• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 36
  • Last Modified:

Exchange 365, DLP, Confidential Information, and Policy Tips

Good Morning, Experts!

We utilize Exchange 365. We would like to set a rule that will stop users from sending emails with specific text strings in either the Body, Subject, or Attachment Content to an external recipient. While setting up a basic Mail  Flow or DLP rule would be easy, we want to utilize behavior that will first warn the user that they are about to send an email with sensitive content, then allow them to send the message, with proper business justification.

I have worked with DLP to try and setup this rule. However, for the behavior I want (warning, then allow with justification) I think that Policy Tips would be the best (if not only) answer, since this allows the EXACT behavior we want. The problem is, Policy Tips are EXTREMELY limited on what information can be used.

In my example above (check Subject, Body, and Attachments for text strings, then notify user that email is sensitive before they can send, and allow with justification), the following error occurs:

"The NotifySender action isn't compatible with 'SubjectOrBodyMatches' predicate."

I wanted to see what the Experts out there thought. I do not see any possible way to use Policy Tips based on the criteria outlined. If there is an alternative to Policy Tips that would allow the emails to be blocked, then released with justification (and preferably with the Generate Incident Report action) I would be game.

Thanks in advance!
  • 3
2 Solutions
timgreen7077Exchange EngineerCommented:
Not sure about alerting the user about this via Exchange rules, but you can have the mail forwarded the user's manager for approval or to someone else for approval before the email is sent out.
WoodraxAuthor Commented:
I had thought about the mail forwarding and release, but a lot of the information that would trip this type of rule is extremely time sensitive, so that solution is out. We utilize similar rules for incoming emails that match certain criteria, and have seen delays of hours while waiting for managers to release the messages.
timgreen7077Exchange EngineerCommented:
yeah I understand what you mean. other than that, that's the only solution I can think of.
CodeTwo SoftwareSoftware DeveloperCommented:
Hi Woodrax,
Although it will not be a perfect solution, you could use mail flow rules to block the message with an explanation "This email contains sensitive data."
Then, in the rule's exceptions, insert the condition "if the subject or body includes #bypass-policy"
In such a scenario, users would be able to use the specific keyword to bypass the mail-flow rule. You could add the keyword to the explanation mentioned before.
More of a workaround than a solution, but Exchange management is like that, sometimes.
timgreen7077Exchange EngineerCommented:
Answered author question. Closing question unless author reopens still requiring assitance.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now