Forum Discussion
Solved
DLP Exception for "Permission Controlled" Not Working (Microsoft Purview | RMS Template | Encrypt)
Hello,
We are in the process of moving some of our mail-flow / transport rules over to Microsoft Purview.
We don't want the DLP policy to apply when people click their "Encrypt" or "Do not Forward" buttons (RMS templates; OME encryption.)
Putting "Permission Controlled" in the exceptions group should theoretically let the emails go through. The exception we have for when people put "Encrypt" in the subject line works (we have a mail-flow rule that encrypts those emails.)
But actually clicking "Options" > "Set permissions on this item" > "Encrypt" doesn't remove the policy tip on an email draft, and people are unable to send the emails.
Can someone verify that this rule is constructed properly? If so, we may have to reach out to Microsoft Support. Thank you so much for your time and help!
Okay, we figured out the answer.
It is the "Policy Tip" which is actually blocking the email from being sent -- the reason the exceptions don't remove the Policy-Tip-Blocking action is because the exceptions themselves have conditions which are incompatible with Policy Tips to begin with -- which in this case was the "Message type is."
See the documentation:
https://learn.microsoft.com/en-us/purview/dlp-ol365-win32-policy-tips#conditions-that-support-policy-tips-for-outlook-for-microsoft-365-users
To be able to show the policy tip, there is a workaround: we had to create a 2nd policy which had the policy tip, but didn't contain incompatible conditions or actions (see link.) For that 2nd policy, we just had to leave it in "simulation mode" with policy tips enabled.
That workaround was good enough for us (even though clicking the encrypt button doesn't dismiss the policy tip.)
Okay, we figured out the answer.
It is the "Policy Tip" which is actually blocking the email from being sent -- the reason the exceptions don't remove the Policy-Tip-Blocking action is because the exceptions themselves have conditions which are incompatible with Policy Tips to begin with -- which in this case was the "Message type is."
See the documentation:
https://learn.microsoft.com/en-us/purview/dlp-ol365-win32-policy-tips#conditions-that-support-policy-tips-for-outlook-for-microsoft-365-users
To be able to show the policy tip, there is a workaround: we had to create a 2nd policy which had the policy tip, but didn't contain incompatible conditions or actions (see link.) For that 2nd policy, we just had to leave it in "simulation mode" with policy tips enabled.
That workaround was good enough for us (even though clicking the encrypt button doesn't dismiss the policy tip.)We have same problem. Any new ideas?
Hello JamiSusijärvi , we believe we found the solution (at least in our case.) Our problem was the emails were being blocked by the policy tip, not necessarily the policy itself (see answer.)
Hope that helps.I don't know...every time I try and go through the dialogues on the Microsoft Purview page to submit a support ticket to the Microsoft Purview team, I get this error -- it's not loading the panels correctly:
Refer this on some reference:
Data loss prevention Exchange conditions and actions reference | Microsoft Learn
