Office 365 DLP Policy Trouble

I am working on creating a DLP policy that does the following:

1) Provides a Policy Tip when Outlook detects that an email has a SSN in it.
2) Allows the user to send the message, but sends them an email advising them that they violated a policy
3) Allows an automatic override if the user supplies a subject-line based encryption trigger (encryption provided by our email security provider.  Sits in front of O365)
4) Allows an automatic override if the user requests encryption using an Outlook plugin (the plugin adds a header to the message and the email security provider detects that and encrypts the message.

The problem I am having is that Office 365 Security and Compliance DLP Policies are rudimentary and don't appear to allow requirements 3 and 4.  Exchange Online's DLP Policies allow everything but requirement 2.

Does anyone have any ideas around this?  Does the newer Security and Compliance polices allow refining with Powershell?  Thinking that maybe the GUI is rudimentary, and maybe I can get them to do what I want if I set them up with PS.

I've been beating my head against the wall on this.  It doesn't help that MS's replication schedule is an unknown.  I have no idea when the changes I make get applied.

Thanks in advance.
ddotsonAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
1) and 2) should be possible and you can customise the mail text and tips. But with caveats
Email notifications can be sent only to individual recipients—not groups or distribution lists.

Only new content will trigger an email notification. Editing existing content will trigger policy tips but not an email notification.
https://support.office.com/en-us/article/send-email-notifications-and-show-policy-tips-for-dlp-policies-87496bc5-9601-4473-8021-cb05c71369c1
(sensitive type to look for) https://support.office.com/en-us/article/what-the-sensitive-information-types-look-for-fd505979-76be-4d9f-b459-abef3fc9e86b

For 3) it can allow modify of the mail content via use of right protection (Need the RMS component) or apply the its 365 message encryption  or requires channel TLS encryption. Not so sure if I get it that you wanted another entity to do this encryption. And if so, then minimally you should ensure the channel is encrypted to that entity
http://ehloexchange.com/office-365-message-encryption-policies/
(more on the 365 encryption built on top of Azure Information Protection) https://products.office.com/en-sg/exchange/office-365-message-encryption

For 4) it will not be an out of box capability and currently not available. There is actually an user voice to MS for the Outlook Plugin for users to initiate and encrypted email. But there is similar sharing in one blog which it aims to have a single click to apply encryption to any outgoing email message. A brief step through is e.g. create a new message classification for encrypted emails, tagged this id to a rule that encrypt any outgoing, export classification id as xml and push out to all client so that they can click to state the email is classified under "encrypted emails"
https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/16906315-office-365-message-encryption-user-driven-outlook
https://www.skylinetechnologies.com/Blog/Skyline-Blog/August-2015/EmailMessageEncryption?saveda=1
0
 
yo_beeConnect With a Mentor Director of Information TechnologyCommented:
I do not know anything about the setting or applying this, but I did read this from https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e

Help users learn how to stay compliant without interrupting their workflow.
You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook 2013 and later, Excel 2016, PowerPoint 2016, and Word 2016.

In addition to the link above there looks like there is an Override option with in the template that you create.  In this link https://practical365.com/compliance/getting-comfortable-data-loss-prevention-policies-office-365/  scroll down mid way and you will see a screenshot that shows an override and what it will look like.  

Hope this helps
0
 
ddotsonAuthor Commented:
Yeah, it seems that I'm going to struggle to get all 4 needs in one policy.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
btanExec ConsultantCommented:
Let's the experts in EE know where they can help. It is just a kick start .
 Ask new question where possible for larger pool of domain expert to chip in.
0
 
ddotsonAuthor Commented:
Thanks for the help.  This is a tough nut to crack.
0
 
yo_beeDirector of Information TechnologyCommented:
But they do say a blind squirrel finds a nut once in awhile.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.