cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

DLP Policy, overriding and false positives

A_AronL
Copper Contributor

‎Jun 02 2020 01:30 PM - last edited on ‎May 24 2021 02:10 PM by

‎Jun 02 2020 01:30 PM - last edited on ‎May 24 2021 02:10 PM by

DLP Policy, overriding and false positives

Hey guys,

We have a DLP policy in our environment to disallow our users from sending SSN numbers, HIPAA info, drivers license numbers, etc outside of our environment. If something is picked up and flagged is there any way to override and allow it through as an Admin or are we pretty much stuck letting the users report it as a false positive and letting it through on their end?

 

I've looked through the reports, and security and compliance area and haven't found anything but wanted to check and see if anyone here knew of alternatives.

6,678 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by A_AronL (Copper Contributor)
Vasil Michev

‎Jun 03 2020 12:05 AM

‎Jun 03 2020 12:05 AM

Solution

Re: DLP Policy, overriding and false positives

You can configure end-user override as part of the rule configuration, via the "Let people who see the tip override the policy and share the content." setting. If you want only admins to be able to override, you need to use a mail flow rule with "moderate" action, meaning you are limited to the "legacy" DLP experience and only Exchange Online content.

1 Like
Reply
A_AronL

‎Jun 03 2020 08:44 AM

‎Jun 03 2020 08:44 AM

Re: DLP Policy, overriding and false positives

Awesome, thanks man! I've ran into a few options we want that are only available with mailflow rules.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by A_AronL (Copper Contributor)
Vasil Michev

‎Jun 03 2020 12:05 AM

‎Jun 03 2020 12:05 AM

Solution

Re: DLP Policy, overriding and false positives

You can configure end-user override as part of the rule configuration, via the "Let people who see the tip override the policy and share the content." setting. If you want only admins to be able to override, you need to use a mail flow rule with "moderate" action, meaning you are limited to the "legacy" DLP experience and only Exchange Online content.

View solution in original post

1 Like
Reply