Forum Discussion
DLP Rule with very - too - long exception setting
Hello,
I have a request from my client asking for an alert to be generated whenever a user sends an email to a freemail service such as gmail. Client has a huge list of exception and whenever I try to implement this with a Compliance DLP rule's exception related to the recipient's domain, I get an error stating that "The generated rule blob is too long. The maximum length is 81920 and the length of the rule blob is 256040.". I tried to split the exclusion list between several rules in the same DLP policy but I get a lot of false positive. Any idea if this limited size can be overriden ?
I guess that it would be better to implement this in Exchange but does Exchange Rules have the same kind of size limit ?
Regards,
P.
2 Replies
Review the rest of the https://learn.microsoft.com/en-us/purview/dlp-policy-reference#rules I see that the "Maximum size of an individual DLP rule: 100 KB (102,400 characters)". However, thehttps://learn.microsoft.com/en-us/purview/dlp-policy-reference#dlp-platform-limitations-for-conditions allow for many more characters. For example, the domain allows for 335,000 characters. Am I reading the limitations for conditions incorrectly? If not, why the disparity between what an individual condition is limited to and what the rule is limited to?
PhilippeAugras
Did you ever find a solution to this? I'm running into similar issues. We are trying to add a lot of domains to alert on. Sounds like a very similar use case as your client. The guidance provided by Microsoft is that we can have <=5000 domains with length of <=67 characters. So, a total of 335,000 characters. We've added a list of domains with 67,152 characters. Far shorter then both the 335,000 characters for domains and shorter then the warning message that the max length is 81,920.
