Skip to main content
McAfee MVISION Cloud

Email DLP Policy that Combines Content and Recipient Domains

In this example, create a policy that is used to detect keywords in documents within email attachments, which are sent to external email domains. There is also an exception added if the email is sent within the company. In this case, no violation should be triggered. 

The use case is, as a policy administrator for MVISION Cloud Email DLP, I want to create a policy that detects certain, sensitive, content in outbound emails, but only if these emails are sent to external recipients. I also want to keep a list of whitelisted email domains for the recipient, which allows me to disable the policy for specific recipient domains.

To create an Email DLP Policy that combines content and recipient domains:

  1. Choose Policy > DLP Policies.
  2. Click Actions > Create New Policy
  3. Add the following ruleset:

2018-01-11_08-06-17b.png In this example, we are using multiple Keywords like "Confidential", "Proprietary" and "Internal Use Only".

NOTE: For the From field, use Match Any.  For the To field, use Match All.               
2018-01-11_09-00-31c.png

 

  1. Set the exception the same way, except the To field, add the domains from your company.

2018-01-11_10-03-15b.png

  1. Assign Microsoft Exchange Online as the Service for this policy.

2018-01-11_10-15-05b.png

 

Enable the Policy

Create an ODS Scan for scanning emails that have been sent to external recipients for specific users, or enable this policy for Email DLP (Passive) or Email DLP (Active).

  • Was this article helpful?