IronSights

Microsoft 365 & cloud

Data Loss PreventionDLP

A set of policies and controls that detect and prevent sensitive data from being shared, transferred, or accessed in ways that violate organisational security or compliance requirements.

Also known asDLPdata loss preventiondata leakage prevention

In plain English

DLP policies automatically monitor how sensitive data — credit card numbers, tax file numbers, health records — is being used. They can block emails containing this data from being sent externally, warn users before they share a confidential file, or generate alerts when data appears in unexpected locations.

Full definition

DLP works by scanning data in motion and at rest against a set of rules you define. Those rules can be as specific as blocking any email that contains a string matching Australian tax file number format, or as broad as flagging any file labelled "Confidential" that gets attached to a message going to a personal Gmail address. DLP applies these policies across , , Teams, and endpoint devices, so the same rule covers email, file sharing, and what employees copy to USB drives.

The practical consequence of not having DLP in place shows up quickly. A payroll spreadsheet forwarded to the wrong distribution list. A sales rep emailing a customer database to their personal account before resigning. A contractor posting a document to the wrong SharePoint channel. None of those require malicious intent; they just require someone to click the wrong button. DLP intercepts those actions before they become a breach notification under the .

What good DLP policy design looks like

Policies can block, warn, or log depending on severity. A block stops the action outright. A warning lets the user override if they have a business reason, but records the decision. Logging does nothing visible to the user but captures the event for audit. Most organisations start with warn-and-log for a period to understand what their data actually does before turning on hard blocks.

  • Classify data before writing policies. Purview give DLP rules something concrete to act on.
  • Start in audit mode to see what would have been blocked, without disrupting legitimate workflows.
  • Apply stricter rules to high-risk scenarios: external recipients, personal email domains, USB transfers.
  • Review policy match reports monthly. False positives erode user trust and get bypassed.

Keep learning

More terms in the IronSights Glossary.

What is Data Loss Prevention? | IronSights Glossary