-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues Checking Multiple Defender DLP Policies #22
Comments
Thanks for reporting this. We will look into it how to fix. |
Need to verify if the assumption that all policies are active and the result is the aggregated logical AND of all those policies or not. |
Data Loss Prevention policy reference - Microsoft Purview (compliance) | Microsoft Learn<https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide#the-priority-by-which-rules-are-processed>
All the rules are active and they are processed in priority order. If the data is not stopped by the highest priority policy then it moves to the next and so on.
|
While the DLP capability allows for processing and evaluating multiple policies in the specified order, the baseline states that "a custom policy" shall be configured. So the requirement being assessed is that a single custom policy contains one or more rules with ALL sensitive info types present. The bug stated above, as I understand it, and please correct me if I'm wrong, is that the test scenario splits the sensitive info types across two different policies. In the case above, I'd evaluate the assessment result as a fail on MS.DEFENDER.4.1v1 as neither has a set of rules that contain the 3 minimum info types (SSN, PII, TIN). As such, I believe the upcoming release addresses this issue by resolving the false positive and that this item can be closed. |
馃悰 Summary
A tenant with 2 DLP policies was tested. The DLP policies are set for 1 for Teams and 1 for devices. The Teams policy is checking for PII, credit cards, and UK passports. The Device policy only checks for credit cards. The output of the script states that the requirement for PII is met, but not all policies are checking for PII. The script needs to be modified to iterate through the policies and provide the correct output for policies that do not meet the requirement.
The text was updated successfully, but these errors were encountered: