Forum Discussion
Data Loss Prevention - External Emails
After doing a lot of testing the best solution, due to a number of reasons with external spam settings, was to create a Power Automate flow to pickup up the information of the DLP alert from an email in a shared mail box. The flow extracts the required information needed to inform the user of the event and presents it in a fully customised email sent from the shared mailbox.
Didnt even expect to have DLP policies fire on Guest accounts. But the no-reply address is "standard" behavior for SPO notifications - the user's account will be used, if found, and if not, the no-reply address.
Thanks for the response.
The response you have given is the same as I receive from Microsoft when I discuss how services are limited for Guest users in a tenant, even though their business architecture is to use BYOD for both devices and subscriptions. It amazes me how much is overlooked from a Guest account, from little things like this to big things such as authenticating to IaaS and PaaS services.
It seems in this case the mailto:no-reply@sharepointonline.com is being treated as a spam email buy the Guests systems because it isnt passing authentication. I am exploring DMARC, DKIM and transport rule options to see which may be able to solve the issue in the safest way.
After doing a lot of testing the best solution, due to a number of reasons with external spam settings, was to create a Power Automate flow to pickup up the information of the DLP alert from an email in a shared mail box. The flow extracts the required information needed to inform the user of the event and presents it in a fully customised email sent from the shared mailbox.