Hi
I'm just wondering if I'm doing this right, testing how everything works as I'm currently trying to learn more about DLP and Sensitivity labels.
I wanted to see if I can catch usernames and password sharing in emails only, and if it contains a username or password auto encrypt the email and send me an Alert.
First I created a DLP policy that applies to Exchange email.
For the Rules I did the following.
Content contains any of these sensitivity info types: (Pre made Microsoft)
Azure AD User Credentials
User Login Credentials
General Password
Actions
Encrypt message
Send alerts to Administrators.
After testing a couple of emails I found that it misses a lot of emails when I just type for example Username:
user @ domain.com pass: asdjfhwsd78f
So I created a new sensitivity info type based on keywords, Password, Username, Pwd, Credentials
This will catch at least my test emails due to they contain the words, password, username etc.
But why is not Microsoft pre-made sensitive info types NOT catching this? And is there a better way of doing this?
This is just me testing in my Dev tenant to learn more.
