The document is a student lab manual for MS500.3x: Data Loss Prevention, detailing exercises for setting up a Microsoft 365 tenant, creating users, and implementing Data Loss Prevention (DLP) policies. It consists of three main exercises: creating and licensing users, creating a DLP policy, and testing the DLP policy by sending sensitive emails. The manual also includes warnings about potential user interface changes in Microsoft cloud tools that may affect the lab experience.
The document is a student lab manual for MS500.3x: Data Loss Prevention, detailing exercises for setting up a Microsoft 365 tenant, creating users, and implementing Data Loss Prevention (DLP) policies. It consists of three main exercises: creating and licensing users, creating a DLP policy, and testing the DLP policy by sending sensitive emails. The manual also includes warnings about potential user interface changes in Microsoft cloud tools that may affect the lab experience.
The document is a student lab manual for MS500.3x: Data Loss Prevention, detailing exercises for setting up a Microsoft 365 tenant, creating users, and implementing Data Loss Prevention (DLP) policies. It consists of three main exercises: creating and licensing users, creating a DLP policy, and testing the DLP policy by sending sensitive emails. The manual also includes warnings about potential user interface changes in Microsoft cloud tools that may affect the lab experience.
The document is a student lab manual for MS500.3x: Data Loss Prevention, detailing exercises for setting up a Microsoft 365 tenant, creating users, and implementing Data Loss Prevention (DLP) policies. It consists of three main exercises: creating and licensing users, creating a DLP policy, and testing the DLP policy by sending sensitive emails. The manual also includes warnings about potential user interface changes in Microsoft cloud tools that may affect the lab experience.
Lab Scenario You are the system administrator for Adatum Corporation, and you have Office 365 deployed in a virtualized lab environment. In this lab, you will set up a Microsoft 365 tenant account, configure and test Data Loss Prevention policies.
There are three exercises in this lab, each of which contains one of more tasks. For a successful outcome to the lab, the exercises and their corresponding tasks must be completed in order. The three exercises include:
- Exercise 1: Create and license users in your organization
▪ Task 1 – Obtain your Office 365 credentials ▪ Task 2 – Create the tenant account for Ramiro Armenta ▪ Task 3 – Create the tenant account for Marguerite Ortiz ▪ Task 4 – Create a Group
- Exercise 2: Create a DLP policy
▪ Task 1 – Create a DLP policy with custom settings
- Exercise 3: Testing DLP Policies
▪ Task 1 – Send sensitive emails (DLP policy)
WARNING – Be prepared for UI changes
Given the dynamic nature of Microsoft cloud tools, you may experience user interface (UI) changes that were made following the development of this training content that do not match up with lab instructions presented in this lab manual.
The Microsoft Learning team will update this training course as soon as any such changes are brought to our attention. However, given the dynamic nature of cloud updates, you may run into UI changes before this training content is updated. If this occurs, you will have to adapt to the changes and work through them in the labs as needed.
Page 1 Exercise 1: Create and license users in your organization Task 1 - Obtain Your Office 365 Credentials Once you launch the lab, a free trial tenant will be automatically created for you to access Azure in the Microsoft Virtual Lab environment. This tenant will be automatically assigned a unique user name and password. You must retrieve this user name and password so that you can sign into Azure within the Microsoft Virtual Lab environment.
1. On the XtremeLabs Online menu bar at the top of the screen, click on the Files drop-down arrow. 2. Click on O365 Credentials. A window will open with your credentials. 3. This is the user name and password you will need to sign in to Azure. Keep this page open as you will need the information later. 4. When the lab directs you to sign in to the Azure portal at https://portal.azure.com, you will sign in using the credentials you obtained in this task.
Task 2 - Create the tenant account for Ramiro Armenta
Perform the following steps to create a Microsoft 365 Enterprise E5 tenant account for Ramiro Armenta:
1. On LON-CL1 open a browser and go to portal.office.com.
2. Login using the O365 credentials you acquired in task 1 earlier. This should take you to the Office 365 console. Click Admin. 3. In the Microsoft 365 admin center under Active users click + Add a user. 4. In the New user screen create the following user: a. First name: Ramiro b. Last name: Armenta c. Username: Ramir d. Domain: Leave the .onmcirosoft.com domain as the default domain e. Role: Global administrator f. Product licenses: Office 365 Enterprise E5 and Enterprise Mobility + Security E5 enabled g. Password: select Let me create the password. Use this password: Pa55w.rd. Uncheck the box that says Make user change password when they first sign in. 5. Click Add. 6. Unmark Send password in email if necessary. Click Close.
Task 3 - Create the tenant account for Marguerite Ortiz
Perform the following steps to create a Microsoft 365 Enterprise E5 tenant account for Marguerite Ortiz:
1. On LON-CL1 open a browser and go to portal.office.com.
Page 2 2. Login using the O365 credentials you acquired in task 1 earlier. This should take you to the Office 365 console. Click Admin. 3. In the Microsoft 365 admin center under Active users click + Add a user. 4. In the New user screen create the following user: a. First name: Marguerite b. Last name: Ortiz c. Username: Marguerite d. Domain: Leave the .onmcirosoft.com domain as the default domain e. Role: Global administrator f. Product licenses: Office 365 Enterprise E5 and Enterprise Mobility + Security E5 enabled g. Password: select Let me create the password. Use this password: Pa55w.rd. Uncheck the box that says Make user change password when they first sign in. 5. Click Add. 6. Unmark Send password in email if necessary. Click Close.
