Setting up DGM as an exception to a policy to prevent false incidents from being generated for Endpoint users
Directory Group Matching is a way to match on large groups of senders and recipients (using lists of e-mail addresses, IP addresses, IM names, usernames). DGM can also be used as inclusion or exception in a policy.
There are a few things that need to be set correctly in order to make DGM exceptions for Endpoint work.
1. If you want to match on usernames there has to be a system field that is set to Windows User.
2. In the file that you upload the username must be displayed with the domain qualifier or machine name first e.g.. DOMAIN\username or MACHINENAME\username.
3. If you do not put a column header of e-mail in the upload file the DGM will not show on the choose Directory EDM list when you setup the exception.
NOTE: EDM, IDM, and DGM detection requires information to be sent to the Endpoint Server for processing. Violations using EDM, IDM, or DGM can not be blocked on the Endpoint. They will be monitored only. Be aware that this will add extra network traffic.
See: KB 42485: What can we detect at the Endpoint in Vontu DLP 8?