cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

O365 DLP Policy Setup

kengab
Copper Contributor

‎Jul 20 2021 08:13 AM

‎Jul 20 2021 08:13 AM

O365 DLP Policy Setup

I setup a custom DLP policy for US PII data that generates incident reports if a sensitive information was present in the email. Is there a configuration where if an email is encrypted as an exception to the rule, it will not trigger the report. 

The idea is if an email message is encrypted, it will not generate an incident report.


Current setup:

Rule consists of

 if message contains sensitive information and shared outside organization

except if message type is encrypted

stop processing additional dlp policies and rules if there's a match for this rule.

kengab_0-1626793248934.png

But it appears the exception is not working.

 

Note: Testing the "Encrypt only" feature.

 

Thanks,

Kennie

 

 

2,010 Views
1 Like
6 Replies
Reply
6 Replies
jrodriguezAP

‎Oct 08 2021 07:35 AM

‎Oct 08 2021 07:35 AM

Re: O365 DLP Policy Setup

I'm in the exact same spot and confirm the rule exception is not working in my environment, either. Setting the "message type is" to another option (tested with meeting invites) does work, so the rule logic itself operates, it just doesn't detect encrypted messages as one would expect.
1 Like
Reply
dgs6466

‎Nov 15 2021 11:40 AM

‎Nov 15 2021 11:40 AM

Re: O365 DLP Policy Setup

Upvote, sames
0 Likes
Reply
best response confirmed by kengab (Copper Contributor)
jrodriguezAP

‎Nov 16 2021 01:46 PM

‎Nov 16 2021 01:46 PM

Solution

Re: O365 DLP Policy Setup

@kengab try setting Message Type is: Permission Controlled - that did the trick on my setup.

jrodriguezAP_0-1637099161141.png

 

1 Like
Reply
dgs6466

‎Nov 17 2021 04:05 AM

‎Nov 17 2021 04:05 AM

Re: O365 DLP Policy Setup

I tried that. Didn’t work. What did work is creating a blank rule at position zero which identifies encrypted messages and does nothing to them. The “except” for encrypted or protected messages doesn’t work.
0 Likes
Reply
jrodriguezAP

‎Nov 17 2021 06:38 AM

‎Nov 17 2021 06:38 AM

Re: O365 DLP Policy Setup

Ah, gotcha. can't say i tested the except within a rule. I designed my policies similar to how you're describing: i have a first-order policy with however many rules in there as positive finds, bypassing any other DLP if triggered, then actual DLP handling in a separate policy afterwards.

Out of curiosity, are you using DLP controls via Labels or Outlook Message Encryption (say a Transport rule, for example)? I'm stuck with the latter until I can migrate us to Labels, and i suspect that's part of the issue with detecting protected messages.
0 Likes
Reply
kengab

‎Mar 18 2022 05:07 PM

‎Mar 18 2022 05:07 PM

Re: O365 DLP Policy Setup

Hi there,

With my current DLP setup,
I have separated and move my DLP policy for exchange in mail transport rule and I have DLP policy for Sharepoint/Teams/OneDrive in Security and Compliance.

The reason I move DLP for exchange in transport rule is that, I can move them in quarantine for review so I know what are being detected as false positives. The only problem with that is, emails that I released from quarantine were requarantined so I have to release the email twice every time. Anyone experience this?
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by kengab (Copper Contributor)
jrodriguezAP

‎Nov 16 2021 01:46 PM

‎Nov 16 2021 01:46 PM

Solution

Re: O365 DLP Policy Setup

@kengab try setting Message Type is: Permission Controlled - that did the trick on my setup.

jrodriguezAP_0-1637099161141.png

 

View solution in original post

1 Like
Reply