Task 4 - Create a Group
In this exercise you will create two users, required for exercises that will be covered later in this lab environment.
You should still be logged in as admin and see the Admin Center page. Perform the following steps to create users for the lab exercises:
1. Click on Groups on the left tab and select Groups from the menu below. 2. Click on (+) Add a group to open the right New group pane. 3. Fill all the fields to create the WIP Users group: a. Type Mail-enabled security b. Name WIP Users 4. Create the group by clicking on Add. 5. Click Close.
You have now created two users with Microsoft 365 E5 and EMS E5 licenses assigned. Leave your web browser on admin’s Admin center page, in the Users section, and proceed to the next exercise.
Page 3 Exercise 2: Create a DLP Policy In this exercise you will create a Data Loss Prevention policy in the Security & Compliance Center to protect sensitive data from being shared by users.
Task 1 – Create a DLP policy with custom settings
Perform the following steps:
1. Open a new browser window or select the address bar in your browser and go to https://protection.microsoft.com. 2. You should still be signed into Microsoft 365 as admin. However, if you have been signed out of Microsoft 365, then on the Microsoft 365 sign-in page, sign in to admin’s admin@<your tenant here>.onmicrosoft.com account using a password of Pa55w.rd. 3. In the Security & Compliance Center select Data loss prevention from the left pane and click on Policy. 4. Click on (+) Create a policy to open the wizard for creating a new data loss prevention policy. 5. On the template screen, select Custom and Custom policy. Click Next. 6. Type IP Address DLP Policy in the Name field and Protect IP addresses from being shared to the Description field. Click Next. 7. Select All locations in Office 365. Includes content in Exchange email and OneDrive and SharePoint documents. on the next screen and click Next. 8. On the Policy settings page, the option Find content that contains: needs to be selected. 9. Click on Edit to add sensitive data types. 10. Click on Add and select Sensitive info types. 11. Click on (+) Add again. 12. Type into the search field Address and wait till the search results are displayed. 13. Select IP Address from the Sensitive information types. 14. Click Add and Done on the next screen. 15. Check the box on top of the page and make sure, Any of these is selected. 16. Click on Save. 17. Check if the Detect when this content is shared: box is selected. 18. Check if the only with people inside my organization from the dropdown list is selected. 19. The sensitive information types have now been added. Click Next. 20. On the next screen, check that Detect when content that's being shared contains is selected. 21. Change the number from 10 instances of the same sensitive info type to 2 and click Next. 22. Turn the policy on by selecting Yes, turn it on right away. 23. Click Next. 24. Check the configuration on the Review your settings page again and click Create. Click Close.
You have now created a DLP policy that informs your users, if they want to share content that contains IP addresses. Leave your web browser on Ramiro’s Security & Compliance Center page and proceed to the next exercise.
Page 4 Exercise 3 – Testing DLP Policies In this exercise are accessing the clients for the first time. Do not configure the client in advance, because it is enrolled in MDM when configuring the client for the first time, which is required for the following WIP exercise.
Task 1 - Send sensitive emails (DLP Policy)
Perform the following steps:
In an earlier exercise you created a new DLP policy that searches for sensitive information of the type IP Address at all places of your tenant.
In this exercise, you will send an email with sensitive information from Ramiro Armenta to Marguerite Ortiz.
Switch to the management system and perform the following steps:
1. On LON-CL1 sign-out of Microsoft 365 as admin on the browser if you still have it open. You will now sign in as Ramiro. 2. Open a new browser window or select the address bar in your browser and go to https://outlook.office365.com. 3. You should be signed into Microsoft 365 as Ramiro Armenta. However, if you have been signed out of Microsoft 365, then on the Microsoft 365 sign-in page, sign in to Ramiro’s Ramir@<your tenant here>.onmicrosoft.com account using a password of Pa55w.rd. 4. On the Outlook on the web main screen, click on (+) New in the upper left part of the screen. 5. The forms for a new email open. Type the following: a. To: Write down Marguerite and select her email address from the dropdown list b. Add a subject: DLP Policy Test c. Add a message or drop a file here: I will hack this IP address: 192.168.0.1 6. Wait a moment, till the message is saved as a draft. 7. You will see a policy tip above your message fields. 8. Click Send in the lower left part of the screen. 9. Write a second message, by clicking on (+) New in the upper left part of the screen again. 10. The forms for a new email open. Type the following: a. To: Write down Marguerite and select her email address from the dropdown list b. Add a subject: Second DLP Policy Test c. Add a message or drop a file here: Hack the IP address 192.168.0.1 and then the IP address 172.16.0.1. 11. Wait a moment, till the message is saved as a draft. 12. You will see a different policy tip above your message fields. Click on Show details. 13. Click on Override to be able to send the message anyway. 14. Click Send in the lower left part of the screen. 15. Switch users and login as Marguerite Ortiz (marguerite@<your tenant here>.onmicrosoft.com), with the password Pa55w.rd.
Page 5 16. Open a new browser window or select the address bar in your browser and go to https://outlook.office365.com. 17. You will see both messages in your inbox. View how the messages appear for Marguerite. 18. Delete both messages as the last operation in this exercise.
