Whitelist emails with server (Cloud) side mode signature using DLP policy

Problem:

After implementing data loss prevention (DLP) rules in your Microsoft 365 setup, even though you've set up a special allowance in your custom DLP guideline for emails that include a cloud-based (server-side) signature from Sigsync, the DLP is still blocking such emails.

Resolution:

When emails are processed by the Sigsync Azure email service to apply a cloud-based signature, they undergo another round of DLP processing, which surprisingly leads to their being blocked. This happens because the initial override marker, initially applied by the DLP policy during the first email processing, is removed.

To make sure that emails with cloud signatures smoothly navigate through DLP obstacles, the solution involves creating a customized DLP policy that revolves around the unique header introduced by Sigsync in each email it handles. Here's a clear step-by-step guide to assist you in the process:

Steps set up custom DLP Policy in Office 365

1. Log in to the Microsoft 365 compliance center.
2. Navigate to 'Data loss prevention' > 'Policies' from the left pane and click the 'Create policy' button on the right pane.

   

3. Select the 'Custom' type of policy and give a name and description to your policy.

   

4. Keep the 'Exchange email' as the only location to apply the policy

   

5. Keep the selection 'Create or customize advanced DLP rules' and click 'Next'. In the 'Customize Advanced DLP rules' page, click the 'Create Rule' button.

   

6. Give a name to the rule and click 'Add condition'. Then, select, 'Header contains words or phrases' from the dropdown list

   

7. Enter header name as 'X-SigsyncProcessed' in the first field and word as 'yes' in the second field . Then, click the 'Add' button

   

8. Scroll down the page and in the 'Additional options' section, check the option 'If there’s a match for this rule, stop processing additional DLP policies and rules' and set the rule’s priority to 0 (High). Click the 'Save' button to save the rule settings.

   

9. The current rule settings should be the same as shown in the screenshot below

   

10. In the 'Policy mode' page, select the option 'Turn it on right away'

    

11. As you reach the last step of the wizard, take a moment to double-check your configured settings. If you're satisfied with them, just click the 'Submit' and 'Done' to save and put your policy into action
12. At this point, your policy ought to appear on the 'Policies' tab, ensuring that emails containing a cloud-based (server-side) signature are no longer subject to DLP blockades

    Note: If your newly created policy isn't visible at the top of the policies list, just click the three dots button and choose "Move to top". By giving it the highest priority and selecting the option to halt the processing of other DLP policies (as explained in step 8), you ensure that DLP won't put emails with a cloud signature through a second processing round, preventing them from being blocked.