3.4 Ensure DLP policies are enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Enabling Data Loss Prevention (DLP) policies allows Exchange Online and SharePoint Online content to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.


Enabling DLP policies alerts users and administrators that specific types of data should not be exposed, helping to protect the data from accidental exposure.


Enabling a Teams DLP policy will allow sensitive data in Exchange Online and SharePoint Online to be detected or blocked. Always ensure to follow appropriate procedures in regards to testing and implementation of DLP policies based on your organizational standards.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To enable DLP policies, use the Microsoft 365 Admin Center:

Under Admin centers Select Compliance to open Microsoft 365 compliance center..

Under Solutions select Data loss prevention then Policies.

Click Create policy.

See Also