Forum Discussion

Sankaperera's avatar
Sankaperera
Copper Contributor
Jun 17, 2025

DLP policy to block US SSN

I have created a DLP policy to block US SSN number by targetting Teams & Email as below. It doesn't block the SSN numbers post 24 hrs. Any suggestions  
VasilMichev's avatar
VasilMichev
MVP
Jun 17, 2025

You have configured both the internal/external sharing conditions, I don't think they can trigger at the same time, so try adjusting that. And make sure you have an actual high confidence match in the content, for SSNs just the number is not considered a high confidence match, you need one of the keywords as well. See Microsoft's documentation for more details: https://learn.microsoft.com/en-us/purview/sit-defn-us-social-security-number 

  • Sankaperera's avatar
    Sankaperera
    Copper Contributor
    Jun 24, 2025

    VasilMichev​ I have tried changing it external yet it doesn't understand the number pattern and block the SSN. However, it blocks with SSN word. My requirement is to block sending SSN number either pattern or with SSN and the number pattern

    • vicwingsing's avatar
      vicwingsing
      Iron Contributor
      Jun 26, 2025

      Don't force everything into 1 rule set. 

      You can create multiple rule sets within the same policy. 

      rule 1: Monitor SSN for Internal only.

      rule 2: Monitor SSN for External only.

      By making these 2 rules, you make it easier for yourself and the policy.