{"id":13761,"date":"2025-11-20T11:54:10","date_gmt":"2025-11-20T09:54:10","guid":{"rendered":"https:\/\/www.inprosec.com\/?p=13761"},"modified":"2025-11-20T12:30:29","modified_gmt":"2025-11-20T10:30:29","slug":"strategy-for-preventing-information-leaks-in-microsoft-environments","status":"publish","type":"post","link":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/","title":{"rendered":"Strategy for Preventing Information Leaks in Microsoft Environments"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In many organizations, the plan to prevent data leaks can be summarized as <\/span><i><span style=\"font-weight: 400;\">\u201clet\u2019s implement a DLP.\u201d<\/span><\/i><span style=\"font-weight: 400;\"> Solutions such as <\/span><b>Microsoft Purview<\/b><span style=\"font-weight: 400;\">, <\/span><b>Zscaler<\/b><span style=\"font-weight: 400;\">, <\/span><b>Netskope<\/b><span style=\"font-weight: 400;\"> or other <\/span><b>Data Loss Prevention<\/b><span style=\"font-weight: 400;\"> technologies are essential, yes \u2014 but <\/span><b>protecting data goes far beyond enabling DLP policies<\/b><span style=\"font-weight: 400;\">. It requires knowing <\/span><b>who accesses it<\/b><span style=\"font-weight: 400;\">, <\/span><b>from which device<\/b><span style=\"font-weight: 400;\">, <\/span><b>in what context<\/b><span style=\"font-weight: 400;\">, <\/span><b>how the user behaves<\/b><span style=\"font-weight: 400;\"> and <\/span><b>what happens when information leaves the corporate perimeter<\/b><span style=\"font-weight: 400;\">. That\u2019s where a comprehensive strategy makes the difference.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Today, standards such as <\/span><b>ISO\/IEC 27001:2022<\/b><span style=\"font-weight: 400;\"> (Annex A: Control 8.12 \u2013 Data Leakage Prevention) include specific controls to implement a solid <\/span><b>Data Leakage Prevention<\/b><span style=\"font-weight: 400;\"> strategy. The key lies precisely in the word <\/span><b>\u201cstrategy.\u201d<\/b><span style=\"font-weight: 400;\"> Technology is necessary, but not sufficient.<\/span><\/p>\n\n<h2><span style=\"font-weight: 400;\">SASE and Zero Trust as the foundation for an effective DLP strategy<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The most robust approach to data protection is <\/span><b>SASE (Secure Access Service Edge)<\/b><span style=\"font-weight: 400;\">: a framework that integrates networking and security, from SD-WAN to ZTNA, SWG, CASB, FWaaS, and DLP, to <\/span><b>apply consistent policies across any user, device, or location<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A full SASE deployment may seem ambitious for some organizations; however, adopting it as a <\/span><b>reference architecture<\/b><span style=\"font-weight: 400;\"> delivers immediate benefits:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Orchestrates <\/span><b>identity, device, data, and threats<\/b><span style=\"font-weight: 400;\"> under <\/span><b>Zero Trust<\/b><span style=\"font-weight: 400;\"> principles.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Aligns existing solutions such as <\/span><b>Entra, Intune, Purview, Defender, or IRM<\/b><span style=\"font-weight: 400;\"> with network and cloud services.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enables a phased approach: visibility \u2192 conditional access \u2192 data protection \u2192 session control \u2192 network optimization.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Reduces the risk surface, simplifies SOC operations, and creates a scalable foundation.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Even without a full SASE deployment, <\/span><b>thinking in SASE terms<\/b><span style=\"font-weight: 400;\"> helps build solid governance and a secure, consistent environment.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-13751\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/SASE-Inprosec.png\" alt=\"\" width=\"702\" height=\"360\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/SASE-Inprosec.png 780w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/SASE-Inprosec-300x154.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/SASE-Inprosec-600x308.png 600w\" sizes=\"(max-width: 702px) 100vw, 702px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">How Inprosec approaches Data Leakage Prevention<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">At <\/span><b>Inprosec<\/b><span style=\"font-weight: 400;\">, leveraging our experience in Microsoft environments and leading technologies such as <\/span><b>Zscaler<\/b><span style=\"font-weight: 400;\"> \u2014 of which we are a partner \u2014 we help organizations design a <\/span><b>360\u00b0 security framework<\/b><span style=\"font-weight: 400;\"> to ensure data never leaves the corporate environment without proper safeguards (classification, encryption, DLP, and access control).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To achieve this, we analyze and control the main <\/span><b>data exfiltration vectors<\/b><span style=\"font-weight: 400;\">, which are often repeated across organizations:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Email:<\/b><span style=\"font-weight: 400;\"> Still the main exfiltration channel and, in many companies, one of the least protected.