Exchange Online DLP policy tips – Tips and Troubleshooting



Hi guys! I’d like to share here today some tips about DLP policy tips (tips about tips?! Smile) on Exchange Online. This content is up to date today, but you always should check for updates online when we talk about cloud! Winking smile


What you need to know before?

It’s important to read and understand a little bit about DLP Policy Tips before. I’d like to share some basic links here about DLP and policy tips:

Data Loss Prevention
Policy Tips
Manage policy tips

 

Troubleshooting

Sometimes you create a DLP policy and associate a policy tip to it, and you realize that you cannot see it in Outlook, the policy doesn’t take effect in Outlook in Office 365.

First, it’s important to check that DLP is ON (by default, MailTips are turned on):

1. Open Outlook and select File > Options > Mail.

2. Under MailTips, click MailTips options.

clip_image002

3. Check that it’s not configured to Never Display. If you want to turn it off, select Never display MailTips.

clip_image003

If the tips are configured in Outlook and the issue persists, this problem occurs if the updated DLP policy wasn’t downloaded to Outlook. Outlook checks for changes to DLP policies one time every 24 hours. What happens here is that you need to plan your DLP rules in advance, before put in production, you should expect some time to that the tips take effect.

However, it’s possible to force update the Policy Nudges as explained below:

Outlook 2013

1. In Registry Editor, locate the following subkeys:
HKEY_Current_User\Software\Microsoft\Office\15.0\Outlook\PolicyNudges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\15.0\Outlook\PolicyNudges
2. Delete the LastDownloadTimesPerAccount registry entry.
3. Exit Registry Editor.

Outlook 2016

1. In Registry Editor, locate the following subkeys:
HKEY_Current_User\Software\Microsoft\Office\16.0\Outlook\PolicyNudges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\15.0\Outlook\PolicyNudges
2. Delete the LastDownloadTimesPerAccount registry entry.
3. Exit Registry Editor.

If we clear the LastDownloadTimesPerAccount, we can force the server to push the newest set of policies.

Ensure that you have the latest build of Outlook from your portal.

Cmdlets

You can use the following cmdlets in order to set and create DLP Policy Tips:

Set-PolicyTipConfig
https://technet.microsoft.com/en-us/library/jj215660(v=exchg.160).aspx

New-PolicyTipConfig
https://technet.microsoft.com/en-us/library/jj215647(v=exchg.160).aspx

 

References

Outlook 2010, 2013, and 2016 MailTips Options

Changes to a data loss prevention policy don’t take effect in Outlook 2013 in Office 365

Comments (0)