Monitoring for encrypted email attachments DLP does not detect that an attachment is encrypted, thus no incident is generated.
We have different encryption formats selected, but in doing some testing for Office 2016 (Word, Excel, PowerPoint) they aren't detected with these legacy formats.
File type is detected as Encrypted Office Open XML and not one of the three Microsoft file types:
This behavior is by design. DLP is not able to open and inspect password protected\encrypted files or attachments. When seeking to detect on encrypted or password protected Microsoft Office documents (Word, PowerPoint, Excel) use the Encrypted Office Open XML Encryption Format. Using this format provides desired results for the Message Attachment or File Type Match Detection Rule.