Forum Discussion
Inconsistent application of DLP policies
Trying to test the application of DLP policies on our tenant and seeing very inconsistent results.
I have testing files, and am also testing in the email body.
The only SIT that the policy seems to correctly identify and provide the tooltip with override is the txt file with test CC numbers. It will also properly alert if CC numbers are in the body of the email. It will not alert on CC numbers in the xlsx.
It won't alert on any of the other SITs, in either txt, xlsx or email body.
The alert, when it fires, looks correct. In some cases it seems the policy is blocking the content going out, but not giving the user prompt. In other cases it doesn't seem to recognize the SIT.
Policy rule is SIT's shared from Exchange to external user.
Prathista IlangoMicrosoft
Hello BillT,
I am testing the scenario as well and would like to share what I am noticing. Alerting could be missed if the actual words like "credit card" is not present in the message or attachment but it should still block from sending to the external user.
Could you share more details on if there is a scenario where it is not alerting as well as not blocking any of these sensitive info types and external user was able to receive the message? If yes, what is the specific sensitive info type that is not blocked?
Another thing you can check is, for the respective sensitive info type, was there any matches reported? You can check this from DLP -> Classifiers -> Sensitive Info Types -> click on the respective SIT, for example, Credit Card Number -> Matched Items.Please note that you should have the below role group access in purview to view this,
- Content Explorer List Viewer. This role group allows you to view the list of locations and list of items in those locations.
- Content Explorer Content Viewer. This role group allows you to view the source content for each item.
