Policy Tips not showing on Outlook on Password Protected files

%3CLINGO-SUB%20id%3D%22lingo-sub-3046606%22%20slang%3D%22en-US%22%3EPolicy%20Tips%20not%20showing%20on%20Outlook%20on%20Password%20Protected%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3046606%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20day%20to%20all%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20facing%20this%20issue%2C%20we%20have%20created%20a%20DLP%20policy%20to%20detect%20and%20block%20password-protected%20files%20when%20sending%20to%20the%20external%20domain%20via%20outlook.%20however%2C%20the%20policy%20tips%20in%20outlook%20just%20won't%20appear%20to%20educate%20of%20a%20potential%20violation%20or%20give%20the%20user%20a%20chance%20to%20intervene%20(indicate%20as%20false%20positive)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20end%2C%20the%20user%20sent%20out%20the%20email%20and%20learn%20it%20only%20after%20receiving%20a%20blocked%20message%20email.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20above%20behaviour%20is%20only%20occurring%20when%20it%20comes%20to%20the%20detection%20of%20password-protected%20files.%20we%20have%20similar%20policies%20on%20detecting%20and%20blocking%20personal%20data%20(such%20as%20Credit%20Card%2C%20HIPAA%20and%20etc).%20however%2C%20it%20all%20works%20perfectly%2C%20having%20policy%20tip%20appears%20every%20moment%20in%20outlook%20whenever%20a%20user%20attempts%20to%20include%20external%20addresses%20as%20recipients.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20the%20same%20experience%3F%20Greatly%20appreciate%20it%20if%20you%20could%20share.%20Thanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3048444%22%20slang%3D%22en-US%22%3ERe%3A%20Policy%20Tips%20not%20showing%20on%20Outlook%20on%20Password%20Protected%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3048444%22%20slang%3D%22en-US%22%3EIs%20the%20policynudgerules_xxxx.xml%20file%20located%20in%20c%3A%5Cusers%5Cusername%5Cappdata%5Clocal%5Cmicrosoft%5Coutlook%20showing%20the%20config%20for%20this%20rule%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

Good day to all

 

Currently facing this issue, we have created a DLP policy to detect and block password-protected files when sending to the external domain via outlook. however, the policy tips in outlook just won't appear to educate of a potential violation or give the user a chance to intervene (indicate as false positive)

 

In the end, the user sent out the email and learn it only after receiving a blocked message email.

 

The above behaviour is only occurring when it comes to the detection of password-protected files. we have similar policies on detecting and blocking personal data (such as Credit Card, HIPAA and etc). however, it all works perfectly, having policy tip appears every moment in outlook whenever a user attempts to include external addresses as recipients.  

 

Does anyone have the same experience? Greatly appreciate it if you could share. Thanks.

 

 

 

 

7 Replies
Is the policynudgerules_xxxx.xml file located in c:\users\username\appdata\local\microsoft\outlook showing the config for this rule?

@ByDesign1977 

I do have policynudgerules in that folder, but unfortunately, the contents belong to other DLP rules/policy tips. Nothing specifically for the "password-protected file" DLP policy

 

 

It could be that the policynudgerules file isn't updating properly. If you close Outlook, rename the file to something like .old (so you are not deleteing it), reopen outlook then click to create a new email it should recreate a new version of that file. Its worth then comparing the two files to check for differenses.

Also, if this is working for any of your users it is worth comparing there working policynudgerules file with your non-working one to check for differences.

Does this policy work in Outlook online?

Thanks @ByDesign1977 

After comparing the two versions, the old and the new ones are the actual same. 

 

OWA work perfectly fine. 

Tan_Kok_Hwa_0-1641786100438.png

 

Do you have any exceptions in the policies? If you do remove them, then remove the xml file mentions above, close and restart Outlook and then click to create a new email to test (please note though that after removing the exceptions that it can take up to 24hrs for the polcies to fully redeploy so test ever few hours)
@Tan_Kok_Hwa, did you try the above, this resolved a very similar issue for me.
Hi
So Sorry for the long wait. In the end, we decided not to rely on Policy Tip but rather use the moderator recipient approach instead. Routing the DLP matched email to their manager for approval before it can be sent to external domain.

https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/moderated-recipients-exo/mod...