• ExchangeMaster

DLP "Bypass" in O365

Updated: Apr 20

Quick post, this time. I've discovered recently that a Microsoft DLP policy which includes a rule to scan for credit card numbers, will "pass" an email which includes card numbers separated from correlated expiration dates by even a single Unicode character. I consider this a false negative.

You can test this by selecting some example card data from any of a number of web sites, interspersing for example "‡" between the card number and the expiration date, then sending a message with the data. The closest thing to a fix for this, for now, would be to lower the confidence level in the DLP rule down to perhaps 40% or 50% confidence. This will create more false positives, which may be of less concern to your customers than a false negative. Presumably this bypass also would be effective in SharePoint, OneDrive, and Teams, as they use the same sensitive info type.

#Office365 #DLP

356 views0 comments

Recent Posts

See All

O365 UsageLocation & Country Codes

Recently I needed a quick script to set the two-letter O365 country codes, while my only source for the setting was the three-letter codes in a given AD forest. This presented a problem, because O365

Office 365 Outlook 2007 Compatibility

If your customers have been hedging on Office versions, here's the answer to the question, "How long can we leverage our Office 2007 investment?" A: 31-Oct-2017. That's not the end of the story, thoug