Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions. The sender's specified properties match these text patternsĬondition: SenderADAttributeMatchesPatternsĮxception: ExceptIfSenderADAttributeMatchesPatterns Messages where the specified Active Directory attribute of the sender contains any of the specified words. The sender's specified properties include any of these wordsĬondition: SenderADAttributeContainsWordsĮxception: ExceptIfSenderADAttributeContainsWords Messages that are sent by either internal or external senders. If you need to find sender domains that contain the specified domain (for example, any subdomain of a domain), use The sender address matches( FromAddressMatchesPatterns) condition and specify the domain by using the syntax: '.$'. Messages where the domain of the sender's email address matches the specified value. Messages where the sender's email address contains text patterns that match the specified regular expressions. Messages that contain the specified words in the sender's email address.Įxception: ExceptFromAddressMatchesPatterns Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range.Įxception: ExceptIfFromAddressContainsWords Messages that are sent by a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group. Messages that are sent by the specified mailboxes, mail users, mail contacts, or Microsoft 365 groups in the organization. Header or envelope ( HeaderOrEnvelope) Examine senders in the message header and the message envelope.Ĭondition/exception parameters in Security & Compliance PowerShell This is the default value.Įnvelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field). Header: Only examine senders in the message headers (for example, the From, Sender, or Reply-To fields). To configure the sender address location at a DLP rule level, the parameter is SenderAddressLocation. To set tenant DLP policy configuration to evaluate the sender address from the Envelope across all rules, you can run the following command: Set-Polic圜onfig -SenderAddressLocation Envelope By default, DLP rules use the Header address as the sender address.Īt the tenant level, you can configure a sender address location to be used across all rules, unless overridden by a single rule. If you use the sender address as a condition the actual field where the value is looked for varies depending on the sender address location configured. The tables in the following sections describe the conditions and exceptions that are available in DLP. Learn details about signing up and trial terms. Start now at the Microsoft Purview compliance portal trials hub. If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. For example, when the DLP policy rule redirects a message, you need to specify where the message is redirected to. For example, the Attachment is password protected condition simply looks for attachments in messages that are password protected.Īctions typically require additional properties. Some conditions or exceptions don't have any properties. For example, the A message header includes any of these words condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. For example, if the DLP policy is being applied to Exchange emails, the The sender is condition requires the sender of the message. Most conditions have one property that supports one or more values. Actions define what happens as a consequence of condition being met.Actions define what happens as a consequence of a condition of exception being met. Conditions in Microsoft Purview Data Loss Prevention (DLP) policies identify sensitive items that the policy is applied to.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |