search cancel

You are wondering why an Encrypted Email was not detected by DLP

book

Article ID: 240057

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email

Issue/Introduction

When an encrypted message is sent by a third-party O365 tenant (outside of your org) for which the DLP Cloud Service does not have a decryption key, if this encrypted message is read by an employee who then replies to the message, their response will not be decrypted or blocked by DLP even though it is outbound from your O365 tenant.

 

Cause

This is a known limitation at present as the DLP integration with O365 does NOT have a encryption key to the third party tenant it is not able to decrypt the message content and there inspect the message for sensitive content.

Resolution

We are currently exploring possible solutions to address this technical limitation including blocking content which we cannot decrypt, however we do not have an ETA for this functionality and there is no workaround available at this time.