cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Data Loss Prevention - External Emails

Ben Curran
Brass Contributor

‎Feb 15 2021 03:13 AM - last edited on ‎Nov 16 2021 12:14 PM by

‎Feb 15 2021 03:13 AM - last edited on ‎Nov 16 2021 12:14 PM by

Data Loss Prevention - External Emails

Hi,

 

Hoping someone can help me. I have a number of DLP polices setup, which are working and alerting users as they should be. The issue I have is when DLP sends an alert externally, to a guest account, it changes the 'from' address from the tenant domain to no-reply@sharepointonline.com, causing issues with some client spam filters.


I have looked in the DLP policy but am unable to see any setting that will change the 'from' address to the domain name. Can anyone help with guidance to resolve this please? 


Regards

Ben

2,108 Views
0 Likes
3 Replies
Reply
3 Replies
Vasil Michev

‎Feb 15 2021 09:56 AM

‎Feb 15 2021 09:56 AM

Re: Data Loss Prevention - External Emails

Didnt even expect to have DLP policies fire on Guest accounts. But the no-reply address is "standard" behavior for SPO notifications - the user's account will be used, if found, and if not, the no-reply address.

1 Like
Reply
Ben Curran

‎Feb 16 2021 12:41 AM

‎Feb 16 2021 12:41 AM

Re: Data Loss Prevention - External Emails

@Vasil Michev 

 

Thanks for the response.

 

The response you have given is the same as I receive from Microsoft when I discuss how services are limited for Guest users in a tenant, even though their business architecture is to use BYOD for both devices and subscriptions. It amazes me how much is overlooked from a Guest account, from little things like this to big things such as authenticating to IaaS and PaaS services.

 

It seems in this case the no-reply@sharepointonline.com is being treated as a spam email buy the Guests systems because it isnt passing authentication. I am exploring DMARC, DKIM and transport rule options to see which may be able to solve the issue in the safest way.

0 Likes
Reply
best response confirmed by Ben Curran (Brass Contributor)
Ben Curran

‎Feb 23 2021 07:13 AM

‎Feb 23 2021 07:13 AM

Solution

Re: Data Loss Prevention - External Emails

After doing a lot of testing the best solution, due to a number of reasons with external spam settings, was to create a Power Automate flow to pickup up the information of the DLP alert from an email in a shared mail box. The flow extracts the required information needed to inform the user of the event and presents it in a fully customised email sent from the shared mailbox.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Ben Curran (Brass Contributor)
Ben Curran

‎Feb 23 2021 07:13 AM

‎Feb 23 2021 07:13 AM

Solution

Re: Data Loss Prevention - External Emails

After doing a lot of testing the best solution, due to a number of reasons with external spam settings, was to create a Power Automate flow to pickup up the information of the DLP alert from an email in a shared mail box. The flow extracts the required information needed to inform the user of the event and presents it in a fully customised email sent from the shared mailbox.

View solution in original post

0 Likes
Reply