cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DLP Rule with very - too - long exception setting

PhilippeAugras
Brass Contributor

‎May 17 2022 06:09 AM

‎May 17 2022 06:09 AM

DLP Rule with very - too - long exception setting

Hello,

 

I have a request from my client asking for an alert to be generated whenever a user sends an email to a freemail service such as gmail. Client has a huge list of exception and whenever I try to implement this with a Compliance DLP rule's exception related to the recipient's domain, I get an error stating that "The generated rule blob is too long. The maximum length is 81920 and the length of the rule blob is 256040.". I tried to split the exclusion list between several rules in the same DLP policy but I get a lot of false positive. Any idea if this limited size  can be overriden ?

I guess that it would be better to implement this in Exchange but does Exchange Rules have the same kind of size limit ?

 

Regards,

 

P.

Labels:
1,269 Views
0 Likes
2 Replies
Reply
2 Replies
JasonBuchanan

‎Dec 08 2023 05:56 AM - edited ‎Dec 08 2023 05:57 AM

‎Dec 08 2023 05:56 AM - edited ‎Dec 08 2023 05:57 AM

Re: DLP Rule with very - too - long exception setting

@PhilippeAugras 
Did you ever find a solution to this?  I'm running into similar issues.  We are trying to add a lot of domains to alert on.  Sounds like a very similar use case as your client.  The guidance provided by Microsoft is that we can have <=5000 domains with length of <=67 characters.  So, a total of 335,000 characters.  We've added a list of domains with 67,152 characters.  Far shorter then both the 335,000 characters for domains and shorter then the warning message that the max length is 81,920.

0 Likes
Reply
JasonBuchanan

‎Dec 08 2023 06:20 AM

‎Dec 08 2023 06:20 AM

Re: DLP Rule with very - too - long exception setting

Review the rest of the DLP policy reference page I see that the "Maximum size of an individual DLP rule: 100 KB (102,400 characters)".  However, the limitations for condtions allow for many more characters. For example, the domain allows for 335,000 characters.  Am I reading the limitations for conditions incorrectly?  If not, why the disparity between what an individual condition is limited to and what the rule is limited to? 

0 Likes
Reply