Skip to main content

Configure DLP Application Policy and Assign it to a Group

42Gears has integrated DLP features for O365 using Microsoft’s Graph APIs to allow better management of Office 365 apps and tools in organizations.

Admins can configure the DLP application policy for Office 365 applications and assign it to a group using the Azure AD portal or SureMDM Web Console.

Using Azure Portal

Admins can create a DLP policy for Office 365 applications and assign it to a group using the Azure portal.

To configure DLP policies for Office 365 applications using the Azure portal, follow these steps:

note

The below-mentioned steps are given for App protection policies.

  1. Navigate to the Azure AD portal and search for Intune.

  2. Click Intune > Apps > App Protection Policies > Create Policy.

  3. Select the Platform (Android /iOS).

  4. On the Add Configuration Policy screen, enter the Policy name and Description, then click Next.

  5. Under the Apps tab, click Select public apps, and then search for and select the Microsoft O365 Apps.

  6. Click Select > Next.

  7. In the Data Protection tab, configure the policies as per your requirements and click Next.

  8. In the Access Requirements tab, configure the policies as per your requirements and click Next.

  9. In the Conditional Launch tab, configure the policies as per your requirements and click Next.

  10. In the Assignments tab, to assign the policy to any Group, click Select Groups to include linktext.

note

  • In the case of excluding the group, click Select Groups to exclude linktext.

  • Include the group and click Select > Next.

  • In the Review and Create tab, click Create. The policy will be created.

The policy will be applied to the selected Office 365 apps for the users in the group. The policy created and assigned to a group in the Azure portal will get synced and reflected under the Profiles > Office 365 section of the SureMDM Web Console as well. Click here to get more information on synchronizing Azure Portal Groups and Policies with the SureMDM Console.

Using SureMDM Web Console

To configure DLP policies for Office 365 applications using the SureMDM Web Console, follow these steps:

  1. Navigate to SureMDM Web Console > Profiles > Office365 > Add > Select the Platform.

  2. Enter the Policy Name and Description.

  3. Configure the DLP settings:

  • Data Transfer - Allow/block the data backup, control sending/receiving of data between apps, restrict cut-copy-paste between apps, allow/block screen capture, and Google Assistant.

  • Encryption - Allow to encrypt and secure the data.

  • Functionality - Allow/block data printing, sync apps with native contact apps, and ensure the sharing of web content with policy-managed browsers only. 

  • Access requirements - Admins can set up different access types to access Office 365 applications, like numeric PINs or passcodes, fingerprints, touch ID, face ID, and work/school account credentials.

  1. Click Save.

    The newly created policy will be listed under the Create Policies and Assign to Groups section .

note

Admins can Modify/ Delete/ or refresh the policies.

  1. Select the created policy from the list and click Assign to Groups.

    The restriction policy will be applied to the selected Office 365 apps for the users in the group. The policy created and assigned to a group in the SureMDM Web Console will get synced and reflected in the Azure AD portal as well.