Good Morning, Experts!
We utilize Exchange 365. We would like to set a rule that will stop users from sending emails with specific text strings in either the Body, Subject, or Attachment Content to an external recipient. While setting up a basic Mail Flow or DLP rule would be easy, we want to utilize behavior that will first warn the user that they are about to send an email with sensitive content, then allow them to send the message, with proper business justification.
I have worked with DLP to try and setup this rule. However, for the behavior I want (warning, then allow with justification) I think that Policy Tips would be the best (if not only) answer, since this allows the EXACT behavior we want. The problem is, Policy Tips are EXTREMELY limited on what information can be used.
In my example above (check Subject, Body, and Attachments for text strings, then notify user that email is sensitive before they can send, and allow with justification), the following error occurs:
"The NotifySender action isn't compatible with 'SubjectOrBodyMatches' predicate."
I wanted to see what the Experts out there thought. I do not see any possible way to use Policy Tips based on the criteria outlined. If there is an alternative to Policy Tips that would allow the emails to be blocked, then released with justification (and preferably with the Generate Incident Report action) I would be game.
Thanks in advance!