Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

DLP Exceptions issues

Brass Contributor



We are trying to setup a DLP Policy that does the following:

- If an email contains more than 10 credit card numbers and is being sent to an external email address, notify the DLPAdmin user, except if the source of the email is "". is our Azure Tenant (in this example).


So, we have created a new DLP Policy, as follows:

  • choose locations to apply the policy: Exchange email (all included, none excluded). No other Location is selected

Customized DLP Rule:

  • Sensitive info type: Credit Card Number (High Confidence 10 to Any) AND
  • Content is shared from M365 "with people outside my organization"
  • Except if sender is: ""
  • User notification on: notify these people / send the email to these additional people:

Turn the Policy on right away.



IMHO the above should work...however, always gets notified when the account send an email externally (and contains 10 or more credit cards). I thought the idea of the 'exceptions' was for the DLP rule to work, except when the exclusion = true.


What are we doing wrong?


Thank you,



3 Replies
it doesn't sound like you are doing anything wrong. can you upload a screen shot to confirm?

Hi @Joe Stocker,


Thank you for taking the time to respond.

I have attached the DLP Policy screenshots.


Not sure if its useful, but I am using Outlook Web Access, and not the Outlook client for this setup and testing.


Thank you,



In your case, try to add the exception when selecting the mailboxes and not when configuring the DLP rules.