cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure DLP Exclusions

ShimKwan
Brass Contributor

‎May 25 2021 08:39 PM - edited ‎May 25 2021 09:36 PM

‎May 25 2021 08:39 PM - edited ‎May 25 2021 09:36 PM

Azure DLP Exclusions

Hi,

 

We have a simple requirement, and are hoping someone can assist us:

 

Notify the DLPAdministrator when anyone in the company sends an email containing more than 10 credit card numbers to an external recipient, except if the email is sent from our CustomerService email account. 

 

This is how we have configured our DLP Policy:

Name: PCI DSS Policy

Locations: Exchange Email (status = on). Included = All, Excluded = None. All other locations are Off.

Customize advanced DLP rules:

  Rule 1

  Conditions > Content Contains > Sensitive Info Types > Credit Card Number > High Confidence      >     Instance count 10 to Any

AND

Content is shared from Microsoft 365 > with people outside my organization

 

Exceptions > except if sender is > CustomerService@myorganisation.com

 

Incident Reports > Send an alert to admins when a rule match occurs = On

Send email alerts to these people > DLPAdministrator@myorganisation.com

Send alert every time an activity matches the rule (selected)

 

Turn policy on right away (selected).

 

However, everytime an email is sent from CustomerService@myorganisation.com to an external 'gmail' recipient containing credit card numbers, the DLPAdministrator get notified. The DLP Rule is not working.

 

We thought the 'exceptions' setting in the DLP rule would work as expected, and not notify the DLPAdministrator.

 

Did we misunderstand something?

Did we misconfigure something?

 

Thank you,

Shim

 

Labels:
606 Views
0 Likes
0 Replies
Reply
0 Replies