Create an Email DLP Policy that Combines Content and Recipient Domains

Last updated
Save as PDF

In this example, create a policy that is used to detect keywords in documents within email attachments, which are sent to external email domains. There is also an exception added if the email is sent within the company. In this case, no violation should be triggered.

The use case is, as a policy administrator for Skyhigh CASB Email DLP, you want to create a policy that detects certain, sensitive, content in outbound emails, but only if these emails are sent to external recipients. You also want to keep an allow list of email domains for the recipient, which allows me to disable the policy for specific recipient domains.

To create an Email DLP Policy that combines content and recipient domains:

Choose Policy > DLP Policies.
Click Actions > Sanctioned Policy > Create New Policy.
On the Description page, enter a name, description, and deployment type. For Services, select Microsoft Exchange Online. Then select the users the policy will apply to.
On the Rules page, add the following:

In this example, we are using multiple Keywords like "Confidential", "Proprietary" and "Internal Use Only".

NOTE: For the From field, use Match Any. For the To field, use Match All.

Set the exception the same way, except the To field, add the domains from your company.

On the Responses page, enter any responses.
Click Save.

Enable the Policy

Create an ODS Scan to scan emails that have been sent to external recipients for specific users, or enable this policy for Email DLP (Passive) or Email DLP (Active).