For Data Exposure via Securlet policy - when we try to exclude a domain for example:
abc.<example>.com we still receive alerts for xyz.abc.<example>.com.
Shouldn't it work for all sub-domains? Is there a way for a wildcard?
Working as Designed
Policy needs to identify the violator and uses the complete email address which includes full explicit subdomain for identification purposes.
Complete explicit sub-domains also apply for identifying internal versus external users for vendor apps like O365 - so it is not confined to this one data exposure policy type.