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Shadow IT:<\/b><span style=\"font-weight: 400;\"> Unauthorized applications, services, and OAuth connections accessing corporate data without control.<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>Network protocols:<\/b><span style=\"font-weight: 400;\"> SMB, RDP, FTP\/SFTP\u2026 still used by insiders and attackers to extract information.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>File sharing platforms:<\/b><span style=\"font-weight: 400;\"> A critical area where operability and security must coexist. Public links, excessive permissions, or unauthorized repositories increase risk.<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>External \/ unmanaged devices:<\/b><span style=\"font-weight: 400;\"> Personal or non-corporate devices that fall outside IT control.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Peripherals and removable media:<\/b><span style=\"font-weight: 400;\"> USBs and external drives require controls such as whitelisting, selective blocking, and user awareness.<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>Other alternative channels:<\/b><span style=\"font-weight: 400;\"> AirDrop, Bluetooth, messaging, printers, etc., which can also be used for exfiltration.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-13747\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Vectores-de-exfiltracion-Inprosec.png\" alt=\"\" width=\"698\" height=\"96\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Vectores-de-exfiltracion-Inprosec.png 756w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Vectores-de-exfiltracion-Inprosec-300x41.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Vectores-de-exfiltracion-Inprosec-600x83.png 600w\" sizes=\"(max-width: 698px) 100vw, 698px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Our 3-step DLP strategy<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">With this risk map, we build a strategy aligned with each company\u2019s use cases:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Control access (ZTNA)<\/b><span style=\"font-weight: 400;\">: we define <\/span><b>who<\/b><span style=\"font-weight: 400;\"> accesses <\/span><b>what<\/b><span style=\"font-weight: 400;\"> information, <\/span><b>when<\/b><span style=\"font-weight: 400;\">, <\/span><b>from where<\/b><span style=\"font-weight: 400;\">, and with <\/span><b>what permissions<\/b><span style=\"font-weight: 400;\">, applying conditional access and least privilege principles.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Protect information<\/b><span style=\"font-weight: 400;\">: we implement <\/span><b>data-level controls<\/b><span style=\"font-weight: 400;\"> (encryption, tokenization, masking, anonymization, and labeling\/IRM) so that protection travels with the content inside and outside the perimeter.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Monitor and block<\/b><span style=\"font-weight: 400;\">: we monitor <\/span><b>data flows<\/b><span style=\"font-weight: 400;\"> (source, destination, type, and context), and upon detecting anomalous or malicious behavior, <\/span><b>block the action<\/b><span style=\"font-weight: 400;\"> and trigger automated response. <\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-13755\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Estrategia-DLP-Inprosec.png\" alt=\"\" width=\"701\" height=\"338\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Estrategia-DLP-Inprosec.png 778w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Estrategia-DLP-Inprosec-300x145.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Estrategia-DLP-Inprosec-600x289.png 600w\" sizes=\"(max-width: 701px) 100vw, 701px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Practical example in Microsoft 365: \u201cHighly Confidential\u201d document<\/span><\/h2>\n<h3><b>Access control (ZTNA and context)<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Restrict unauthorized clients<\/b><span style=\"font-weight: 400;\">: policies preventing sign-in from unsupported <\/span><b>MUAs<\/b><span style=\"font-weight: 400;\"> (e.g., Thunderbird, Gmail web with IMAP\/POP), ensuring <\/span><b>Purview<\/b><span style=\"font-weight: 400;\"> safeguards are properly enforced. <\/span><i><span style=\"font-weight: 400;\">(Entra Conditional Access + Exchange Admin)<\/span><\/i><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Block non-corporate devices<\/b><span style=\"font-weight: 400;\">: allow access only from <\/span><b>compliant devices<\/b><span style=\"font-weight: 400;\">; prevent \u201csave as draft\u201d from personal devices and subsequent downloads elsewhere. <\/span><i><span style=\"font-weight: 400;\">(Entra Conditional Access + Defender for Cloud Apps with session controls)<\/span><\/i><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>BYOD under control<\/b><span style=\"font-weight: 400;\">: if personal devices are allowed, require <\/span><b>Intune enrollment<\/b><span style=\"font-weight: 400;\"> with <\/span><b>MDM<\/b><span style=\"font-weight: 400;\"> policies (corporate profile, encryption, compliance) and <\/span><b>MAM<\/b><span style=\"font-weight: 400;\"> (app protection) to isolate and secure corporate data.<\/span><\/li>\n<\/ul>\n<h3><b>Data protection (classification and encryption)<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sensitivity labeling<\/b><span style=\"font-weight: 400;\"> with <\/span><b>Microsoft Purview Information Protection<\/b><span style=\"font-weight: 400;\"> (formerly AIP) to classify content; apply <\/span><b>encryption and persistent permissions (IRM\/Azure RMS)<\/b><span style=\"font-weight: 400;\"> and <\/span><b>RBAC<\/b><span style=\"font-weight: 400;\"> policies based on criticality.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Mandatory encryption<\/b><span style=\"font-weight: 400;\"> for the \u201cHighly Confidential\u201d label: restrict forwarding, printing, and downloading; set expiration and watermark when applicable.<\/span><\/li>\n<\/ul>\n<h3><b>Monitoring and blocking (DLP and response)<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>External sharing monitoring<\/b><span style=\"font-weight: 400;\"> with <\/span><b>DLP in Purview<\/b><span style=\"font-weight: 400;\">: alert or <\/span><b>block<\/b><span style=\"font-weight: 400;\"> when the recipient is not on an <\/span><b>allowed list<\/b><span style=\"font-weight: 400;\">; maintain <\/span><b>blocklists<\/b><span style=\"font-weight: 400;\"> for risky domains.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Prevent DLP bypass<\/b><span style=\"font-weight: 400;\">: rules to <\/span><b>block password-protected attachments<\/b><span style=\"font-weight: 400;\"> (encrypted ZIP\/PDF) or opaque, non-inspectable content; enforce use of <\/span><b>corporate encryption<\/b><span style=\"font-weight: 400;\"> (IRM) instead of ad-hoc encryption (7Zip, WinRar, etc.).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Compliance action<\/b><span style=\"font-weight: 400;\">: when risk or policy dictates, configure Purview policy in <\/span><b>\u201cBlock\u201d<\/b><span style=\"font-weight: 400;\"> mode and trigger an alert to the SOC; maintain traceability for eDiscovery and auditing.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This approach combines <\/span><b>contextual access<\/b><span style=\"font-weight: 400;\">, <\/span><b>protection that travels with the file<\/b><span style=\"font-weight: 400;\">, and <\/span><b>outbound controls<\/b><span style=\"font-weight: 400;\"> across all channels, minimizing both human error and intentional exfiltration.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-13753\" src=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Elemento-Confidencial-Inprosec.png\" alt=\"\" width=\"697\" height=\"154\" srcset=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Elemento-Confidencial-Inprosec.png 960w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Elemento-Confidencial-Inprosec-300x66.png 300w, https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/Elemento-Confidencial-Inprosec-600x133.png 600w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion: a strategic DLP framework is key to minimizing data leaks<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">With this strategic approach, we protect information throughout its lifecycle, strengthen compliance, and reduce real leakage risk. The result is a <\/span><b>more secure, manageable, and scalable environment<\/b><span style=\"font-weight: 400;\"> for both our clients and Inprosec.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If your organization wants to move toward a <\/span><b>solid, Zero Trust-based DLP strategy <\/b><span style=\"font-weight: 400;\">with<\/span><b> Microsoft 365<\/b><span style=\"font-weight: 400;\">, Inprosec can help. Contact us <\/span><a href=\"https:\/\/www.inprosec.com\/en\/contact\/\"><b>here<\/b><\/a><span style=\"font-weight: 400;\"> and take the next step toward comprehensive data protection.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In many organizations, the plan to prevent data leaks can be summarized as \u201clet\u2019s implement a DLP.\u201d Solutions such as Microsoft Purview, Zscaler, Netskope or other Data Loss Prevention technologies are essential, yes \u2014 but protecting data goes far beyond enabling DLP policies. It requires knowing who accesses it, from which device, in what context,&#8230;<\/p>\n","protected":false},"author":6,"featured_media":13765,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[97,52],"tags":[],"class_list":["post-13761","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-security","category-technical-article"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Strategy for Preventing Information Leaks in Microsoft Environments - Inprosec<\/title>\n<meta name=\"description\" content=\"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Strategy for Preventing Information Leaks in Microsoft Environments\" \/>\n<meta property=\"og:description\" content=\"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/\" \/>\n<meta property=\"og:site_name\" content=\"Inprosec\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-20T09:54:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-20T10:30:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fernando Mosquera\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Mosquera\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/\"},\"author\":{\"name\":\"Fernando Mosquera\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"headline\":\"Strategy for Preventing Information Leaks in Microsoft Environments\",\"datePublished\":\"2025-11-20T09:54:10+00:00\",\"dateModified\":\"2025-11-20T10:30:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/\"},\"wordCount\":865,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/2-2.jpg\",\"articleSection\":[\"Information Security\",\"Technical Article\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/\",\"name\":\"Strategy for Preventing Information Leaks in Microsoft Environments - Inprosec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/2-2.jpg\",\"datePublished\":\"2025-11-20T09:54:10+00:00\",\"dateModified\":\"2025-11-20T10:30:29+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\"},\"description\":\"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/2-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.inprosec.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/2-2.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/strategy-for-preventing-information-leaks-in-microsoft-environments\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Strategy for Preventing Information Leaks in Microsoft Environments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/\",\"name\":\"Inprosec\",\"description\":\"Information security is our priority.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inprosec.com\\\/en\\\/#\\\/schema\\\/person\\\/b05a40c0c3e81b819075dd95a10532e2\",\"name\":\"Fernando Mosquera\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g\",\"caption\":\"Fernando Mosquera\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Strategy for Preventing Information Leaks in Microsoft Environments - Inprosec","description":"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/","og_locale":"en_US","og_type":"article","og_title":"Strategy for Preventing Information Leaks in Microsoft Environments","og_description":"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.","og_url":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/","og_site_name":"Inprosec","article_published_time":"2025-11-20T09:54:10+00:00","article_modified_time":"2025-11-20T10:30:29+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg","type":"image\/jpeg"}],"author":"Fernando Mosquera","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fernando Mosquera","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#article","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/"},"author":{"name":"Fernando Mosquera","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"headline":"Strategy for Preventing Information Leaks in Microsoft Environments","datePublished":"2025-11-20T09:54:10+00:00","dateModified":"2025-11-20T10:30:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/"},"wordCount":865,"commentCount":0,"image":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg","articleSection":["Information Security","Technical Article"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/","url":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/","name":"Strategy for Preventing Information Leaks in Microsoft Environments - Inprosec","isPartOf":{"@id":"https:\/\/www.inprosec.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#primaryimage"},"image":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg","datePublished":"2025-11-20T09:54:10+00:00","dateModified":"2025-11-20T10:30:29+00:00","author":{"@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2"},"description":"How to build an effective DLP strategy beyond technology. Combine Zero Trust, SASE, and advanced Microsoft 365 controls to prevent data leaks and protect information throughout its entire lifecycle.","breadcrumb":{"@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#primaryimage","url":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg","contentUrl":"https:\/\/www.inprosec.com\/wp-content\/uploads\/2025\/11\/2-2.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inprosec.com\/en\/strategy-for-preventing-information-leaks-in-microsoft-environments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inprosec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Strategy for Preventing Information Leaks in Microsoft Environments"}]},{"@type":"WebSite","@id":"https:\/\/www.inprosec.com\/en\/#website","url":"https:\/\/www.inprosec.com\/en\/","name":"Inprosec","description":"Information security is our priority.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inprosec.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.inprosec.com\/en\/#\/schema\/person\/b05a40c0c3e81b819075dd95a10532e2","name":"Fernando Mosquera","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/199e6c54b14f5b5ddf7e11a9bb0b455c3bed7a9a1a738b7be5c2572878e69d1a?s=96&d=mm&r=g","caption":"Fernando Mosquera"}}]}},"_links":{"self":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/comments?post=13761"}],"version-history":[{"count":2,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13761\/revisions"}],"predecessor-version":[{"id":13769,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/posts\/13761\/revisions\/13769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media\/13765"}],"wp:attachment":[{"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/media?parent=13761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/categories?post=13761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inprosec.com\/en\/wp-json\/wp\/v2\/tags?post=13761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}