Share via

Why doesn't my Microsoft Teams DLP Policy Work?

Anonymous
2024-11-15T17:29:29+00:00

About a year and a half ago, I tested a DLP policy to block messages containing credit card numbers in Microsoft Teams chat and it worked perfectly. My organization didn't go through with it because they were worried about impacting the users (which doesn't make sense because they shouldn't transmit cc info over Teams to begin with).

Now, I am being tasked to implement that same DLP policy. I configured and used this Microsoft Documentation as a reference: Data loss prevention and Microsoft Teams | Microsoft Learn. I set the following main criteria:

Rule: PCI Restriction

  • Scope: Teams Chat and Channel Messages - All users & groups
  • Conditions:
    • Content Contains: Sensitive Info Types - Credit Card Number - High Confidence - 1 to Any [AND]
    • Content Contains [NOT]: Sensitive Info Types - Test Credit Card Numbers***** - High Confidence - 1 to Any [AND]
    • Content is Shared from Microsoft 365: Only with people inside my organization
  • Actions: Restrict access or encrypt the content in Microsoft 365 locations****** - Block everyone

*These are just a select few numbers provided by a proprietary system for testing.

**This is the only action available to me with the options to me.

The above rule didn't work initially. It wouldn't block messages in Microsoft Teams containing credit card numbers and instead was alerting my team on files in OneDrive. I eventually deduced that the following is incorrect:

  • Conditions:
    • Content is Shared from Microsoft 365: Only with people inside my organization
  • Actions: Restrict access or encrypt the content in Microsoft 365 locations - Block everyone

They seem to override the scope and apply to other core 365 products. Once removed, the policy stopped the scanning of files in OneDrive. Now the only criteria left are:

  • Scope: Teams Chat and Channel Messages - All users & groups
  • Conditions:
    • Content Contains: Sensitive Info Types - Credit Card Number - High Confidence - 1 to Any [AND]
    • Content Contains [NOT]: Sensitive Info Types - Test Credit Card Numbers***** - High Confidence - 1 to Any

I left this policy to sync overnight, but it still doesn't block messages in Microsoft Teams containing credit card numbers. I don't understand what changed since I originally tested this. Any suggestions to what I might be doing incorrectly?

Microsoft 365 and Office | Install, redeem, activate | Other | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-11-16T08:18:22+00:00

    Hello Ojii-San 2.0,

    Welcome to the Microsoft Community.

    Thank you for your question! Please note that this community is primarily for individual users, focusing on day-to-day experiences and general questions. We are here to discuss the challenges encountered by the average user, and we may not be able to provide in-depth technical support for detailed Group Policy questions.

    We recommend that you visit the Teams section of Microsoft Learn. There, there are more users who are concerned about such issues.

    If you have any questions related to everyday use, feel free to return to this community and we'll be happy to help you out!

    Microsoft Teams - Microsoft Q&A

    The reason why you are redirected to a different community is because the Microsoft community has different divisions. I sincerely hope that your query will be handled properly after contacting the appropriate department. Thank you for your understanding!  

    Best regards,

    Ian - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments