DLP-02: Block Bulk Data Exfiltration
Frequently asked questions about implementing and managing the DLP-02 security control in Microsoft 365 and Entra ID.
QWhat is DLP-02 (Block Bulk Data Exfiltration)?▼
DLP-02 is a security control that insider threats and ransomware attackers exfiltrate data before deploying payloads. detecting and blocking bulk data movement stops data theft in progress and provides early warning of compromise. It requires that dlp policies prevent bulk downloads of sensitive data and alerts trigger on exfiltration patterns (>1000 files or >1gb in <1 hour), automated blocking of suspicious bulk operations.
QWhy is Block Bulk Data Exfiltration important for Microsoft 365 security?▼
Insider threats and ransomware attackers exfiltrate data before deploying payloads. Detecting and blocking bulk data movement stops data theft in progress and provides early warning of compromise.
QHow do I implement DLP-02 in my tenant?▼
DLP-02 requires manual implementation. Requires Microsoft Purview DLP with advanced policies or E5 Compliance
QWhat license do I need for DLP-02?▼
This control requires Microsoft 365 E5 Compliance add-on or E5 licensing.
QWhich security baseline includes DLP-02?▼
DLP-02 is included in the Maximum Security baseline (Level 3). This level is designed for high-security environments and regulated industries.
QWhy is DLP-02 marked as critical severity?▼
DLP-02 is rated critical because failure to implement this control significantly increases the risk of security incidents. Insider threats and ransomware attackers exfiltrate data before deploying payloads. Detecting and blocking bulk data movement stops data theft in progress and provides early warning of compromise.
6
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial