Forum Discussion
DLP Policy Blocking Invoices Containing Sensitive Info – Exception Not Working
Hello,
I have implemented Microsoft Purview DLP policies in my organization to protect sensitive information such as Aadhaar Card, PAN Card, Driving License, and Credit Card numbers. The policies are working fine and successfully blocking sensitive data.
However, I am facing an issue with invoices. When sending invoices internally or to clients, emails are getting blocked because they contain sensitive details like PAN or Aadhaar numbers.
I tried adding an exception rule for invoices using the following regex in a Sensitive Info Type (SIT), and included this SIT in the NOT condition of the DLP policy:
(?i)(invoice|bill|tax\s*invoice|gst\s*invoice|receipt)\s*(\b[0-9]{12}\b|[A-Z]{5}[0-9]{4}[A-Z]|[A-Z]{2}[0-9]{13}|\d{13,16})
Despite this, invoices are still getting blocked.
Has anyone encountered this issue? What is the correct way to configure exceptions in DLP so that sensitive information detection continues to work but invoices containing sensitive info can still be sent?
Any guidance or best practices would be greatly appreciated.
Thanks in advance!
DLP Policy configuration Screenshots.
1 Reply
Hey,
did you try this ?
- Validate the SIT using test data to ensure it triggers correctly.
- Confirm the NOT condition is applied to the correct policy rule.
- Consider using proximity-based detection or refining the regex to better isolate invoice contexts.
