Data Loss Prevention send me as global admin alot of emails but the hit is incorrect

Brass Contributor

We are using O365 with SharePoint, OneDrive for Business, Exchange, Teams, Skype for Business etc..I created a new DLP policy for "Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents" and selected the privacy GDPR template for EU. I disabled the tooltip and notification settings for the endusers. I only enabled to send an email to my own emailaddress to test it first.


I receive now alot of emails from DLP hits. But I investigate the hit and it is false possitive. For example the sensitive info type "EU National Identification Number" gives a hit if the email contains a number like "0611133218". But this number is a phonenumber in an email! How can I finetune the rules so it will send only an email if it is a real hit?dlp policy eu.png

3 Replies

You can fine tune the match criteria under the Policy settings section and the rules therein. Notifications will be generated for every match though, it's a simple on/off switch.

@Vasil Michev can I find somewhere some tips about how to reduce the false possitives?