DLP in SharePoint & OneDrive
Understanding the Concept
SharePoint and OneDrive DLP protects data at rest (stored files) and at the point of sharing. It can block downloads, sharing, and even access to matched files.
DLP for these services depends on the search index - files must be indexed before policy evaluation. New or modified files may have a delay before policies apply.
Sharing link types matter: organization-wide links, specific people links, and anonymous links each have different policy implications.
Key Points
- File Scanning: Content indexed and scanned for SIT matches
- Sharing Controls: Block or warn on sharing externally
- Access Blocking: Can prevent access to matched files entirely
- Sync Blocking: Prevent syncing matched files to local devices
- Retention: DLP can trigger retention actions
SharePoint/OneDrive DLP Flow
File Upload
User uploads or creates file in SP/OD
Indexing
File content indexed by search service
Policy Scan
Indexed content scanned against DLP policies
Match Detection
SITs detected, confidence calculated
Marking
File marked with DLP match, icon shown
Action Enforcement
Sharing/access blocked based on policy
Why This Matters in Real Organizations
SharePoint and OneDrive are where most organizational data lives. Without DLP, sensitive files can be shared with anyone with a link. Proper DLP prevents accidental and intentional data exposure.
Common Mistakes to Avoid
Interview Tips
- Explain the indexing dependency
- Discuss the various enforcement options
- Mention the user experience for blocked files
Exam Tips (SC-401)
- Know the different actions available for SP/OD
- Understand indexing latency implications
- Know how sensitivity labels interact with DLP
Course Complete!
You've finished all lessons