Cloud DLP
Apply Data Loss Prevention policies to cloud applications connected to Microsoft Defender for Cloud Apps.
Note: Requires Microsoft Defender for Cloud Apps with E5 or E5 Compliance license.
Overview
- Active Policies — DLP policies applied to cloud apps
- Policy Matches — Content items matching DLP rules
- Blocked Actions — Sharing or download actions blocked
Supported Apps
| App | DLP Capabilities |
|---|---|
| SharePoint Online | Content inspection, auto-labeling |
| OneDrive | File scanning, sharing restrictions |
| Exchange Online | Email and attachment scanning |
| Teams | Chat and channel message inspection |
| Third-Party (via MCAS) | File scanning for Box, Dropbox, Salesforce |
Policy Configuration
- Choose template or create custom policy
- Select monitored locations and apps
- Define sensitive info types to detect
- Configure actions (block, encrypt, notify)
- Test in simulation mode before enforcing
Actions
- Block sharing — Prevent external sharing of matched content
- Apply encryption — Auto-encrypt matched files
- Notify admin — Alert compliance team on matches
- Generate incident — Create DLP incident for review
API Reference
GET /api/security/cloud-dlp/policies— List policiesGET /api/security/cloud-dlp/matches— List matchesGET /api/security/cloud-dlp/reports— Get reports
Last updated on