Managing Data Loss Protection (DLP) Alerts

Questions

  • What is Data Loss Prevention (DLP) and why does Bowdoin use it?
  • What sensitive data does DLP detect and protect?
  • What Microsoft 365 applications does DLP work in?
  • What happens if I try to share sensitive data with people outside of Bowdoin?
  • How do I share documents safely or get help if what I'm sharing is blocked?

Environment

This article applies to all Bowdoin faculty, staff, and students using Microsoft 365, including Outlook (email), OneDrive, Microsoft Teams/SharePoint, and Microsoft 365 Copilot. DLP policies run automatically to prevent accidental sharing of sensitive personal data outside Bowdoin.

Resolution

What DLP does

DLP detects and protects sensitive data — including Social Security numbers, U.S. and U.K. passport numbers, driver's license numbers, and bank and credit card numbers. When content containing this type of data is shared externally, DLP may show a warning, encrypt the email, block external access, or limit Copilot from processing the content. DLP policies do not apply to sharing within Bowdoin.

Email is not an approved channel for Restricted data. Even when an override option is available, Restricted data should not be sent by email. If you must share restricted information, use Teams or OneDrive with restricted access settings.

What you'll see in each app

Outlook (email)

If an email or attachment being sent to an external recipient appears to contain sensitive data, you may see a policy tip. Depending on the volume of sensitive data detected, the system may automatically encrypt the message, block sending, or offer an override option where you can provide a business justification.

Email compose window with a red oval around a policy tip warning that restricted data in an attached CSV requires using an Override before sending.

When an email triggers a DLP policy, you will receive a notification from PostMaster@bowdoin.edu informing you whether the message was encrypted or was not delivered to all recipients.

OneDrive

If a file in OneDrive contains restricted data, a red blocked icon will appear next to the file. If shared externally, the recipient will see an Access Denied message. You can override this block by opening the file in the browser and clicking More Options in the Policy Tip.

OneDrive My files list showing documents like pii_pci.docx; three rows display a red error/sync icon in the Modified column (circled). Excel window with a yellow policy tip banner; the 'More Options' link in the banner is circled in red.

Teams channels

If a file in a Teams channel contains restricted data, a red blocked icon will appear next to the file. External team members will not be able to see blocked files. You can override by opening the file in the browser and clicking More Options in the Policy Tip.

Document list entry for an Excel file highlighted with tooltip reading: "Contains sensitive information. Some commands aren't available." Yellow Policy Tip banner showing POLICY TIP: Policy Tip SPO-RestrictedSIT-BlockExt_Low_Vol me; 'More Options' link circled in red.

Teams chats

Messages shared with external participants that contain restricted data may be blocked from external access. Clicking What can I do? in the Policy Tip may allow you to override and send the message.

Blocked message banner showing 'This message was blocked' and a circled 'What can I do?' link; below three chips display a name and two numbers.

Microsoft 365 Copilot and Copilot Chat

Content labeled or detected as Restricted may be limited or blocked from processing by Copilot. You may receive a notice that certain content cannot be used. No override option is available for Copilot restrictions.

How to share content safely

  • Remove sensitive data before sharing externally whenever possible.
  • Store sensitive files in internal-only locations and apply sensitivity labels.
  • Read policy tips carefully — they explain what was found and suggest safer sharing options.
  • Never email Restricted data. Use Teams or OneDrive with restricted access instead.

What to do when warned or blocked

  • Email: Remove or redact sensitive data. If an override appears and your department has authorized this use case, provide a clear business justification.
  • OneDrive/Teams: Redact or remove sensitive data and re-share, or restrict access to internal users only.
  • Copilot: Rephrase to avoid sensitive content, or use non-restricted files.

For step-by-step override instructions, see Override a Block When Microsoft 365 Flags Sensitive Information in the Related Articles section.

Note: Do not include sensitive data in your message to the Service Desk when requesting help with a DLP issue. Describe the situation in general terms instead.

Additional Help

If you need further assistance, you have several options:

  • Bowdoin Bot: Chat with Bowdoin Bot directly from any KB page for instant answers.
  • Phone: Call the Bowdoin College Service Desk at (207) 725-3030.
  • In person: Visit the Tech Hub in Smith Union during business hours.
  • Submit a ticket: Request assistance through the Service Catalog.
Print Article

Related Articles (6)

Add or Change Sensitivity Labels for Files and Teams in Microsoft 365
How to add, apply, or change sensitivity labels for files in Word, Excel, PowerPoint, and OneDrive, and for Teams and SharePoint sites in Microsoft 365. Covers the three Bowdoin label types, how labels affect channels and files, and troubleshooting tips.
Apply Information Protection Label
Step-by-step instructions for applying a sensitivity label (Public, Sensitive, or Restricted) to a document or email in Microsoft 365. Covers Word, Excel, PowerPoint, and Outlook. Sensitivity labels help classify content and ensure appropriate handling of Bowdoin information.
Information Protection Frequently Asked Questions (FAQ's)
Frequently asked questions about Microsoft 365 information protection labels at Bowdoin. Covers what labels are, what the three label types do, how labels affect documents and emails, and whether labels can be removed.
Override a block when Microsoft 365 flags sensitive information
Explains how to override a Data Loss Prevention (DLP) policy block in Microsoft 365 when sending or sharing content that contains sensitive information. Covers how to assess whether an override is appropriate, how to reduce sensitive content before overriding, and the step-by-step override process in Outlook and Teams/OneDrive. Overrides are logged and reviewed by IT Security.
Remove Sensitive and Hidden Information from Microsoft 365 Documents and PDFs
Step-by-step guidance for safely redacting sensitive or confidential information from Microsoft 365 documents and PDFs before sharing. Covers using Inspect Document tools to remove hidden metadata, true redaction using Adobe Acrobat Pro, and how to verify that redaction is complete.