Policy Tip Support for Rules with Sender/Domain Filtering
Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.
The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."
We'd like to see this action supported so we can configure our rules based on our business requirements.
I am curious about this capability and the DLP protection offered under protection.office.com admin console. They seem to offer the same service (except Protection also can apply to SharePoint, Teams, etc.). I attempted to set up a similar DLP in Protection like the one in the Exchange Admin service. It notified me of the password protected attachment I sent, but it still allowed it to go on through even though I specified that it was supposed to be stopped. Microsoft needs to address this as my management would like to implement this capability that the portal.office.com Exchange admin console offers.
Yes would like to be able to exclude DLP rules for organizations we have specific TLS encryption rules already in please between both companies.
Alf-Ivar Holm commented
By the way, the filtering I'm looking for, if unclear in my first commnet, is Recipient domain. I assume though that that should be easy to implement when support for Policy Tip with Sender domain filtering is implemented.
Alf-Ivar Holm commented
In Exchange Online DLP there is another option: "Recipient is located ..." "in an external non-partner organization", but trying to use that gives the error message "ExternalNonPartner is not valid for data center environment.", so that can't be used either. Using domains and/or unique email addresses is anyway more flexible, as different rules can use different lists of partners for exclusion. (Note: there are now 49 conditions that are not supported when using Policy Tip, 1 is mandatory ("The message ..." "contains any of these type of sensitive information"), and 5 are supported, but optional.)
I would also like to see this implemented for Unified DLP, not only Exchange DLP; as far as I can see, the only option now for Unified DLP is to trigger on either inside or outside the organisation. I would therefore like to see some of the other conditions ported to Unified DLP as well, even though I see that some of them may be covered if document attributes is used - i.e. that FCI is implemented.
I agree. Policy tips are great for making users aware of data when your organization has not yet made it to block mode or when match count thresholds do not meet blocking rules. This is certainly important when you have several domains on one tenant but only want DLP enabled on selected domains.