Question
What types of emails sent from Exchange Online are filtered by Email DLP?
Answer
Email DLP filters emails delivered by transport rules on Microsoft 365 (Exchange Online).
* This information is based on the current specifications of Microsoft 365 / Exchange Online and may change due to future updates by Microsoft.
* For cases not listed below, the behavior depends on Microsoft 365 specifications and tenant settings.
For more information, please contact Microsoft.
Email Deliveries Subject to Email DLP
- Emails manually sent by users from their own mailboxes (e.g., using the Outlook client application or Outlook on the web (OWA)) to external (outside the organization) recipients.
* Relay emails from external sources using SMTP-AUTH are also considered within scope if they are within Exchange Online's sending limits.
Email Deliveries That Should Be Excluded from Filtering
-
Emails sent within the same Microsoft 365 tenant
Emails addressed only to recipients within the same tenant (internal) are excluded from filtering.
* If both internal (within the organization) and external (outside the organization) recipients are included, only emails to external recipients are processed. -
Emails sent from the initial domain
Emails sent from the initial domain (onmicrosoft.com) are excluded from filtering. -
Bulk distribution accounts
For tenants or accounts that regularly send a large volume of emails, such as system notifications, there is a risk of hitting sending limits (rate limits) based on Email DLP's own criteria.
It is strongly recommended to use a separate service for bulk email distribution, rather than relaying through Exchange Online or Email DLP. -
Automatic forwarding in Exchange Online (+SRS=)
We have configured settings to exclude "automatically forwarded emails" set up on the Exchange Online side from filtering.
This is due to the following two operational concerns:- When emails received from external sources are automatically forwarded, the sender address is rewritten by Microsoft 365's SRS (Sender Rewriting Scheme).
As a result, Email DLP cannot associate the email to be filtered with the original sender address, making it impossible to manage or operate these emails properly in the user console. - Since automatic forwarding is performed by the system, it is not compatible with Email DLP features that require manual user actions, such as "release from hold (send confirmation)".
It is necessary to prevent unintended email retention in advance.
- When emails received from external sources are automatically forwarded, the sender address is rewritten by Microsoft 365's SRS (Sender Rewriting Scheme).
Accounts Requiring Special Attention
-
Sending emails from shared mailboxes or Microsoft 365 Groups
Special attention is required when sending from shared mailboxes or Microsoft 365 Groups in relation to Email DLP processing.
For more details, please refer to the following Help Center article.
Precautions when using Email DLP delegation (Google Workspace) / shared mailboxes (Microsoft 365)