DLP policies can detect a keyword or tag in the metadata or content of a document and /or the header or body of an email to enforce policies around classified data. Email recipients and subject lines are included in the header. Email attachments will follow the policies set for files.
A few items to note:
- Headers and footers from Microsoft Office documents are extracted as content and are scanned as content, not metadata.
- If header/metadata is selected, it's applied to all attachments to email as well. For instance, if the email has a file attachment, its metadata is scanned, and the header of attachments are scanned. The setting is recursive for both files and emails.
- You can define the policy by either keywords or regular expressions.
To create a DLP policy based on Metadata:
- Choose Policy > DLP Policies.
- Click Actions > Create New Policy, or select an existing policy in the list to edit it.
- Include or Exclude User Groups.
- Add a Rule, then make a selection from the Location menu. You can also choose All.
- Add any Exception Groups.
- Add an Action under Response.
- Click Save.