question

NathanValentine-6416 avatar image
0 Votes"
NathanValentine-6416 asked NathanValentine-6416 commented

Does DLP have OCR capabilities and can it be bypassed for encrypted attachments?

I'm reaching here, but I figured I'd ask ...

I'm trying to setup DLP for a client (a financial institution) who certainly needs to protect sensitive information. However, there are some specifics that need to be considered and I'm not sure how to approach them.

Right now, the OOTB DLP policies do a fantastic job of recognizing plain text information throughout an email and it's attachments, though it doesn't recognize that info in images. Also, my client isn't as interested in flagging sensitive information in attachments because there is already an encrypt rule in Exchange for every email with an attachment going to external addresses. Also, some users use the Citrix ShareFile Outlook add-in and those attachments don't seem to be scanned by DLP (the OME must be added after the email is sent, if DLP is designed not to scan an encrypted attachment ... or maybe DLP just can't see the ShareFile-specific attachments?). Lastly, it would be nice to only encrypt emails with attachments, if sensitive data is recognized, which is possible I know, but if DLP doesn't have OCR capabilities to "see" that info on images, the Exchange Rule wouldn't meet the compliance requirement to prevent the leak of sensitive information.

So, in an effort to unpack all this:
- Are there OCR capabilities to scan images somewhere in the DLP framework, which I'm overlooking?
- Is there a way to avoid flagging senders for including sensitive information in an attachment, if it's tagged for encryption by an Exchange Rule?
- Why isn't sensitive information in a Citrix ShareFile attachment flagged?

office-exchange-server-administrationoffice-exchange-online-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Adding right tags/teams to look at this

0 Votes 0 ·

1 Answer

YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered NathanValentine-6416 commented

Hi @NathanValentine-6416,

Are there OCR capabilities to scan images somewhere in the DLP framework, which I'm overlooking?

To the best of my knowledge, no, DLP is not capable of OCR.
As we know, DLP policies are made up of mail flow rules. According to the Supported file types for mail flow rule content inspection, there's no optical character recognition:
96090-1.jpg


Is there a way to avoid flagging senders for including sensitive information in an attachment, if it's tagged for encryption by an Exchange Rule?

Normally we would use the rule exceptions to exclude certain messages from being inspected. But going through the attachment-related rule exceptions, it seems that there's no option available which can meet this requirement.

-Why isn't sensitive information in a Citrix ShareFile attachment flagged?

As I am not familar with Citrix ShareFile and don't have a Citrix ShareFile Outlook add-in to test in my lab, I tried searching around but found little information stating if Citrix ShareFile attachment is supported by DLP. Given this, personally I'd recommend trying to contact Citrix ShareFile as well to confirm whether other users have encoutered similar circumstances.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1.jpg (12.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @NathanValentine-6416,

I am following up to confirm if you have any further concerns or questions.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Thank you for responding, YukiSun. I apologize for my super delayed response.

0 Votes 0 ·