Forum Discussion
Solved
Block sending emails containing attached sensitive documents
Hi,
Is it possible to create an EXO mail flow rule to block sending to externals, emails that contain attached labeled documents?
Documents are labeled via sensitivity labels (i.e. strictly confidential).
Thanks,
Genc
gencv Hello, you can configure it for attachments as well.
"If found, we know that this message (or one of its attachments) is protected with the label, so the rule can go ahead and block the message."
Look at this example for guidance https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules#example-2-rule-that-applies-the-encrypt-only-option-to-emails-when-they-have-attachments-that-are-labeled-confidential--partners-and-these-emails-are-sent-outside-the-organization
5 Replies
- You can use powershell to get blocked with a pop up notificiation when sensitive label is Highly Confidential for example :
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
(Get-LabelPolicy -Identity "Highly Confidential").settings
# you can get the GUID of your Label
Get-Label | Format-Table -Property DisplayName,Name, Guid -AutoSize
# add your domain here or any other trusted domain that you went to allow
Set-LabelPolicy -Identity "Highly Confidential" -AdvancedSettings @{OutlookBlockTrustedDomains="onmicrosoft.com"}
#use the guid of you label in this command
Set-LabelPolicy -Identity "Highly Confidential" -AdvancedSettings @{OutlookBlockUntrustedCollaborationLabel="GUID of Your Label"} ChristianBergstrom thank you for the feedback. Actually the link describes the way how to block a labeled email, but not a labeled attachment.
I need a mail flow rule that can be created based on the attachment label.Use case: I label an email as General and attach on it a document labeled as Secret.
I'm trying via mail flow rule:
1. Apply this rule if: the recipient is outside the organization
and
2. Any attachment: has these properties, including any of these words
Property: Confidentiality --> Value: Secret
3. Reject the message with the explanation: Secret document cannot be sent outside the company
...but so far it doesn't work.
gencv Hello, you can configure it for attachments as well.
"If found, we know that this message (or one of its attachments) is protected with the label, so the rule can go ahead and block the message."
Look at this example for guidance https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules#example-2-rule-that-applies-the-encrypt-only-option-to-emails-when-they-have-attachments-that-are-labeled-confidential--partners-and-these-emails-are-sent-outside-the-organization
