Sanctioned DLP policies can detect a keyword or tag in the metadata or content of a document and /or the header or body of an email to enforce policies around classified data. Email recipients and subject lines are included in the header. Email attachments will follow the policies set for files.
A few items to note:
- Headers and footers from Microsoft Office documents are extracted as content and are scanned as content, not metadata.
- If header/metadata is selected, it's applied to all attachments to email as well. For instance, if the email has a file attachment, its metadata is scanned, and the header of attachments are scanned. The setting is recursive for both files and emails.
- You can define the policy by either keywords or regular expressions.
To create a DLP policy based on Metadata:
- Choose Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy, or select an existing policy in the list to edit it.
- On the Description page, enter a name, description, deployment type, select services and users.
- On the Rules page, add a rule, then make a selection from the Location menu. You can also choose All.
- Add any exceptions and responses.
- Click Save.