cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Block sending emails containing attached sensitive documents

gencv
Occasional Contributor

‎Aug 31 2020 04:20 AM - last edited on ‎May 24 2021 02:11 PM by

‎Aug 31 2020 04:20 AM - last edited on ‎May 24 2021 02:11 PM by

Block sending emails containing attached sensitive documents

Hi,

 

Is it possible to create an EXO mail flow rule to block sending to externals, emails that contain attached labeled documents?

Documents are labeled via sensitivity labels (i.e. strictly confidential). 

 

Thanks,

Genc

6,716 Views
0 Likes
5 Replies
Reply
5 Replies
gencv

‎Aug 31 2020 05:30 AM - edited ‎Aug 31 2020 05:31 AM

‎Aug 31 2020 05:30 AM - edited ‎Aug 31 2020 05:31 AM

Re: Block sending emails containing attached sensitive documents

@ChristianBergstrom thank you for the feedback. Actually the link describes the way how to block a labeled email, but not a labeled attachment.
I need a mail flow rule that can be created based on the attachment label.

Use case: I label an email as General and attach on it a document labeled as Secret.

 

I'm trying via mail flow rule:

1. Apply this rule if: the recipient is outside the organization

and

2. Any attachment: has these properties, including any of these words

Property: Confidentiality --> Value: Secret

3. Reject the message with the explanation: Secret document cannot be sent outside the company

...but so far it doesn't work.

 

0 Likes
Reply
best response confirmed by gencv (Occasional Contributor)
ChristianBergstrom

‎Aug 31 2020 06:04 AM

‎Aug 31 2020 06:04 AM

Solution

Re: Block sending emails containing attached sensitive documents

@gencv Hello, you can configure it for attachments as well.

 

"If found, we know that this message (or one of its attachments) is protected with the label, so the rule can go ahead and block the message."

 

Look at this example for guidance https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules#example-2-rule-tha...

0 Likes
Reply
gencv

‎Aug 31 2020 06:35 AM

‎Aug 31 2020 06:35 AM

Re: Block sending emails containing attached sensitive documents

@ChristianBergstrom thank you!

The way of defining the attachment property and value solved my problem.

 

Thank you again!

1 Like
Reply
Lassaad_TOUKABRI

‎May 21 2021 07:12 PM

‎May 21 2021 07:12 PM

Re: Block sending emails containing attached sensitive documents

You can use powershell to get blocked with a pop up notificiation when sensitive label is Highly Confidential for example :

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

(Get-LabelPolicy -Identity "Highly Confidential").settings
# you can get the GUID of your Label
Get-Label | Format-Table -Property DisplayName,Name, Guid -AutoSize
# add your domain here or any other trusted domain that you went to allow
Set-LabelPolicy -Identity "Highly Confidential" -AdvancedSettings @{OutlookBlockTrustedDomains="onmicrosoft.com"}
#use the guid of you label in this command
Set-LabelPolicy -Identity "Highly Confidential" -AdvancedSettings @{OutlookBlockUntrustedCollaborationLabel="GUID of Your Label"}




0 Likes
Reply