Jun 20 2023 07:08 AM
Jun 20 2023 07:08 AM
Hello! We are currently in the process of setting up our first DLP policy for sensitive information. Everything seems to be working well, except for 1 issue. We have a specific group of people who's emails are journaled out to a third party. I cannot seem to figure out how to get these messages decrypted.
We do have this set. Set IRM Configuration - Journal Report Decryption Enabled $true
I have tried making Not statements, and add in a rule in the policy if sent from inside to the journal address remove the encryption... Nothing.
Any suggestions or pointers?
Jun 20 2023 08:58 AM
Hello! I had it second rule after the first one which was to check for sensitive info and encrypt. Then the next rule was unless its from inside to the journal address, then decrypt it. I removed it this morning as it has been in place for couple days and wasn't doing anything so back at the drawing board. This is how the current policy looks (attaching pic). In the main rule i have tried to add the journal address and domain with the rest of my NOT objects as well and it did not work.
Jun 20 2023 11:25 AM - edited Jun 20 2023 11:26 AM
So in the screenshot, that is our main policy I have been testing and adding on to. It works great. I have had to add exclusions (the NOT part) for some domains we use and everything is working good. Where I am running into trouble now is, that we have an transport rule that sends emails from a specific set of users off to a third party site via journaling. Those emails are encrypting. I cant figure out how to get the emails to that specific location without being encrypted. Hope that helps? (i have tried to add that journal domain and address in the current rule with the other domains and it did not work). I tried to make an additional rule below the rule in the screenshot to decrypt any messages from internal to the specific journal address and or domain and still encrypts the journaled email.
Jun 20 2023 12:17 PM
In exchange there is a connector for it. I don't believe there is any mail flow rule. I couldn't find any mail flow rule pointing to the connector. I put in a screenshot of the trace and the connector. As far as any other encryption rules in exchange we have one setup but you have to use the word [secure] in the subject line to encrypt. Ill eventually move that over to compliance center.