Policy Tips in Exchange Online

Note

Legacy Exchange Online data loss prevention in the Exchange admin center is in the process of being deprecated. We recommend that you create DLP policies in the Microsoft Purview compliance portal. For more information about this DLP, see Learn about data loss prevention.

  • Starting April 1, 2022, admins will no longer be able to make configuration changes to DLP policies in the classic Exchange admin center. Existing rules will continue to work as-is.
  • Starting August 1, 2022, the DLP policy management experience in the classic Exchange admin center will be retired. Admins will still be able to view the associated rules in read-only mode using the mail flow rule (transport rule) experience.

You can easily migrate your legacy Exchange Online DLP policies using the migration wizard. For more information, see Migrate Exchange Online data loss prevention policies to the Microsoft Purview compliance portal.

Detailed timelines for GCC-H and DoD special clouds will be communicated separately.

You can help to prevent your organization's Outlook, Outlook on the web (formerly known as Outlook Web App), and OWA for Devices email users from inappropriately sending sensitive information by creating data loss prevention (DLP) policies that include Policy Tip notification messages. Similar to MailTips that were introduced in Exchange Server 2010, Policy Tip notification messages are displayed to users in Outlook while they're composing an email message. Policy Tip notification messages only show up if something about the sender's email message seems to violate a DLP policy that you have in place and that policy includes a rule to notify the sender when the conditions that you establish are met.

DLP policies don't differentiate between email message attachments, body text, or subject lines while evaluating messages and the conditions within your policies. For example, if a user creates an email message that includes a credit card number in the body of the message and then attempts to address the message to a recipient outside your organization, then a Policy Tip notification message can be shown to that user in Outlook or Outlook on the web reminding them of your enterprise's expectations for such information. However, this type of notification will only show up if you have configured a DLP policy that restricts the example actions described; in this case adding an external email alias to the header of a message with credit card data. There's a great variety of conditions, actions, and exceptions you can choose from while creating DLP policies. This variety allows you to tailor your data loss prevention efforts in a way that meets your specific organization's needs.

Whether you use the 'notify sender' action or an override action within a rule, we recommend that you also include the condition that the message was sent from within your organization. You can do this by using the policy rules editor to add the following condition: The sender is located... > inside the organization. This is a best practice recommendation because the 'notify sender' action is applied as part of your company's message creation experience. The senders referred to by the action are the authors of messages within your company. The user interaction presented by Policy Tips can't be acted upon by your users for incoming messages and will be ignored when the sender is located outside your organization. You can apply DLP policies to scan incoming messages and take various actions, but when you do this, don't add the notify sender action.

If email senders in your organization who are in the act of composing a message are made aware of your organizational expectations and standards in real time through Policy Tip notifications, then they're less likely to violate standards that your organization wants to enforce.

Note

DLP is a premium feature that requires an Exchange Online Plan 2 subscription. For more information, see Compare Exchange Online Licensing plans.

Default text for Policy Tips and rule options

You have a range of possible options when you add sender notification rules to DLP policies. When you add a rule to notify the sender by using the Notify the sender with a Policy Tip action within a DLP policy, you can choose how restrictive to be. The notification options in the following table are available. For specific information about creating Policy Tips, see Manage policy tips.

Notification rule Meaning Default Policy Tip notification message that Outlook users will see
Notify only Similar to MailTips, this causes an informative Policy Tip notification message about a policy violation. A sender can prevent this type of tip from showing up by using a Policy Tip options dialog box that can be accessed in Outlook. This message may contain sensitive content. All recipients must be authorized to receive this content.
Reject message The message won't be delivered until the condition is no longer present. The sender is provided with an option to indicate that their email message doesn't contain sensitive content. This is also known as a false-positive override. If the sender indicates this, then Outlook will allow the message to leave the outbox so that the user's report may be audited, but Exchange will block the message from being sent. This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
Reject unless false positive override The result with this notification rule is similar to the Reject message notification rule. However, if you select this then Exchange will allow the message to be sent to the intended recipient, instead of blocking the message. Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
After the sender selects an option override: Your feedback will be submitted to your administrator when the message is sent.
Reject unless silent override The message will not be delivered until the condition is no longer present or the sender indicates an override. The sender is provided with an option to indicate that they wish to override the policy. Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
After the sender selects an option override: You have overridden your organization's policy for sensitive content in this message. Your action will be audited by your organization.
Reject unless explicit override The result with this notification rule is similar to the Reject unless silent override notification rule, except that in this case when the sender attempts to override the policy, they're required to provide a justification for overriding the policy. Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
After the sender selects an option override: You have overridden your organization's policy for sensitive content in this message. Your action will be audited by your organization.

Customize your Policy Tip notification messages

To customize the text of a Policy Tip notification that email senders see in their email program, select Manage Policy Tips on the Data Loss Prevention page. In order for any of your custom text to appear, a DLP policy rule must include the Notify the sender with a Policy Tip action. Add the action to a rule by using the DLP rules editor.

For procedures that explain how to create your own Policy Tips, see Manage policy tips. The custom text that you create can replace the default text shown in the previous table.

Policy Tip Notification Actions and Settings Meaning
Notify the sender Your text only appears when a Notify the sender, but allow them to send action is initiated.
Allow the sender to override Your text only appears when the following actions are initiated: Block the message unless it's a false positive, Block the message, but allow the sender to override and send.
Block the message Your text only appears when a Block the message action is initiated.
Link to compliance URL The compliance URL is a link to a web page where you can explain your compliance and override policies. This link is displayed in the Policy Tip when a user clicks the More details link.

For more information

Data loss prevention

Manage policy tips