SOLVED

DLP Policy, overriding and false positives

%3CLINGO-SUB%20id%3D%22lingo-sub-1434506%22%20slang%3D%22en-US%22%3EDLP%20Policy%2C%20overriding%20and%20false%20positives%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1434506%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EHey%20guys%2C%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EWe%20have%20a%20DLP%20policy%20in%20our%20environment%20to%20disallow%20our%20users%20from%20sending%20SSN%20numbers%2C%20HIPAA%20info%2C%20drivers%20license%20numbers%2C%20etc%20outside%20of%20our%20environment.%20If%20something%20is%20picked%20up%20and%20flagged%20is%20there%20any%20way%20to%20override%20and%20allow%20it%20through%20as%20an%20Admin%20or%20are%20we%20pretty%20much%20stuck%20letting%20the%20users%20report%20it%20as%20a%20false%20positive%20and%20letting%20it%20through%20on%20their%20end%3F%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EI've%20looked%20through%20the%20reports%2C%20and%20security%20and%20compliance%20area%20and%20haven't%20found%20anything%20but%20wanted%20to%20check%20and%20see%20if%20anyone%20here%20knew%20of%20alternatives.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1434506%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDLP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1435334%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20Policy%2C%20overriding%20and%20false%20positives%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1435334%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20configure%20end-user%20override%20as%20part%20of%20the%20rule%20configuration%2C%20via%20the%20%22%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3ELet%20people%20who%20see%20the%20tip%20override%20the%20policy%20and%20share%20the%20content.%3C%2FFONT%3E%22%20setting.%20If%20you%20want%20only%20admins%20to%20be%20able%20to%20override%2C%20you%20need%20to%20use%20a%20mail%20flow%20rule%20with%20%22moderate%22%20action%2C%20meaning%20you%20are%20limited%20to%20the%20%22legacy%22%20DLP%20experience%20and%20only%20Exchange%20Online%20content.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1436646%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20Policy%2C%20overriding%20and%20false%20positives%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1436646%22%20slang%3D%22en-US%22%3EAwesome%2C%20thanks%20man!%20I've%20ran%20into%20a%20few%20options%20we%20want%20that%20are%20only%20available%20with%20mailflow%20rules.%3C%2FLINGO-BODY%3E
New Contributor

Hey guys,

We have a DLP policy in our environment to disallow our users from sending SSN numbers, HIPAA info, drivers license numbers, etc outside of our environment. If something is picked up and flagged is there any way to override and allow it through as an Admin or are we pretty much stuck letting the users report it as a false positive and letting it through on their end?

 

I've looked through the reports, and security and compliance area and haven't found anything but wanted to check and see if anyone here knew of alternatives.

2 Replies
best response confirmed by A_AronL (New Contributor)
Solution

You can configure end-user override as part of the rule configuration, via the "Let people who see the tip override the policy and share the content." setting. If you want only admins to be able to override, you need to use a mail flow rule with "moderate" action, meaning you are limited to the "legacy" DLP experience and only Exchange Online content.

Awesome, thanks man! I've ran into a few options we want that are only available with mailflow rules.