Announcement: Need a free practice exam or an interactive mocks material for a Microsoft certification? Click here to use the MS Forms I've created previously.
DLP Policy not blocking SSN number only
November 13, 2019 | by iaur | posted as Exchange Online, Protection
Scenario
Unable to block emails containing SSN number only.
Cause
With how DLP works it requires the SSN and the Keyword.
Sensitive Information Types: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/data-loss-prevention/sensitive-information-types?view=exchserver-2019
Steps on how to automatically reject/block sensitive data patterns (SSN)
- Go to “Office 365 Admin Center” then choose “Admin Centers”
- Select “Exchange” and in the Exchange Admin Center go to “mail flow“
- Under “rules” click on “+” to add a rule (create a new rule)
- You can name the rule any name you want (sample Block SSN Data)
- In *Apply this rule if – select “The recipient is located…” then select Outside the organization
- Click “add condition” – select “The subject or body matches…” then enter this pattern \d\d\d-\d\d-\d\d\d\d (US-SSN patter
- Under *Do the follow.. – if you’d like to block this message select “Reject the message with the explanation” – then you can type in any reason you want to be disclosed.
- Optional – if you’d like the admin to be informed of the incident you can select – “Generate incident report and send it to…” – set the recipient who will receive the report and manage the content “you can select all“.
- Set priority to 0
- Set Audit this rule with severity level: “High“
- Choose “Enforce” for the mode of this rule.
- Then “Save“
References
https://www.itpromentor.com/dlp-fine-print/