Create an Email DLP Policy that Combines Content and Recipient Domains
In this example, create a policy designed to detect specific keywords in documents attached to emails sent to external domains. This policy will include an exception whereby emails sent within the company will not trigger a violation.
As a policy administrator for Skyhigh CASB Email Data Loss Prevention (DLP), you aim to establish a policy that identifies sensitive content in outbound emails, but only when these emails are directed to external recipients. Additionally, you would like to maintain an allow list of recipient email domains, which will enable you to exempt certain domains from this policy.
To create an Email DLP Policy that combines content and recipient domains:
- Go to Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy.
- On the Description page, enter a name, description, and deployment type. For Services, select Microsoft Exchange Online. Then select the users the policy will apply to.
- On the Rules page, add the following:
In this example, we are using multiple Keywords like "Confidential", "Proprietary", and "Internal Use Only".
NOTE: For the From field, use Match Any. For the To field, use Match All.
- Set the exception the same way, except in the To field, add the domains from your company.
- On the Responses page, enter any responses.
- Click Save.
Enable the Policy
Create an ODS Scan to scan emails that have been sent to external recipients for specific users, or enable this policy for Email DLP (Passive) or Email DLP (Active).