@Julian - Thanks for the question and using MS Q&A platform.
To create a DLP policy in Microsoft Purview to detect instances where staff are emailing attachments to users outside of the organization, you can follow these steps:
- Go to the Microsoft 365 compliance center and select "Data loss prevention" from the left-hand menu.
- Click on "Policy" and then "Create a policy".
- Choose "Custom policy" and give it a name.
- Under "Policy settings", select "Email" and then "Attachments".
- Choose "Any attachment" and then select "Outside the organization" under "Recipients".
- Under "Actions", select "Notify the user with policy tips" and then choose "Custom message".
- Enter the message you want to display as a policy tip warning notification reminding them of the dangers of emailing sensitive information outside the organization.
- Save the policy.
This policy will apply to all cases where staff are emailing attachments to users outside of the organization. When a user attempts to send an email with an attachment to an external recipient, they will receive a policy tip warning notification reminding them of the dangers of doing this if the information is sensitive.
For more details, refer to Send email notifications and show policy tips for DLP policies
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.