Aug 21 2019
- last edited on
Feb 19 2021
We are using O365 with SharePoint, OneDrive for Business, Exchange, Teams, Skype for Business etc..I created a new DLP policy for "Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents" and selected the privacy GDPR template for EU. I disabled the tooltip and notification settings for the endusers. I only enabled to send an email to my own emailaddress to test it first.
I receive now alot of emails from DLP hits. But I investigate the hit and it is false possitive. For example the sensitive info type "EU National Identification Number" gives a hit if the email contains a number like "0611133218". But this number is a phonenumber in an email! How can I finetune the rules so it will send only an email if it is a real hit?
Aug 21 2019 11:00 AM
You can fine tune the match criteria under the Policy settings section and the rules therein. Notifications will be generated for every match though, it's a simple on/off switch.
Aug 26 2019 02:37 AM
@Vasil Michev can I find somewhere some tips about how to reduce the false possitives?
Aug 26 2019 09:00 AM
Tune the match criteria or create your own sensitive type: https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-...