Encrypted emails released from M365 Quarantine (ex Internal use only)
Workarounds for CG users if reported:
As per William:
- Apply public label; if content is sensitive and not ideal to apply public label…
- Remove/adjust the keywords that are triggering the quarantine, the findings of keywords are in the compliance email alerts, if document cannot be edited…
- IT can add user to AAD group “AAD-User-Global-M365DLP-Exclude”, it can take ~30min for membership and policy recognition to take effect.
-
Outlook Web https://outlook.office365.com/ is noticeably quicker for exclusion to take effect.
- The group will be cleared nightly EST.
- AAD group was quicker to take effect than AG group in testing.
As per William:
M365 = Microsoft 365
DLP = Data loss prevention
AIP = Azure/Microsoft Information Protection
AAD/AD = Azure Active Directory / Active Directory
Background:
-
M365 DLP rules have been inspecting outgoing emails since May 2022 (previously done by Proofpoint), and since then any emails violating rules are sent to Microsoft quarantine https://security.microsoft.com/quarantine for compliance review.
- Current AIP labels have also been in place around the same time.
Recent Issue:
-
Encrypted emails sent to external recipients released from M365 Quarantine https://security.microsoft.com/quarantine cannot be opened by the recipient.
- Email encrypted with a label (ex: Confidential-Encrypted) sent to external recipient > gets caught by M365 DLP rules for violating keywords (ex: “internal use only”) > after reviewing email it is deemed fine for release to external recipient by compliance > external recipient cannot open the email.
Cause:
- When an encrypted email is caught in quarantine, then released, the Microsoft release process is stripping the url for “read the message” link
Action:
- Microsoft support has been made aware since June 16 when the first instance was noticed.
- Latest is they are aware of the issue now and working internally among their Exchange and AIP teams to figure out a solution.
Microsoft ticket will continue to be chased, any updates from their internal support will be relayed to this team.
Please let me know if any questions/concerns.
Thank you.
William Chu
Sr. Technology Architect
Canaccord Genuity Corp.
609 Granville St, Suite 2200, Vancouver, BC. V7Y 1H2
T: +1.604.601.5978 / C: +1.778.980.0526
E: wchu@cgf.com / www.cgf.com
Member of the canadian investor protection fund