Microsoft 365 data loss prevention policy in effect March 5, 2021
From: Division of Information Technology
On March 5, 2021, Collaborative Computing Solutions (CCS) will enable a security feature within Virginia Tech's Microsoft 365 environment, using Exchange Online Data Loss Prevention (Exchange DLP). Exchange DLP is a built-in security feature that scans email content as it is being drafted to identify potentially sensitive information, such as social security and debit or credit card numbers.
CCS is enabling this feature in compliance with the university’s Standard for High Risk Digital Data Protection, which establishes minimum security requirements, such as encryption, to protect personal and sensitive data on university systems. This standard applies to both Exchange Online and Gmail. However, the enabled feature only applies to Exchange Online email.
If Exchange DLP detects potentially sensitive content in and email being written in the Outlook desktop client or web app, the following awareness message will appear at the top of the draft:
“Policy Tip: This item appears to contain the following sensitive information: [U.S. Social Security Number (SSN) and/or Credit Card Number as applicable]. Please be aware of the Virginia Tech sensitive data protection policy at https://it.vt.edu/content/dam/it_vt_edu/policies/Standard-for-High_Risk_Digital_Data-Protection.pdf.”
The Exchange DLP feature is intended to caution users regarding minimum encryption requirements when sharing this information with others; however, it does not prevent a user from sending an email containing sensitive information. Virginia Tech students, faculty, and staff who use Exchange/Outlook are reminded to take one of the following measures before transmitting sensitive information via email:
- Create an encrypted document containing the information and then send that encrypted document as an attachment
- Encrypt the email before sending
- Use Microsoft 365 Sensitivity Labels available in Azure Information Protection to help protect the information.
Please submit a 4Help ticket or contact the Help Desk at 540-231-4357 with any questions or concerns regarding this change.
- Exchange Data Loss Prevention in the 4Help Knowledge Base
- Data storage compliance for VT Google Mail (Gmail)
- Protecting Sensitive Data from the IT Security Office
- Policy 7000: Acceptable Use and Administration of Computer and Communication Systems
- Standard for High-Risk Digital Data Protection
- More information technology policies and standards