When configuring a DLP Policy, administrators can define both Detection Rules (content/context-based conditions) and Group Rules (identity-based conditions). A common question is:
In what order are these rules processed when a message is evaluated?

The system processes rules in the following order:

1. Group Rules

   • If Group Rules are set → the system first checks whether the sender or recipient belongs to those groups.

   • If there is no match → the policy does not apply, and Detection Rules are skipped.

2. Detection Rules

   • If the user matched the Group Rules, or if no Group Rules are configured → the system then checks the Detection Rules (message content, keywords, file types, etc.).

   • If a Detection Rule matches → the policy action is applied.