![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
9,701 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Thanks for the question!
To configure advanced DLP rules in M365:
**Create DLP Policy**
• At the source, go to **Microsoft 365 Compliance Center > Data Loss Prevention > Create a policy**.
• Select **Custom policy** and choose locations (Exchange, SharePoint, etc.).
**Define Sensitive Info Type with Regex**
• In the policy, create a **Custom Sensitive Info Type**.
• Use the regex pattern to define what data you want to detect (e.g., AB\d{8} for account numbers).
• Set **Confidence Levels** for accuracy.
**Set Exclusions**
• Under **Except when**, define exclusions like:
o **Recipient domain** (e.g., exclude certain domains within internal tenants).
o **Sender domain** or specific users/groups.
**Configure Actions**
• Choose actions such as **block**, **restrict**, or **notify** based on the policy triggers.
**Test and Deploy**
• Test the policy using **simulation mode** to ensure accuracy.
• Review **DLP reports**, fine-tune if needed, then deploy.
Tuned policy will block or monitor sensitive data transmission between internal tenants, with necessary exclusions applied.
DLP policies will need to be deployed within **both** source tenants.