A custom data loss prevention (DLP) policy allows you to establish conditions, rules, and actions that can help meet the specific needs of your organization, and which may not be covered in one of the pre-existing DLP templates.
The rule conditions that are available to you in a single policy include all the traditional mail flow rules (also known as transport rules) in addition to the sensitive information types presented in Sensitive Information Types Inventory. For more information about mail flow rules, see Mail flow rules (transport rules) in Exchange Online.
You should enable your DLP policies in test mode before running them in your production environment. During such tests, it is recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results. for more information about testing, see Test a mail flow rule.
What do you need to know before you begin?
Estimated time to complete: 60 minutes
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Data loss prevention (DLP)" entry in the Messaging policy and compliance permissions topic.
In order to create a new custom DLP policy, you must follow the installation instructions for Exchange Server. For more information about deployment, see Planning and Deployment.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts for the Exchange admin center.
Due to the variances in customer environments and content match requirements, Microsoft Support cannot assist in providing custom content matching definitions; e.g., defining Custom Classifications and/or Regular Expression patterns ("RegEx"). For custom content matching development, testing, and debugging, Office 365 customers will need to rely upon internal IT resources, or use an external consulting resource such as Microsoft Consulting Services (MCS). Support engineers can provide limited support for the feature, but cannot provide assurances that any custom content matching development will fulfill the customer's requirements or obligations. As an example of the type of support which can be provided, sample regular expression patterns may be provided for testing purposes. Or support can assist with troubleshooting an existing RegEx pattern which is not triggering as expected with a single specific content example.
For additional information on the .NET regex engine which is used for processing the text, see https://docs.microsoft.com/dotnet/standard/base-types/regular-expressions.
Create a custom DLP policy
Use the EAC to create a custom DLP policy without any existing rules
In the EAC, navigate to Compliance management > Data loss prevention. Any existing policies that you have configured are shown in a list.
Click the arrow that is beside the Add icon, and select New custom policy.
If you click Add icon instead of the arrow, you will create a new policy based on a template. For more information about using templates, see Create a DLP policy from a template.
On the New custom policy page, complete the following fields:
Name: Add a name that will distinguish this policy from others.
Description: Add an optional description that summarizes this policy.
Choose a state: Select the mode or state for this policy. The new policy is not fully enabled until you specify that it should be. The default mode for a policy is test without notifications.
Click Save to finish creating the new policy reference information. The policy is added to the list of all policies that you have configured, although there are not yet any rules or actions associated with this new custom policy.
Double-click the policy that you just created or select it and click Edit .
On the Edit DLP policy page, click Rules.
Click Add to add a new blank rule. You can establish conditions using all the traditional mail flow rules in addition to the sensitive information types.
In order to avoid confusion, supply a unique name for each part of your policy or rule when you have the option to provide your own character string. There are several options additional options available to you:
Click the arrow that is beside the Add icon to add a rule about sender notification or allowing overrides.
To remove a rule, highlight the rule and click Delete .
Click More options to add additional conditions and actions for this rule including time-bound limits of enforcement or effects on other rules in this policy.
Click Save to finish modifying the policy and save your changes.
DLP policy templates are one type of feature Microsoft Exchange that can help you design and apply a robust policy and compliance system for your messaging environment. For more information about compliance features, see Messaging Policy and Compliance (Exchange 2016) or Security and compliance for Exchange Online.
For more information
Mail flow rules in Exchange Server Exchange 2016
Mail flow rules (transport rules) in Exchange Online Exchange Online