none
DLP email attachment conditions RRS feed

  • Question

  • Hello, 

    I have been working on implementing the DLP Policy Tips for Outlook in the O365 Security & Compliance admin console. I want to put a condition on my rule that if a sensitive info type is present, and there is an attachment, and the recipient is from an external domain, then trigger the policy tip telling the user to send encrypted. 

    But I cannot get the condition for the attachment to work. And the online guides are outdated or wrong and don't address this use case of targeting a specific attachment. 

    I have tried the following formats as the condition and none of them work. what is the correct syntax for putting a condition on a DLP policy when you need to see an attachment or a certain kind of document? example, .docx

    here is what doesn't work: 

    • *.doc
    • .docx
    • “.docx”
    • “*.docx”

    Also, it seems when you look for a sensitive info type, or keyword, you cannot specify where MS DLP should look. It looks everywhere (headers of emails, subject line, body, attachments). but I need an exception based on a keyword, to stop DLP from processing and showing a Policy Tip if the message is being sent encrypted (example: #Secure# in the subject line). But if you put that keyword anywhere (body, attachment, etc.) MS DLP reads it, and applies the exception, even though it is not being sent encrypted. Lot of holes to poke here, so i'lll stop now. 

    Tuesday, November 19, 2019 2:48 PM

All replies

  • Let me put it that way - if you need such granular controls, you are better off using the old-style Exchange DLP rules. The DLP functionality in the SCC ("unified" DLP) is intended to work across all workloads, thus it makes certain assumptions and limits you in the type of customization you can make to the rules.

    Tuesday, November 19, 2019 5:02 PM
  • Hi Blasto,

    According to my research, there does not seem to be a condition of the attachment.

    You can refer to this user voice below and vote it.

    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36144265-policy-tips-don-t-work-in-outlook-for-some-types-o

    In addition, you can take Vasil's recommendation sedation to use old-style Exchange DLP rules.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, November 20, 2019 8:26 AM
  • Hi

    I am checking your situation here.

    Any progress on your troubleshooting?

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, November 22, 2019 9:01 AM