. In exchange online stond er ook een DLP policy aan, net als twee oude in security en compliance portal. Deze zijn allemaal disabled. | + | All the steps are the same as above except for the following parts (and naming and description of course): |
+ | * Choose the template to start with: | ||
+ | ** Adjust the region to European Union and select Privacy -> General Data Protection Regulation (GDPR) | ||
+ | * To add the BSN do the following steps in the Rule of the policy: | ||
+ | ** Go to conditions -> Sensitive Info Types | ||
+ | *** Add -> Sensitive info types | ||
+ | *** Add | ||
+ | *** Scroll down in the list and select Netherlands Citizen's Service (BSN) Number | ||
+ | *** Done | ||
- | > https://www.blackforce.co.uk/2017/04/11/outlook-2016-policy-tips-not-updating | + | == Troubleshooting and Testing == |
- | > https://community.spiceworks.com/topic/2175283-o365-dlp-tooltips-not-working | + | In my experience the EU GDPR data results in a large number of false positives. You could set the match percentage higher (see resources for what the sensitive types match on) or delete the info type from the sensitive info type list. That is a valid option if your company doesn't store these numbers from their customers. |
- | > https://www.paypalobjects.com/en_AU/vhelp/paypalmanager_help/credit_card_numbers.htm | + | |
- | + | ||
- | DLP - GDPR | + | |
- | Name: NL - Privacy Data - General Data Protection Regulation (GDPR) | + | |
- | Description: DLP voor persoonsgegevens | + | |
- | + | ||
- | Edit rule | + | |
- | * | + | |
- | Name: Any volume of EU Sensitive content found | + | |
- | * | + | |
- | Description: Trigger policy if any personal data is found | + | |
- | * | + | |
- | Conditions: | + | |
- | + | ||
- | + | ||
- | * Content is shared with people outside my organization | + | |
- | + | ||
- | + | ||
- | + | ||
- | LET OP; AANPASSINGEN GEMAAKT. | + | |
- | De email wordt mee verzonden, dus om datalekken te voorkomen heb ik de volgende aanpassingen gemaakt in beide regels: | + | |
- | Email notifications: Alleen: Notify the user who sent, shared, or last modified the content. | + | |
- | Verstuur alleen naar mailbox iv soc (dus niet mailbox werken in de cloud) | + | |
- | En vink de volgende informatie uit in het rapport: The item containing the contect that matched the rule, resultaat van het laatste stukje: | + | |
- | + | ||
- | You can also include the following information in the report: | + | |
- | The name of the person who last modified the content: On | + | |
- | The types of sensitive content that matched the rule: On | + | |
- | The rule's severity level: On | + | |
- | The content that matched the rule, including the surrounding text: On | + | |
- | The item containing the content that matched the rule: Off | + | |