Exchange DLP detection is not working

I have a customer that has "Microsoft 365 E5 Information Protection and Governance" Add-on license, they also have the M365 E3 license. We have setup DLP policies in Exchange to detect Credit car...

BaselFawal

Brass Contributor

May 05, 2023

Hi IsmKay
Actually we discovered that DLP is working for SharePoint, we have set up a DLP policy has the three locations, Exchange, SharePoint and Teams, the DLP detections are working For SharePoint, documents uploaded etc.., not for Exchange emails

There is no detection in Activity explorer for Exchange email send and received that contains the same sensitive info as it is one policy.

So now Exchange DLP is not working all mailboxes are migrated to Exchange online

IsmKay

Copper Contributor

May 05, 2023

Hi BaselFawal

If you've created DLP policies in the Exchange admin center, those policies will continue to work side by side with any policies for email that you create in the Compliance portal. But note that rules created in the Exchange admin center take precedence. All Exchange mail flow rules are processed first, and then the DLP rules from the Compliance portal are processed.

It means:

Messages that are blocked by Exchange mail flow rules won't get scanned by DLP rules created in the Compliance portal.
Messages that are quarantined by Exchange mail flow rules or any other filters run before DLP won't be scanned by DLP.
If an Exchange mail flow rule modifies a message in a way that causes it to match a DLP policy in the Compliance portal, such as adding external users, then the DLP rules will detect it and enforce the policy as needed.

Also note that Exchange mail flow rules that use the "stop processing" action don't affect the processing of DLP rules in the Compliance portal - they'll still be processed.

https://learn.microsoft.com/en-us/microsoft-365/compliance/how-dlp-works-between-admin-centers?view=o365-worldwide

Thanks!

Forum Discussion

Exchange DLP detection is not working

Share

Resources