Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

DLP Policy Checking To, Cc, and Bcc Fields in Email

Copper Contributor



 I am setting-up a DLP policy that can detect emails and person names in an email and if found (more than 10), raise an alert as they are PII data elements.


When enforced, the DLP policy is also scanning person names and emails from "to", "cc" and "bcc" fields in a long email chain and flagging the replies as "containing sensitive data".


How to ensure that the policy excludes any emails, dates (sent or received), and person names from the email's metadata (to, cc, bcc, and sent) fields?


I am using in-built "full name" classifier to detect person names and a regular expression for finding emails.



1 Reply



Try creating a nested conditions in Purview DLP like this:


It checks the email being sent and check the content of the email and NOT the email Headers patterns which includes sent, bcc, etc.