Forum Discussion
DLP policy to block US SSN
I have created a DLP policy to block US SSN number by targetting Teams & Email as below. It doesn't block the SSN numbers post 24 hrs. Any suggestions
3 Replies
You have configured both the internal/external sharing conditions, I don't think they can trigger at the same time, so try adjusting that. And make sure you have an actual high confidence match in the content, for SSNs just the number is not considered a high confidence match, you need one of the keywords as well. See Microsoft's documentation for more details: https://learn.microsoft.com/en-us/purview/sit-defn-us-social-security-number
VasilMichev​ I have tried changing it external yet it doesn't understand the number pattern and block the SSN. However, it blocks with SSN word. My requirement is to block sending SSN number either pattern or with SSN and the number pattern
Don't force everything into 1 rule set.
You can create multiple rule sets within the same policy.
rule 1: Monitor SSN for Internal only.rule 2: Monitor SSN for External only.
By making these 2 rules, you make it easier for yourself and the policy.
