Exclude email accounts from DLP policies
We would like to setup a DLP policy to prevent emails being sent containing NI/SSN information, with the option for users to override. However, we use Zendesk for client tickets which, when picked up in the policy, the override is seen by Zendesk as a auto-response and suspends the ticket.
We tried to exclude email accounts related to Zendesk but it appears the options were only visible because we were setup for First Release content and the ability to exclude emails should not be possible.
Please could this be added so that specific email accounts can be excluded from the DLP policies?
Jaimie W commented
We also need to be able on rules to exclude specific automated accounts that we know and allow to send the data types for business reasons.
We are also seeing events on postmaster emails which we would like to exclude since it normally comes out to a duplicate event on the original email.
We just upgraded our Exchange licenses to enterprise in order to implement policy tips, only it is worthless since alert notifications can't be combined with any exceptions in the same policy! What good is a product if a custom mailflow can't be established.
This seems like a basic feature of any DLP system. Why has the feature not been investigated / evaluated as of yet? Should be simple enough to exclude a sender from a particular policy.
We have a lot of false positives on the default postmaster address as a sender, which does not have mailbox. mails containing Undeliverable and X-Microsoft-Antispam-Untrusted are being seen as a DLP policy hit on the default GDPR rules ... there are really far to much false positives and no tools to filter those out. Kind of a sucky experience.
In general I find the 'wizard system' to be poorly designed, they require far to much clicking and waiting. Overall I am not fond of Security and Compliance Centers, where is the responsiveness, where is the speed??? It's like going back 10 year
Similar comment as Bernard. We have accounting personnel that send out invoices that include all our banking/payment info so we can get paid. Similarly, they receive banking details from individuals we need to pay.
I see the option is available from PS, it's just currently 'reserved for internal MS use'.
Bernard Welmers commented
I am likely going to turn off DLP at this point because I can not exclude our Accounts Payable/Receivable mailboxes. These people constantly get emails that include bank accounts and need to receive them as part of their role.
Marcus Herrmann commented
I have already evaluated using 365 DLP and found the same lack of functionality. Not all e-mail senders are human beings, and most of these non-human senders cannot override and/or acknowledge a DLP policy.
It is really difficult to manage DLP policies without being able to exclude senders who generate false positives.
Example: In some countries, some document numbers may raise a false positive as being credit card numbers, and if such numbers are automatically generated, there is no way to allow this sender to override the policy.
Could you please consider this exception? It looks odd that other DLP components allow for a admin-exclusion, while e-mail doesn't.
This existed about a month ago and now the option to exclude mailboxes has disappeared. Is there any update on this?