Forum Discussion

mlittman's avatar
mlittman
Copper Contributor
Jun 20, 2023

Decrypt Journal Message DLP

Hello! We are currently in the process of setting up our first DLP policy for sensitive information. Everything seems to be working well, except for 1 issue. We have a specific group of people who's emails are journaled out to a third party. I cannot seem to figure out how to get these messages decrypted. 

 

We do have this set. Set IRM Configuration - Journal Report Decryption Enabled $true

 

I have tried making Not statements, and add in a rule in the policy if sent from inside to the journal address remove the encryption... Nothing.

 

Any suggestions or pointers?

 

Thank you!

 

  • Hi mlittman 

     

    You could be looking at a priority order issue here. Where in the list of policies/rules does the exception for journal group lie?

    • mlittman's avatar
      mlittman
      Copper Contributor

      miller34mike 

       

      Hello! I had it second rule after the first one which was to check for sensitive info and encrypt. Then the next rule was unless its from inside to the journal address, then decrypt it. I removed it this morning as it has been in place for couple days and wasn't doing anything so back at the drawing board. This is how the current policy looks (attaching pic). In the main rule i have tried to add the journal address and domain with the rest of my NOT objects as well and it did not work. 

       

      • miller34mike's avatar
        miller34mike
        Icon for Microsoft rankMicrosoft

        Hi mlittman 

         

        So, when you say not working, do you mean that all emails, even to the exclusions in the new policy are being encrypted? Or no email is being encrypted?

Resources