 Hello, my name is Sam and I'm Director of Consulting at Tech Impact, a nonprofit technology services provider. Today I want to talk with you about how to configure simple data loss prevention policies using the Microsoft Cloud to help keep your data safe. Data loss prevention policies allow you to keep an eye on information that's being shared out of your organization that maybe shouldn't be like social security numbers or credit card numbers. Before we get started, you need to make sure that you're using E3 or higher Office 365 licenses. Data loss prevention policies in Office 365 require this level. There is more you can do with an E5 license or with one of the enterprise mobility and security licenses. That includes very detailed policies and actions, looking in other systems besides just Office 365 like Box or Dropbox or Salesforce, and also manual file classification by your users. Okay, so let's go ahead and get started. Everything we do today is going to be from the Office 365 administrative control panel. So let's log in. You'll see that I'm entering into factor authentication. This is something that all of you should do if you're not already doing. Let's go ahead and open up the admin control panel. And from here, I'm going to open up the security and compliance center. This is a consolidated location where you can do most of the basic security and compliance configuration of Office 365. Today we're going to be in the data loss prevention section, and let's go ahead and click on policy. I already have a couple of policies set up here, but I want to create a new policy. So let's go ahead and click on create a policy. One of the benefits of doing this with Office 365 is that they've already set up most of the common templates that you might be looking for. So I might be a mental health services organization, and maybe I need to worry about HIPAA information. I'm going to select medical and health, and then I'm going to scroll down and find the US Health Insurance Act template for HIPAA. When I click on this, we'll see that I am looking for social security numbers and DEA numbers. Let's go ahead and click next. I'm going to provide my policy with a name, and I'm going to tell Office 365 where I'm looking for content. By default, I'm looking for email and OneDrive and SharePoint. I could choose other locations too, but I really want to know everywhere that privileged information is that's being shared. I'm going to use simple settings, and I'm going to detect when this content is shared with people outside of my organization. That's really what I care about. It's okay to keep this information in Office 365 since it is a HIPAA compliant system. Let's go ahead and click next. At this point of a few settings, for testing I'm going to make this just one. I want to know when even one social security number is being sent outside of the organization, and I'm going to send incident reports to email. I also want to actually block people from sharing information, so I don't want to allow them to send it at all. Let's go ahead and click next, and let's turn it on. And that's it, the policy is created. Let's go ahead and log into Webmail, and I want to show you how this actually works. So I'm going to go ahead and write a new email. Let's click on new, and I'm going to send this to my actual Tech Impact account, which is outside of this particular Office 365 incident. Now here I just pasted a template. This is fake credit card and social security information. Let's go ahead and send this. So I sent the mail. Let's go ahead and let's take a look in my inbox, and here we'll see that I have a couple of notifications that something was blocked. The first one I get is a notification saying that this particular email contains sensitive information. Then I get a notification that it's been blocked, and then as an administrator I'm getting a notification that someone has sent an email message that has sensitive information in it. These same notifications will also be generated if I create a file that contains sensitive information and share it outside of the organization. In that case the detection isn't real time, it happens at regular intervals throughout the day, but it will notify an administrator and myself and then remove access to that file. Thanks for watching this video, and I hope it's been helpful in showing you how to set up simple data loss prevention policies using Office 365.