Using DLP to protect sensitive sites
Image Source:
Aug 25, 2023 1:00 PM

Using DLP to protect sensitive sites

by HubSite 365 about

Pro UserSecurityLearning Selection

Reading time: 5 minutes During some configuration on DLP rules, I came across the term “sensitive sites”.

The author's previous examination of data loss prevention (DLP) led to the discovery of the term "sensitive sites". The term was found during configurations on DLP rules within the DLP policy Actions section. The focus of this post is endpoint DLP, noted as one of the most complex components within Microsoft Purview. "Sensitive sites" relate to endpoint DLP's functionality of monitoring sensitive files activity on endpoints, such as Windows or Mac.

  • Proper licensing and onboarding to Microsoft Purview is required for this to function.
  • Endpoint DLP distinguishes itself with its wide range of configurable options.
  • Settings pertaining to sensitive sites are located in the "Browser and domain restrictions to sensitive data" component.

"Sensitive sites" is not used terminology-wise in this interface as it was renamed "Sensitive service domain". The usage of "sensitive sites" in the DLP rule while absent in the interface can potentially lead to confusion. Exploration and explanatory interest is sparked on other settings such as Unallowed Browsers, Service Domains, and Sensitive service domain groups.

Diving Deeper Into Sensitive Sites

The categorization of "sensitive sites" within DLP rules involves complex aspects of Microsoft's data protection mechanisms. Crucial distinctions are drawn between settings like Unallowed Browsers, Service Domains, and Sensitive service domain groups. Understanding these settings is vital for effective implementation and functioning of DLPs. Adequate licensing, Microsoft Purview and Microsoft Defender for Endpoint onboarding are prerequisites for successful utilization. Endpoint DLP, with its array of configuration options, further underscores the depth and breadth of data protection considerations in Microsoft's frameworks.


Read the full article Using DLP to protect sensitive sites

Learn about Using DLP to protect sensitive sites


Data Loss Prevention (DLP) is a powerful tool for protecting sensitive data on endpoints such as Windows or Mac computers. Endpoint DLP can be used to monitor actions that are performed on sensitive files, and includes the ability to set up restrictions for certain browsers and domains. These restrictions are known as "sensitive sites," and can be configured through the "Browser and domain restrictions to sensitive data" component of the DLP policy. Sensitive sites can be further divided into "Unallowed browsers", "Service domains", and "Sensitive service domain groups". Unallowed browsers are browsers that are not allowed to access sensitive data, while Service domains are domains that can access sensitive data. The Sensitive service domain groups are a combination of the two, allowing certain domains to access sensitive data while blocking others. In addition, safe USB devices can also be identified and trusted, allowing for the secure transfer of sensitive data from one endpoint to another.


More links on about Using DLP to protect sensitive sites

Data Loss Prevention policy reference
Aug 10, 2023 — A DLP policy can find and protect items that contain sensitive information across multiple locations. Location, Supports Administrative Units ...
Protect Office 365 Sensitive Data with Data Loss ...
May 10, 2023 — With Data Loss Prevention Policy (DLP), you can establish rules to ensure the security of sensitive data within your Office 365 environment.
Data Loss Prevention in SharePoint: Best Practices and ...
Jul 19, 2023 — SharePoint DLP policies are a set of rules that are defined and applied to identify and protect sensitive information within SharePoint. These ...
Discover and protect your sensitive data with Endpoint Data ...
Nov 11, 2020 — Extend information protection controls beyond apps and services to device endpoints with Microsoft Endpoint Data Loss Prevention (or DLP).
What is Data Loss Prevention (DLP)? Definition, Types & Tips
Apr 28, 2023 — Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by ...
Data Loss Prevention
Nov 8, 2021 — Do you want to improve the protection of your sensitive Microsoft 365 data? Click here for a quick rundown on Data Loss Prevention (DLP).
Cloud Data Loss Prevention | Sensitive Data Protection
Use Sensitive Data Protection on or off Cloud​​ With over 150 built-in infoTypes, Cloud DLP gives you the power to scan, discover, classify, and report on data ...
Use Workspace DLP to prevent data loss
DLP gives you control over what users can share, and prevents unintended exposure of sensitive information such as credit card numbers or identity numbers.
Data Loss Prevention - What Is DLP?
Protect sensitive corporate data. Learn about the different types of data loss prevention (DLP) technologies to guard endpoints and secure proprietary info.


Microsoft DLP, Data Loss Prevention, Endpoint Protection, Endpoint DLP, Unallowed Browsers, Service Domains, Sensitive Service Domains.