DLP Exceptions issues

ShimKwan · ‎May 24 2021

Hi,

We are trying to setup a DLP Policy that does the following:

- If an email contains more than 10 credit card numbers and is being sent to an external email address, notify the DLPAdmin user, except if the source of the email is "customerservice@ourcompany.com".

@ourcompany.com is our Azure Tenant (in this example).

So, we have created a new DLP Policy, as follows:

choose locations to apply the policy: Exchange email (all included, none excluded). No other Location is selected

Customized DLP Rule:

Sensitive info type: Credit Card Number (High Confidence 10 to Any) AND
Content is shared from M365 "with people outside my organization"
Except if sender is: "customerservice@ourcompany.com"
User notification on: notify these people / send the email to these additional people: DLPAdmin@ourcompany.com

Turn the Policy on right away.

------------

IMHO the above should work...however, DLPAdmin@ourcompany.com always gets notified when the customerservice@ourcompany.com account send an email externally (and contains 10 or more credit cards). I thought the idea of the 'exceptions' was for the DLP rule to work, except when the exclusion = true.

What are we doing wrong?

Thank you,

SK

Joe Stocker · ‎May 30 2021

it doesn't sound like you are doing anything wrong. can you upload a screen shot to confirm?

ShimKwan · ‎May 31 2021

Hi @Joe Stocker,

Thank you for taking the time to respond.

I have attached the DLP Policy screenshots.

Not sure if its useful, but I am using Outlook Web Access, and not the Outlook client for this setup and testing.

Thank you,

Shim

DLP Exceptions issues

DLP Exceptions issues

Re: DLP Exceptions issues

Re: DLP Exceptions issues

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

DLP Exceptions issues

DLP Exceptions issues

Re: DLP Exceptions issues

Re: DLP Exceptions issues