Struggling with DLP Rules for Email Encryption- Need Help!

By
Aaron Garnes
-
0
0
Asked By TechieTommy42 On

I'm having a tough time getting Microsoft Purview DLP rules to work properly for detecting sensitive information like social security and credit card numbers. I've set up a DLP rule that detects these numbers, and a separate mail flow rule that adds a custom header to unencrypted emails. For the DLP rule to trigger, it needs to detect the sensitive content and the custom header, which it does. However, my boss insists that users must encrypt emails containing this info before sending them outside our organization.

I have a second mail flow rule that should strip the custom header when the email is encrypted, but the stripping doesn't seem to happen. I wish the DLP rules would allow exceptions for encrypted emails. I can automatically encrypt them, but my boss wants users to handle it manually. I've also set up a DLP rule to auto-encrypt emails with [Secure] in the subject line. Any advice or thoughts on how to handle this situation would be greatly appreciated!

3 Answers

Answered By EncryptionExpert99 On

Just double-check your encryption method; a lot of users confuse S/MIME with Microsoft Purview Message Encryption (OME). If your users are using the 'Encrypt' option in Outlook, that could be OME rather than S/MIME. If the message isn't truly S/MIME encrypted, your rule won't match, and the header won’t get stripped. Also, consider changing your rule condition to something broader, like 'message is encrypted,' which might catch both types.

Answered By AnalyticalAnna On

I think the order of your rules might be causing the issue. Sometimes, mail flow rules execute before the encryption is applied, which can lead to unexpected results. Make sure you’re aware of how that order impacts whether your rules see the message as encrypted or not.

Answered By SureThingDude On

You might want to keep everything within Purview rather than relying on Exchange rules. Sometimes, trying to manage too many different systems complicates things. If you can, maybe re-evaluate the DLP rules to act solely on what Purview can detect without involving Exchange. That might simplify things long-term.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.