Nov 24 2023 04:57 AM
Hello Community,
I'm trying to find a way to monitor emails containing sensitive information sent to an external recipient that has been whitelisted as part of the DLP policy rule. I have spoken with Microsoft support and they told me that such information is visible in the Explorer within the Microsoft Defender -> Email & Collaboration -> Delivery details under the "Primary Override: Source - None" field.
The problem is, that every email sent outside, with or without sensitive information, always has the same value: Primary Override: Source (value: None).
The goal that I want to achieve is to have visibility of all emails that contain sensitive information sent outside the organization, no matter if it was blocked, manually overridden, or whitelisted. Even if we put the recipient on the whitelist, we want to have visibility of every message that contains sensitive information.
Has anyone had similar needs and found a resolution?
Thank you in advance.
Nov 24 2023 08:57 AM
Nov 26 2023 04:32 PM
I thought one of the majors components becomes to 'sensitive information' did you defined and label yet?
Dec 12 2023 01:56 AM
Hello @Kidd_Ip
I'm sorry for the late reply. Unfortunately, I was struggling with illness.
Regarding your question - no, the files are not yet labeled. Currently, the policies are matching sensitive info types by their patterns.