Forum Discussion
DLP rules not matching
We have O365 E5. I have enabled DLP with the standard PCI rules for Exchange, OneDrive and SharePoint, using Test with Policy tips, but we are not not seeing any entries in the policy matches report, nor any ToolTips. Any suggestions for troubleshooting? Thank you for any insights.
4 Replies
It's all about Match Accuracy and Instance Count. That's where your policy tuning happens. Microsoft doesn't do a great job describing how the percentages in Match Accuracy increase or decrease the alerting/blocking threshold, so you'll have to test it out and tune it yourself before it goes into prod.
That being said, take a look at my screen grab and look where I dropped the minimum match threshold to 10% on IP Addresses and SSNs. Try it yourself and you should see the alerting and blocking actions occur. From there, increase until you've met your desired threshold.
Cheers!
- One thing that took me a while to figure out is that you need to provide some context in your files or emails. You can't just have a credit number by itself and expect it to find it. The algorithms are looking for words like "credit card, amex, routing number, visa, expiration date, ssn, etc."
Once I started putting additional text like that in my test files and test emails, then the policies started triggering.
Jason Hartman Thank you for the link. That doesn't address our issue, unfortunately.
