Announcement: Need a free practice exam or an interactive mocks material for a Microsoft certification? Click here to use the MS Forms I've created previously.

DLP Policy not blocking SSN number only

November 13, 2019 | by iaur | posted as Exchange Online, Protection


Unable to block emails containing SSN number only.


With how DLP works it requires the SSN and the Keyword.

Sensitive Information Types:

Steps on how to automatically reject/block sensitive data patterns (SSN)

  1. Go to “Office 365 Admin Center” then choose “Admin Centers” 
  2. Select “Exchange” and in the Exchange Admin Center go to “mail flow
  3. Under “rules” click on “+” to add a rule (create a new rule)
  4. You can name the rule any name you want (sample Block SSN Data)
  5. In *Apply this rule if – select “The recipient is located…” then select Outside the organization
  6. Click “add condition” – select “The subject or body matches…” then enter this pattern \d\d\d-\d\d-\d\d\d\d (US-SSN patter
  7. Under *Do the follow.. – if you’d like to block this message select “Reject the message with the explanation” – then you can type in any reason you want to be disclosed.
  8. Optional – if you’d like the admin to be informed of the incident you can select – “Generate incident report and send it to…”  – set the recipient who will receive the report and manage the content “you can select all“.
  9. Set priority to 0
  10. Set Audit this rule with severity level: “High
  11. Choose “Enforce” for the mode of this rule.
  12. Then “Save


Feedback or Help?

Should you have one, click here

Feeling grateful?

Boring Ads. Pardon me :)