Dec 18 2023 10:06 AM - edited Dec 19 2023 09:10 AM
Hello,
I am setting-up a DLP policy that can detect emails and person names in an email and if found (more than 10), raise an alert as they are PII data elements.
When enforced, the DLP policy is also scanning person names and emails from "to", "cc" and "bcc" fields in a long email chain and flagging the replies as "containing sensitive data".
How to ensure that the policy excludes any emails, dates (sent or received), and person names from the email's metadata (to, cc, bcc, and sent) fields?
I am using in-built "full name" classifier to detect person names and a regular expression for finding emails.
Thanks.
Feb 12 2024 03:11 PM
Try creating a nested conditions in Purview DLP like this:
It checks the email being sent and check the content of the email and NOT the email Headers patterns which includes sent, bcc, etc.