Hello @Jennifer
- Open the Microsoft 365 Compliance Center.
- Go to the Data loss prevention page.
- Click on the Create a policy button.
- Choose the appropriate policy type, such as Exchange email.
- Select the sensitive information types that you want to protect.
- Choose the actions you want to take when sensitive information is detected, such as blocking the email or sending a notification.
- Save the policy.
<<but allow the email if the same data is detected in an encrypted email
You can exclude encrypted emails by in "content contains" section select NOT "message type" is "permission controlled".
after selecting the "Sensitive info types" press the "Add group" button. Then you can set the toggle NOT for the 2nd group.
More details: https://community.spiceworks.com/topic/2484651-bypass-dlp-when-email-is-encrypted
Regards
Shaofan
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.