troubleshooting Question

Microsoft O365 Data Loss Protection (DLP) policy to block Social Security Number not functioning properly.

Avatar of John Water
John WaterFlag for United States of America asked on
Microsoft 365* DLPSecurity
5 Comments1 Solution28 ViewsLast Modified:
I have set a MS O365 DLP policy to stop Social Security Numbers in email (including sent to or sent from outside and within our company). The policy was fully tested and working properly within the last 10 days. Now I have found the policy will not consistently block the email when the social security number is in the body of the email.
We are using policy tips.
It seems that sometimes SSNs with dashes are identified (policy tips are displayed) and SSNs with no dashes are not identified (no policy tips are displayed). Other times it is the opposite - where SSNs with dashes are not identified (no policy tips) and SSNs with no dashes are identified (policy tips are displayed)
In all these testing the Key word of SSN or Social Security Number is right before the actual number.
When SSN appears in an attachment, either with or without dashes it is identified and policy tips are displayed.

I have also have found the same issues when attempting to send email from outside sender - when SSNs in the body of the email - not blocked and when SSNs in the attachment - are blocked.

We need to be able to block Social Security Numbers from being transmitted in emails.

Does anyone know any options? How has the DLP policies in MS worked for others?I do not see where any DLP data is in the Audit logs. Are there any other locations to provide any information on the DLP activity?
I have see references to use Transport rules for blocking SSN - anyone have any thoughts (positive or negative)?

Thank you
ASKER CERTIFIED SOLUTION
John Water

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros