DLP Policy Priority

%3CLINGO-SUB%20id%3D%22lingo-sub-3033945%22%20slang%3D%22en-US%22%3EDLP%20Policy%20Priority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3033945%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20a%20hybrid%20exchange%20env.%20For%20DLP%2C%20I%20have%20a%20policy%20that%20is%20priority%200%20and%20a%20policy%20that%20is%20priority%201.%20Both%20of%20these%20policies%20share%20a%20distribution%20group.%20It%20seems%20to%20be%20almost%20random%20which%20policy%20is%20assigned%20when%20a%20DLP%20event%20is%20generated.%20I've%20change%20the%20registry%20keys%20and%20copied%20policy%20nudges%20of%20functional%20machines%2C%20only%20to%20have%20the%20policy%20revert%20itself.%20The%20biggest%20difference%20in%20the%20two%20policies%20is%20that%20policy%20priority%201%20has%20the%20%22business%20justification%20override%22%20feature%20turned%20on%20and%20policy%20priority%200%20just%20has%20the%20override%20feature.%20Is%20there%20more%20granular%20logs%20I%20can%20look%20at%20to%20find%20out%20where%20it's%20breaking%20%2F%20how%20it's%20breaking%3F%20Any%20thoughts%20or%20need%20more%20info%3F%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3033945%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EData%20Loss%20Prevention%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3035935%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20Policy%20Priority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3035935%22%20slang%3D%22en-US%22%3EBump%3A%20Update.%20I%20noticed%20both%20policies%20have%20priority%200%20and%201%20when%20looking%20at%20an%20overview%20of%20the%20policy.%20However%2C%20when%20you%20select%20to%20edit%20an%20individual%20policy%2C%20it%20shows%20that%20both%20are%20labeled%20as%20priority%200%20and%20I%20cannot%20select%20anything%20other%20than%20that.%20Thoughts%3F%3C%2FLINGO-BODY%3E
New Contributor

Hello all,

 

This is a hybrid exchange env. For DLP, I have a policy that is priority 0 and a policy that is priority 1. Both of these policies share a distribution group. It seems to be almost random which policy is assigned when a DLP event is generated. I've change the registry keys and copied policy nudges of functional machines, only to have the policy revert itself. The biggest difference in the two policies is that policy priority 1 has the "business justification override" feature turned on and policy priority 0 just has the override feature. Is there more granular logs I can look at to find out where it's breaking / how it's breaking? Any thoughts or need more info? Thanks!

1 Reply
Bump: Update. I noticed both policies have priority 0 and 1 when looking at an overview of the policy. However, when you select to edit an individual policy, it shows that both are labeled as priority 0 and I cannot select anything other than that. Thoughts?