A Sanctioned Data Loss Prevention (DLP) policy defines the criteria for generating a violation for cloud services that are sanctioned for use by employers, and optionally sets specific actions that are triggered in response to the detected incidents for sanctioned services.
To view and administer your DLP policies, go to Policy > DLP Policies.
The DLP Policies page provides the following actions and information:
- Filters. Select options on the Filters tab to scope down your search.
- Search. Search Policies via the Omnibar.
- Actions. Click to perform the following actions.
- Sanctioned Policy. Sanctioned cloud services are services that are sanctioned or provided by your enterprise for employee use, like Microsoft Office 365.
- Shadow/Web Policy. Shadow cloud services, like Facebook, are accessed by employees but aren't specifically sanctioned for employee use.
- Create New Policy. Click to Create a Shadow/Web DLP Policy.
- Activate Policy
- Deactivate Policy
- Delete Policy
- Edit Table Columns
- Evaluate Policy. Test your policy to make sure it is detecting the correct incidents. For details, see Evaluate Policy.
- Policy Name. Displays the name of the DLP Policy. Click the link to edit the policy.
- Description. (Optional.) Display the description of the DLP Policy.
- Status. Displays the status of the policy: active or inactive.
- Deployment Type. Displays the type of deployment: API or Proxy.
- Service Instances. Displays the number of instances of the policy used.
- Last Updated. Displays the date and time that the policy was last updated.
- Last Updated By. Displays the username that last updated the policy.
DLP Policy Cloud Card
Click the table row of a policy to display the DLP Policy Cloud Card.
The DLP Policy Cloud Card provides the following information:
- Name. Displays the name of the DLP Policy.
- Description. Displays the description of the DLP Policy.
- Services. Displays the name of the Services that use the policy.
- Deployment Type. Displays the type of the deployment: API or Proxy.
- Policy Origin. Displays the origin of the policy.
- Policy Status. Displays the status of the policy: On or Off.
- Action. Select to Edit Policy or Delete Policy.
- Associated Scans. Displays the name of associated scans, if any.
- History. Displays the policy history, including time, date, and username of the last update.
For Microsoft Word documents, there is a limitation where DLP policies cannot currently inspect text inside charts and bookmarks.