The Channel logo


By | Tim Anderson 28th October 2014 17:52

Microsoft unwraps new auto data-protection in Office 365 tools

'Heyy, it looks like you're writing down stuff that's best not written down!' 'F*ck off, Clippy'

Microsoft is expanding its Data Loss Prevention (DLP) tools. DLP is a way of tagging content to mark it as sensitive data and subject to policy, such as a rule that states “data must be encrypted” or “may not be shared outside the organisation”.

DLP is already available for email in Exchange, Outlook and Office 365, and is now being added to SharePoint Online and OneDrive for Business. DLP is also being added to Excel, Word and PowerPoint from early 2015.

Admins will be able to set policy in an Office 365 Compliance Center and have this automatically applied through all these products.

DLP supports manual tagging but goes beyond it.

“We’re providing deep content analysis through our classification engine,” explains Principal Program Manager in Information Protection Jack Kabat in a video. The engine will use RegEx patterns and more to find data such as credit card number or social security identifiers, and automatically tag documents accordingly.

If the system detects a violation it will generate a report, with items such as “Rule Matched: PCI DSS: content shared externally”, "Rule Actions: Notify User”.

The add-ins for Office applications will inform users at the time of content creation if they are creating data that is detected as sensitive, and provide users with “policy tips.”

Excel automatically detecting sensitive data

“With these new DLP capabilities, you can have complete control to protect sensitive information anywhere in your organization,” says a post penned by Kabat along with product manager Shobhit Sahay.

DLP will be attractive to organizations worried about spilling secrets or breaching regulatory compliance and being slapped with fines, but is it effective? Automatic content recognition is imperfect, as those who remember Office 97 and Clippy’s incessant interjection, “it looks like you’re writing a letter” will know.

Another snag is that if users are determined to share data, they probably will, if only by crude techniques like photographing the screen, or turning to alternative applications (a new opportunity for OpenOffice?) which are less intrusive.

The justification for approaches like this is that it helps users to do the right thing by giving then a nudge at the right moment.

You can “refine your DLP activity so you don’t affect the productivity of your end users,” promises Microsoft - but we foresee new opportunities for annoyance. ®

comment icon Read 19 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe