Understanding the challenge
When implementing a Data Loss Prevention (DLP) policy in Microsoft Purview, it is essential to adopt a phased approach to ensure its effective deployment. The initial step should involve activating “Simulation Mode,” which facilitates the assessment of potential user impact before the policy is fully enforced. This preliminary stage enables precise adjustments and fine-tuning of the policy, ensuring it aligns with organisational requirements. Following these refinements, a second round of simulation should be conducted to validate the changes and confirm the policy’s readiness for implementation.
The subsequent step involves enabling the policy with the use of “Policy Tips”. These tips effectively inform end-users about their actions, outline potential consequences, and suggest more appropriate alternatives, thereby promoting compliance and awareness. While this approach is often sufficient, the next logical progression, though not always necessary, may involve implementing “blocking actions.” Recognising that such measures can be perceived as intrusive by end-users, Microsoft Purview provides a balanced alternative: “Blocking with a possibility to override,” commonly referred to as “Soft Blocking.” This option allows users to proceed with their actions under specific conditions, offering a flexible yet controlled approach to policy enforcement.
This blog article is dedicated to providing a comprehensive overview of the various configuration options available for this intriguing feature.
Please note that this applies exclusively to the sharing of sensitive information via email, whether in the message content or as an attachment. Built-in options are available for other sharing methods.
Initiating the process: Crafting a customised pop-up dialogue
Our first objective is to produce a perfectly formatted JSON file that accurately enumerates the required options.
Ensure the following:
- The file is UTF-8 encoded
- The content is plain text
- No comments are included
- You can choose to tailor your oversharing dialog with a customized title, body, option, and dynamic variables like %%MatchedRecipientsList%%, and justification options, like in the example below (The keys are all case sensitive). You can configure up to three justification options (with the additional flexibility of including a free-text input option), each limited to 100 characters.
As an example this file:
Will give this result:
Next, create or access a Data Loss Prevention (DLP) policy configured to target Exchange and enabled to utilise policy tips.
Upload the JSON file using the dedicated option displayed
Alternatively, use PowerShell
$content = Get-Content “path to the JSON file” -Encoding utf8| Out-String
New/Set-DlpComplianceRule -Name <Rule_name> -Policy <Policy_name> -NotifyPolicyTipCustomDialog $content -NotifyPolicyTipDisplayOption Dialog
When the cmdlet is executed, validation checks are performed on the content. For manual uploads, validation occurs during the policy submission process.
Did you know?
- The oversharing dialog is available for Online E5 users with connected experience enabled (Outlook desktop client only).
- You can opt to use the same pop-up configuration in multiple languages (user context) within the same JSON file.
- Each time a user provides a justification, an event is logged in the Activity Explorer, capturing and listing all relevant metadata associated with the transaction.
Consider exploring some selected intriguing options
Explicit acknowledge
Ticking this additional box:
Results in:
Acknowledgement required before «Override» button becomes selectable
Wait on Send dialog support for Oversharing for Outlook for Microsoft 365
Once the Oversharing dialog has been configured, you may optionally enable the Wait on Send dialog feature by utilizing the dlpwaitonsendtimeout Registry key (DWORD value). This configuration should be applied across all devices where it is essential to ensure that sensitive emails undergo evaluation in accordance with your Data Loss Prevention (DLP) policies prior to being sent.
Feel free to contact us at contact@infotechtion.com if you need any help configuring similar scenarios.
