Microsoft Purview Data Loss Prevention (DLP)
Microsoft Purview Data Loss Prevention (DLP) is designed to work with email, OneDrive, and SharePoint to help protect sensitive information, such as Social Security numbers, passport IDs, and driver's license numbers. If confidential data is detected being sent outside of W&L, the system will alert the sender to promote awareness of data protection practices. In addition, confidential data will be automatically encrypted when sending emails internally.
To help answer common questions, please review the FAQs below:
How does Purview DLP work?
It scans email, OneDrive, and SharePoint activity in the background to identify potential confidential data.
Will this prevent me from sending email?
No. Purview DLP will not block any email from being sent.
What happens if I send an email with confidential data?
You'll receive a pop-up reminder about the policy when sending the message, followed by a courtesy email alert afterward.
Does ITS Security monitor these alerts?
Yes. ITS Security monitors the alerts to help verify that the policy pop-ups and courtesy emails are triggering correctly and functioning as intended.
How will internal recipients view encrypted emails?
Recipients will be able to view encrypted emails just like any other message. The encryption does not restrict their ability to see the email content. It simply protects the message during transmission.
Box Shield Classification Labels
Box Shield Classification Labels work with files in Box to help protect sensitive information, such as Social Security numbers, passport IDs, and driver's license numbers. If confidential data is detected, a label will be applied to the document to visually alert the user that the file contains confidential data. Currently, these labels appear only in the web view of Box; they do not display in Box Drive.
Classification Labels Overview
Confidential-PII
- Description: Contains sensitive personally identifiable information (PII), such as Social Security numbers, U.S. passport numbers, or U.S. driver's license numbers, and is restricted from sharing outside Washington & Lee University, except with explicitly authorized external partners.
- Classification Policy: Automatic
- Scans for: U.S. Social Security number, U.S./UK passport number, U.S. driver's license number
Confidential-Financial
- Description: Contains sensitive financial information, such as credit card numbers, IBAN codes, or U.S. bank routing numbers, and is restricted from sharing outside Washington & Lee University, except with explicitly authorized external partners.
- Classification Policy: Automatic
- Scans for: Credit card number, IBAN code, U.S. bank routing number
What will trigger the auto-classify policy to apply a label?
- Uploading, previewing, editing, downloading, moving, or copying a file
- Inviting others to a file
- Creating or modifying a shared link (e.g., changing from "People in the company" to "People with the link")
- Marking a file version current
- Restoring a file from the trash
Will a label prevent me from downloading, printing, or sharing a file?
- No
Frequently Asked Questions
What is confidential or sensitive data?
Find out more on the ITS Security page.
How do you send a Box link to allow someone to download or view files?
- Select the file/folder. Hover over it and click the "Share" button (or right-click and choose Share).
- Create the shared link. Toggle on "Create shared link" (if it's not already enabled). Box will generate a link automatically.
- Set permissions (important). Click "Link settings" and choose:
- People with the link (public access)
- People in your company
- Invited people only
How do you create a File Request folder in Box?
- Create a new folder of open an existing folder.
- Click the ellipsis (three dots) in the folder.
- Select File Request to Share the link to a webpage so others can upload files to this folder.
How do you encrypt emails before sending?
- Outlook on the Web (Outlook 365 / OWA)
- Click New message
- Click the Encrypt button (lock icon) in the toolbar
- If hidden, click the three dots (...) → Encrypt
- Choose: Encrypt
- Outlook Desktop (Windows / Mac)
- Open a new email
- Go to the Options tab
- Click Encrypt
What additional types of encryption or permissions are available for email?
- Do Not Forward: Recipients can't forward, print, or copy content.
- Encrypt: This message is encrypted. Recipients can't remove encryption. *Use this type for sending to external users outside W&L.
- Washington and Lee University - Confidential: This content is proprietary information intended for internal users only. This content can be modified but cannot be copied or printed.
- Washington and Lee University - Confidential View Only: This content is proprietary information intended for internal users only. This content cannot be modified.
What do I need to view an encrypted email?
- An up-to-date Outlook client on your phone or computer or an up-to-date browser logged in to your email is all you need.