Nov 27 2020 07:30 AM
New to MCAS and I do not have direct access so bear with me.
Required use case: Block emails that contain sensitive keywords except where the mail recipient is a trusted partner (check domain part of email address is one of a list of trusted partners e.g. @Pernille-Eskebo.com).
Being told by my supplier that it is not possible to do in MCAS and need to set up in O365 Security & Comp Centre. They tell me that MCAS cannot check the mail recipient domain in the condition, only individual usernames that have been imported.
Any way I can do that in MCAS - to avoid rules in multiple places?
Dec 07 2020 03:02 AM
@GrahamP67 I don't think MCAS is the right tool to configure DLP. You should block this in realtime, and except for session control that is not possible with MCAS.