Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Custom DLP Policy with only keywords


Security, Privacy & Compliance masters,


I am trying to setup supervision for my client and have a few questions and advice. First, in the supervision role, is there a way to control the supervised email. What I mean is that I want to gather 1% of all emails for all users. I also want to take an additional 1% for all users based on keywords we have identified in our Lexicon values. Is this possible? Is it even possible to supervise everyone at once? 


We are a SEC/FINRA regulated company and require supervision. Does anyone out there have any input for what other SEC/FINRA companies are doing out there for supervision? 




4 Replies
best response confirmed by Deleted

With the new, V2 version of Supervision, you should be able to do that. Use a distribution group to designate all users, and add the keywords as needed. You probably want to add condition to check attachments as well. Refer to the documentation for more info:

This is great! I appreciate the response. With that said i have another question. So as part of the supervision that needs to be in place. 


We have 2 types of user groups that need almost the same supervision. 


Group 1: We need 1% of all the mail that is sent and received across the entire group. Plain and straight forward.


Group 2: We need to capture 1% of each mailbox that is in the group. This group should populate more mail. 


Is group 2 possible? Or how is it configured by default, does setting a group with 1% do it across the group or 1% at the mailbox level.



What type of group are you referring to here? In general, you would use groups to ease the management - the group membership will be expanded and all individual mailboxes will be audited. But you can also add the mailboxes themselves.

Hopefully this will clarify. 


I created 2 mail enabled security groups. Each have a different subset of users


In group 1: I don't necessarily need to see all the mailboxes under the group. I know what users are in the group. I just need to see 1% of all of the mailboxes in one list. Thinking about it differently i want to supervise 1% of all emails and not in one mailbox. So if John sends 900 emails and Joan sends 100 emails, i want to supervise 10 emails total and not 9 emails from John and 1 email from Joan. Because of email volume, i may get all 10 from John and none from Joan. 


Group 2: I need to see 1% of every email for every user in the mail enabled security group.