SOLVED

Custom DLP Policy with only keywords

Contributor

Security, Privacy & Compliance masters,

 

I am trying to setup supervision for my client and have a few questions and advice. First, in the supervision role, is there a way to control the supervised email. What I mean is that I want to gather 1% of all emails for all users. I also want to take an additional 1% for all users based on keywords we have identified in our Lexicon values. Is this possible? Is it even possible to supervise everyone at once? 

 

We are a SEC/FINRA regulated company and require supervision. Does anyone out there have any input for what other SEC/FINRA companies are doing out there for supervision? 

 

Thanks,

 

4 Replies
Best Response confirmed by Deleted
Solution

With the new, V2 version of Supervision, you should be able to do that. Use a distribution group to designate all users, and add the keywords as needed. You probably want to add condition to check attachments as well. Refer to the documentation for more info: https://support.office.com/en-us/article/Configure-supervision-policies-for-your-organization-d14ae7...

This is great! I appreciate the response. With that said i have another question. So as part of the supervision that needs to be in place. 

 

We have 2 types of user groups that need almost the same supervision. 

 

Group 1: We need 1% of all the mail that is sent and received across the entire group. Plain and straight forward.

 

Group 2: We need to capture 1% of each mailbox that is in the group. This group should populate more mail. 

 

Is group 2 possible? Or how is it configured by default, does setting a group with 1% do it across the group or 1% at the mailbox level.

 

Thanks!

What type of group are you referring to here? In general, you would use groups to ease the management - the group membership will be expanded and all individual mailboxes will be audited. But you can also add the mailboxes themselves.

Hopefully this will clarify. 

 

I created 2 mail enabled security groups. Each have a different subset of users

 

In group 1: I don't necessarily need to see all the mailboxes under the group. I know what users are in the group. I just need to see 1% of all of the mailboxes in one list. Thinking about it differently i want to supervise 1% of all emails and not in one mailbox. So if John sends 900 emails and Joan sends 100 emails, i want to supervise 10 emails total and not 9 emails from John and 1 email from Joan. Because of email volume, i may get all 10 from John and none from Joan. 

 

Group 2: I need to see 1% of every email for every user in the mail enabled security group.