MCAS Session Policy Exceptions for Trusted Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1936230%22%20slang%3D%22en-US%22%3EMCAS%20Session%20Policy%20Exceptions%20for%20Trusted%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1936230%22%20slang%3D%22en-US%22%3E%3CP%3ENew%20to%20MCAS%20and%20I%20do%20not%20have%20direct%20access%20so%20bear%20with%20me.%26nbsp%3B%3C%2FP%3E%3CP%3ERequired%20use%20case%3A%20Block%20emails%20that%20contain%20sensitive%20keywords%20except%20where%20the%20mail%20recipient%20is%20a%20trusted%20partner%20(check%20domain%20part%20of%20email%20address%20is%20one%20of%20a%20list%20of%20trusted%20partners%20e.g.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E.com).%3C%2FP%3E%3CP%3EBeing%20told%20by%20my%20supplier%20that%20it%20is%20not%20possible%20to%20do%20in%20MCAS%20and%20need%20to%20set%20up%20in%20O365%20Security%20%26amp%3B%20Comp%20Centre.%20They%20tell%20me%20that%20MCAS%20cannot%20check%20the%20mail%20recipient%20domain%20in%20the%20condition%2C%20only%20individual%20usernames%20that%20have%20been%20imported.%3C%2FP%3E%3CP%3EAny%20way%20I%20can%20do%20that%20in%20MCAS%20-%20to%20avoid%20rules%20in%20multiple%20places%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1936230%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1962192%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20Session%20Policy%20Exceptions%20for%20Trusted%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1962192%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F883682%22%20target%3D%22_blank%22%3E%40GrahamP67%3C%2FA%3E%26nbsp%3BI%20don't%20think%20MCAS%20is%20the%20right%20tool%20to%20configure%20DLP.%20You%20should%20block%20this%20in%20realtime%2C%20and%20except%20for%20session%20control%20that%20is%20not%20possible%20with%20MCAS.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

New to MCAS and I do not have direct access so bear with me. 

Required use case: Block emails that contain sensitive keywords except where the mail recipient is a trusted partner (check domain part of email address is one of a list of trusted partners e.g. @microsoft.com).

Being told by my supplier that it is not possible to do in MCAS and need to set up in O365 Security & Comp Centre. They tell me that MCAS cannot check the mail recipient domain in the condition, only individual usernames that have been imported.

Any way I can do that in MCAS - to avoid rules in multiple places?

1 Reply

@GrahamP67 I don't think MCAS is the right tool to configure DLP. You should block this in realtime, and except for session control that is not possible with MCAS.