Microsoft plans to remove the management of Exchange transport-rule based policies from the classic EAC in mid-2022. Given that Microsoft 365 DLP policies offer the same if not better functionality for Exchange Online and can process other workloads as well, it’s a good time to consider transitioning away from the older technology. Microsoft is obviously not putting any engineering effort into Exchange-based DLP, so there’s no good reason not to move over and use the technology they are investing in, The transition will take time and effort, but it will be worth it.
Microsoft has upgraded unified DLP policies to support the rich set of conditions, exceptions, and actions available for Exchange transport rule-based DLP policies. The upgrade means that organizations which have been forced to continue using ETR-based DLP policies can begin the process of moving over to unified DLP. This process won’t be easy, but it’s the right thing to do for the long term.
Data Loss Prevention (DLP) is a feature of Office 365 E3 and E5 plans. Most DLP policies focus on matching sensitive information types created by Microsoft, like credit card numbers, but it is relatively easy to create a custom sensitive information type for use in DLP policies to detect information specific to your organization. In this example, we create a sensitive information type for Azure AD passwords and explore its use in Teams DLP policies.