Forum Discussion
Odha20
Feb 13, 2024Copper Contributor
Exchange Email DLP
Hello,
I have created a DLP policy with one rule for Exchange Email for PII Data.
Conditions
Content is shared from Microsoft 365 with people outside my organization
And
Content contains any of these sensitive info types: Credit Card Number, U.S. Bank Account Number, U.S. Social Security Number (SSN)
And
Content contains any of these sensitive info types: U.S. / U.K. Passport Number, U.S. Driver's License Number, U.S. Physical Addresses
And
Content contains any of these sensitive info types: All Full Names
Actions
Send alerts to the Administrator
Since I've selected the Conditions Content shared from Microsoft 365 with people outside my organization, we used to get alerts within the same domain (username1[@]abc[.]com as sender and (username2[@]abc[.]com) as recipient domain).
Even though I had excluded and tested the recipient ID (username2[@]abc[.]com)and recipient domain(ABC[.]com), I still had no luck.
Below is the Rule for exclusions,
Conditions
Content is shared from Microsoft 365 with people outside my organization
And
Content contains any of these sensitive info types: Credit Card Number, U.S. Bank Account Number, U.S. Social Security Number (SSN)
And
Content contains any of these sensitive info types: U.S. / U.K. Passport Number, U.S. Driver's License Number, U.S. Physical Addresses
And
Content contains any of these sensitive info types: All Full Names
And
NOT
Recipient domain is: ABC[.]com
Actions
Send alerts to the Administrator
Anything am I missing?
Thanks in advance.
- Odha20Copper ContributorI have tested initially. We haven't seen any internal recipient accounts triggered. Still, we are in the face of the development.
The main concern is why it is picking the internal account even though we use Conditions
"Content is shared from Microsoft 365 with people outside my organization".