I have Exchange hybrid environment with Exchange 2016 on-premise server and some users are in O365 and some are on-premise. I do have E3 license and would like to implement office 365 DLP such as sensitivity labeling or blocking sending email with confidential information/apply watermark.
I know that office 365 users will not have any issue with the DLP since both are in cloud, but how about on-premise Exchange server? Do we need to do anything in on-premises Exchange server? What I can see from Microsoft article is only the on-premise user sending emails to on-premise user will not have DLP apply.
So in this case, what we need to do is assign a license to the on-premise user and straight away create the DLP policy in office 365 and they should take effect from there? On-premise users sending out email externally the DLP policy will apply?