ddotson
asked on
Office 365 DLP Policy Trouble
I am working on creating a DLP policy that does the following:
1) Provides a Policy Tip when Outlook detects that an email has a SSN in it.
2) Allows the user to send the message, but sends them an email advising them that they violated a policy
3) Allows an automatic override if the user supplies a subject-line based encryption trigger (encryption provided by our email security provider. Sits in front of O365)
4) Allows an automatic override if the user requests encryption using an Outlook plugin (the plugin adds a header to the message and the email security provider detects that and encrypts the message.
The problem I am having is that Office 365 Security and Compliance DLP Policies are rudimentary and don't appear to allow requirements 3 and 4. Exchange Online's DLP Policies allow everything but requirement 2.
Does anyone have any ideas around this? Does the newer Security and Compliance polices allow refining with Powershell? Thinking that maybe the GUI is rudimentary, and maybe I can get them to do what I want if I set them up with PS.
I've been beating my head against the wall on this. It doesn't help that MS's replication schedule is an unknown. I have no idea when the changes I make get applied.
Thanks in advance.
1) Provides a Policy Tip when Outlook detects that an email has a SSN in it.
2) Allows the user to send the message, but sends them an email advising them that they violated a policy
3) Allows an automatic override if the user supplies a subject-line based encryption trigger (encryption provided by our email security provider. Sits in front of O365)
4) Allows an automatic override if the user requests encryption using an Outlook plugin (the plugin adds a header to the message and the email security provider detects that and encrypts the message.
The problem I am having is that Office 365 Security and Compliance DLP Policies are rudimentary and don't appear to allow requirements 3 and 4. Exchange Online's DLP Policies allow everything but requirement 2.
Does anyone have any ideas around this? Does the newer Security and Compliance polices allow refining with Powershell? Thinking that maybe the GUI is rudimentary, and maybe I can get them to do what I want if I set them up with PS.
I've been beating my head against the wall on this. It doesn't help that MS's replication schedule is an unknown. I have no idea when the changes I make get applied.
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Let's the experts in EE know where they can help. It is just a kick start .
Ask new question where possible for larger pool of domain expert to chip in.
Ask new question where possible for larger pool of domain expert to chip in.
ASKER
Thanks for the help. This is a tough nut to crack.
But they do say a blind squirrel finds a nut once in awhile.
ASKER