Forum Discussion

DP2621's avatar
DP2621
Copper Contributor
Aug 28, 2023

Do DLP policies expand distributions groups for verifying recipient(s)

Hello, Are Exchange distribution groups expanded when evaluating DLP rules created in Microsoft Purview and scoped to Exchange Email location. This is to address scenarios where the underlying email...
miller34mike's avatar
miller34mike
Iron Contributor
Aug 28, 2023

Hi, DP2621,

 

For this scenario, please keep in mind that when you scope a policy to a group, everyone in that group will be subject to that policy, and its rules. If you would want specific users that are in a group to not be subject to a policy, you would need to specifically exclude them from the policy, because exclusions take precedence over inclusions.

 

Also make sure you keep an eye on policy priority. The highest priority, most restrictive policy, when multiple are matched, will take precedence.

DP2621's avatar
DP2621
Copper Contributor
Aug 29, 2023

Hello,
Thank you for the response miller34mike. Let me clarify further. My question wasn't pertaining to scoping the policy. My question was in relation to how the Data Loss Prevention rules are processed.

For further context, you could use "recipient" or "recipient domain" as a condition while building the Data Loss Prevention rules. Wanted to understand whether distribution groups are expanded when the rules are processed.

Regards,
SG

Resources