DLP Policy Exceptions define when an event, message, or document should be ignored by the policy. Exceptions use the same rule types as the Rules section of the policy, and can be combined with Boolean Logic using Rule Groups. But, Rule Groups used as exceptions do not have associated Severity levels.
You can also add an exclusion to the exception policy, or a whitelist, using a predefined dictionary of data identifiers, or you can manually exclude specific data identifiers.
To add an exception to a policy:
- Go to Policy > DLP Policies.
- Click Actions > Create New Policy.
- Under Exceptions, select an exception type from the list. (The types available are the same as those listed in DLP Policy Rules and Rule Groups.)
- Enter any specific filters for your exception type, such as Location, Match Count, or Keyword validation.
- Click the pencil icon to add any data identifiers to exclude from this policy.
- Select a predefined dictionary of data identifiers.
- Manually exclude specific data identifiers by entering them in a comma-separated list in the provided field. There is a limit of 1,000 characters.
- Click Save.
- Click Add Exception Group.