Forum Discussion
Gurdev Singh
May 10, 2021Iron Contributor
DLP alerts and protection for existing documents in SharePoint and OneDrive
https://docs.microsoft.com/en-us/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-worldwide states DLP does not send email alerts for existing content and are only generated for n...
Joe Stocker
May 29, 2021Bronze Contributor
I believe the statement about existing only refers to emails. For example, if you create a DLP Policy at 11am then it will only start generating email alerts for emails sent after 11:30am. It will not generate emails for all prior emails sent.
However, DLP evaluates any content that can be indexed in SharePoint and OneDrive, so in those cases, I would expect an alert to be generated on anything it discovers as sensitive in SharePoint and OneDrive.
"DLP policies apply to all documents that match the policy, whether those documents are new or existing. However, an email notification is only generated when new content matches an existing DLP policy. Existing content is protected, but will not generate a user notification via email."
https://docs.microsoft.com/en-us/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-worldwide#add-user-notifications-to-a-dlp-policy
The best way to determine what this is going to find is to browse to Content Explorer. It will show you the matches before the rule fires.
However, DLP evaluates any content that can be indexed in SharePoint and OneDrive, so in those cases, I would expect an alert to be generated on anything it discovers as sensitive in SharePoint and OneDrive.
"DLP policies apply to all documents that match the policy, whether those documents are new or existing. However, an email notification is only generated when new content matches an existing DLP policy. Existing content is protected, but will not generate a user notification via email."
https://docs.microsoft.com/en-us/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-worldwide#add-user-notifications-to-a-dlp-policy
The best way to determine what this is going to find is to browse to Content Explorer. It will show you the matches before the rule fires.