Apr 15 2019
- last edited on
Feb 19 2021
I am utilizing the EAC mail flow rule setup by Microsoft to allow users to encrypt messages by typing encrypt into the subject line of their email when sending out emails with sensitive information. Since not all users will remember this, I have enabled DLP policies to help catch these emails and encrypt them when needed.
The problem is, these policies don't interact with each other like I thought they would. Even if an email is encrypted, it's still being scanned and flagged by DLP policies. As far as I can tell my only option is to turn on the DLP policies and set the action to "encrypt" anytime the information it's monitoring for is found. Whether the email is already encrypted or not.
Is there anyway to omit emails that have already been encrypted by the end user from being scanned by the DLP policies? Or for the DLP policies to detect that it has been encrypted and just let the email send through without reporting those instances?
It seems like the Encryption rule Microsoft enabled for users to encrypt their own emails is completely pointless if DLP is being utilized. End user training isn't even needed to teach them how to encrypt their own emails, but instead just enable DLP and have it encrypt everything that is being sent out with sensitive information.
Similar to what this user is commenting on: https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/18628825-al...
Apr 02 2021 11:38 AM - edited Apr 02 2021 11:44 AM
I am looking into this as well. Super helpful to have a DLP send a notification to the user stating "We have detected information in the message that contains PII, and BLOCK it the first time, please send as an encrypted message and continue to block it until encryption is applied
I know the safe guards of just encrypting random messages to get around the DLP.