Forum Discussion
Decrypt Journal Message DLP
Hello! We are currently in the process of setting up our first DLP policy for sensitive information. Everything seems to be working well, except for 1 issue. We have a specific group of people who's emails are journaled out to a third party. I cannot seem to figure out how to get these messages decrypted.
We do have this set. Set IRM Configuration - Journal Report Decryption Enabled $true
I have tried making Not statements, and add in a rule in the policy if sent from inside to the journal address remove the encryption... Nothing.
Any suggestions or pointers?
Thank you!
- miller34mikeMicrosoft
Hi mlittman
You could be looking at a priority order issue here. Where in the list of policies/rules does the exception for journal group lie?
- mlittmanCopper Contributor
Hello! I had it second rule after the first one which was to check for sensitive info and encrypt. Then the next rule was unless its from inside to the journal address, then decrypt it. I removed it this morning as it has been in place for couple days and wasn't doing anything so back at the drawing board. This is how the current policy looks (attaching pic). In the main rule i have tried to add the journal address and domain with the rest of my NOT objects as well and it did not work.
- miller34mikeMicrosoft
Hi mlittman
So, when you say not working, do you mean that all emails, even to the exclusions in the new policy are being encrypted? Or no email is being encrypted?