Data Loss Protection Policies

Body

Questions

  • What is Data Loss Prevention (DLP) and why is Bowdoin using it?
  • What sensitive data does DLP detect and protect?
  • What applications or services does DLP work in?
  • What happens if I try to share restricted data to people outside of Bowdoin?
  • How do I share documents safely or get help if what I'm sharing is blocked?

Environment

  • Bowdoin students, faculty, and staff using services in Microsoft 365:
    • Outlook (email)
    • OneDrive
    • SharePoint
    • ​​​​​​​Microsoft Teams
    • Microsoft 365 Copilot.
  • Data Loss Prevention services run automatically to prevent accidental sharing of sensitive, personal data outside Bowdoin.
  • No setup needed—just sign in with your Bowdoin account.

Answers

What Data Loss Prevention (DLP) does

  • DLP detects and protects sensitive data (SSNs, U.S./U.K. passports, U.S. driver’s licenses, bank and credit card numbers, ITINs).
  • When attempting to share or use content externally, DLP may show a warning, encrypt email, block external access, or limit Copilot processing.

What you’ll see

  • Email (Exchange Online): If an email message or attachment being sent to an external recipient appears to contain restricted data, you may see a policy tip explaining the issue. Depending on the volume of sensitive data, the system may encrypt the email or block it. In some cases, you may be allowed to provide a business justification to proceed (override) when appropriate and approved by policy.
  • OneDrive and SharePoint: If a file shared with people outside Bowdoin contains restricted data, external access may be automatically blocked. You’ll receive a notification with guidance. You can still collaborate internally or remove the sensitive data before re-sharing externally.
  • Teams chats and channels: Messages or files shared with external participants that contain restricted data may be blocked from external access, and you will see a policy tip.
  • Microsoft 365 Copilot and Copilot Chat: If content labeled “Restricted” is involved, Copilot may limit or block processing to protect that data. You may receive a notice explaining that certain content cannot be used.

Share content safely

  • Remove sensitive data before sharing externally when possible.
  • Use “Specific people” links, not anonymous links.
  • Store sensitive files in internal-only locations; use sensitivity labels if available.
  • Read policy tips—they explain what was found and safer options.

What to do if you’re warned or blocked

  • Email: Edit or remove sensitive data; or, if allowed, provide a business justification to override.
  • OneDrive/SharePoint/Teams: Redact the file, then re-share; or share internally only.
  • Copilot: Rephrase to avoid sensitive content or use non-restricted files.

What to do if you need to share but are prevented from doing so

  • Redact fields (e.g., show only last four digits when appropriate).
  • Check with your supervisor for approved secure methods.
  • Overrides (if offered) require a clear business reason and are audited.

Additional Help

If you need further assistance, please contact the Bowdoin College Service Desk

  • Contact the IT Service Desk. Include the file name, location (OneDrive/SharePoint/Teams/Email), intended external recipient, and what you were trying to do. Do not include the sensitive data itself.

Details

Details

Article ID: 169791
Created
Thu 11/20/25 10:40 AM
Modified
Wed 1/21/26 10:29 AM

Related Articles

Related Articles (2)

Add or Change Sensitivity Labels for Files and Teams in Microsoft 365
Bowdoin Microsoft 365 sensitivity labels classify and protect content by adding visual markings, restricting actions (open/edit/print/forward), and controlling privacy, external sharing, and device access across OneDrive, SharePoint, and Teams.
Data Classification Policy