There is often a requirement in organisations to block emails that are sent to external users if the email contains an attachment with a specific sensitivity label.
While configuring a Data Loss Prevention (DLP) policy to block an email that has been tagged with a sensitivity label is straightforward, detection of email attachments with a sensitivity label requires us to check the document properties of the attachment to identify the specific label.
It is recommended to show a policy tip so that users can either remove external users from the email or remove the attachment with the sensitivity label for the email to be successfully sent. Note : As of now, the policy tip for this scenario works only in outlook for the web and not the outlook client application.
If you don't want to be too restrictive (Users usually don't like so many restrictions as it hinders collaboration) and allow the emails to be sent in certain scenarios then the users can be given the option to override the block and provide a justification to send the email.
I have created a video demonstration of how this can be configured and what the experience looks like for end users.
I am also pleased to announce that Infotechtion is now a member of the Microsoft Intelligent Security Association (MISA). More details about this here.
Please contact us to discuss how to best manage information in M365.