Apr 15 2019
07:14 AM
- last edited on
Feb 19 2021
04:59 AM
by
TechCommunityAP
Apr 15 2019
07:14 AM
- last edited on
Feb 19 2021
04:59 AM
by
TechCommunityAP
I am utilizing the EAC mail flow rule setup by Microsoft to allow users to encrypt messages by typing encrypt into the subject line of their email when sending out emails with sensitive information. Since not all users will remember this, I have enabled DLP policies to help catch these emails and encrypt them when needed.
The problem is, these policies don't interact with each other like I thought they would. Even if an email is encrypted, it's still being scanned and flagged by DLP policies. As far as I can tell my only option is to turn on the DLP policies and set the action to "encrypt" anytime the information it's monitoring for is found. Whether the email is already encrypted or not.
Is there anyway to omit emails that have already been encrypted by the end user from being scanned by the DLP policies? Or for the DLP policies to detect that it has been encrypted and just let the email send through without reporting those instances?
It seems like the Encryption rule Microsoft enabled for users to encrypt their own emails is completely pointless if DLP is being utilized. End user training isn't even needed to teach them how to encrypt their own emails, but instead just enable DLP and have it encrypt everything that is being sent out with sensitive information.
Similar to what this user is commenting on: https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/18628825-al...
Jan 25 2021 05:00 AM
Did you get anywhere with this?
Apr 02 2021 11:38 AM - edited Apr 02 2021 11:44 AM
I am looking into this as well. Super helpful to have a DLP send a notification to the user stating "We have detected information in the message that contains PII, and BLOCK it the first time, please send as an encrypted message and continue to block it until encryption is applied
I know the safe guards of just encrypting random messages to get around the DLP.
Nov 15 2021 12:46 PM
I figured this out. You have to add another rule, in position 0, that explicitly does NOTHING to an encrypted email. The Except Message Type Encrypted does not work. You have to create an additional rule.
Feb 09 2022 06:28 PM
Hi! where did you create the rule in Complaince or Exchange. Please provide more info on condition and action applied so that we can try,
Feb 09 2022 08:27 PM
Jan 12 2023 09:47 AM
May 31 2023 08:53 AM
Jan 09 2024 02:02 PM
Feb 08 2024 02:34 PM
The key to this is to create a custom DLP policy that looks for the key word(s) in the Subject (in the case below "Secure:"). This policy needs to be in priority 0 and once matched, stops processing additional DLP policies. See below: