SOLVED

DLP Exclusions

Occasional Contributor

Hi,

 

We'd like to setup a DLP Policy to inform me when someone shares more than 10 credit card numbers via an email, except when it is sent from a specific internal email "clientservices@adatum.com".

 

We have created a new DLP Policy that does notify me when anyone sends more than 10 credit card numbers. We then created a Distribution Group, containing the account of "clientservices@adatum.com", and added this DL to the Exclusion List (as per screenshot).

 

However, I am still receiving notifications from all accounts that send more than 10 credit card numbers, including "clientservices@adatum.com".

 

What have we done wrong in the DLP Policy configuration?

 

Thank you

SKDLP_1.JPG

4 Replies
You need to add the exclusion in the DLP rule, not the policy. Do note that in order to be able to use such exceptions, the DLP policy must be using Exchange as the location (avoid adding other locations).

@Vasil Michev 

 

Thank you for replying.

Are you able to be more specific please?

 

If I look at the rule, and more specifically the "Exceptions" section, I can only set exceptions for:

  • Except if content contains
  • Except if content is shared from M365
  • Except if attachment's file extension is
  • Except if document property is

None of these exception options allow me to stipulate the source email address though?

 

Is there another rule setting I should be looking at?

 

Thank you,

SK

best response confirmed by ShimKwan (Occasional Contributor)
Solution
The list of available conditions/exceptions depends on the "workloads" selection for the DLP policy. To see the exceptions I was referring to, go back to the policy settings and only select Exchange as the workload.
@Vasil Michev

Thank you, that definitely revealed more options for me to chose from, thank you!!!
I assume similarly, more options will be available if I only select "Teams" for example.
Which means, we may land up with quite a number of DLP Policies within the organization.

You have been most helpful, thank you again!
SK