After configuring Exchange Online (O365) to pass messages through DLP Cloud Detection Server e-mail recall function stops working
Article ID: 369278
Updated On:
Products
Issue/Introduction
After enabling connectors and the associated transport rule to pass e-mails through DLP Cloud Detection Server for content inspection the e-mail recall function may stop functioning. The recall may fail with the following error message:
"Messages to recipients outside your organization or on-premises can't be recalled"
Cause
This comes down to the fact that the recall message is passed through detection along with all other e-mails. This is due to the fact that the outbound connector is configured to pass the messages to "partner org" and when the recall message leaves the organization this way it is not accepted by Exchange online properly. In consequence the e-mail is not recalled.
Resolution
This issue can be mitigated by creating an exception in the transport rule responsible for passing messages to DLP in Exchange online admin center. Each recall message contains a specific x-header:
x-ms-exchange-recallreportgenerated: true
It can be used to create an exception in the transport rule along with the already existing exception that prevents loops in reflecting mode, or alone in the forwarding mode as it does not require any other exceptions. The below screenshot shows an example exception configured in the forwarding mode, so it is the only exception in the transport rule.
This will avoid passing the recall message through CDS which will bypass it thanks to the configured exception.
Additional Information
Note that the headers applies by Exchange online may be subject to change.
Feedback
