Using on prem AD security group for DLP
Our compliance team is testing DLP in our environment and has run into a hiccup. It seems when they use a security group with a source of Windows Server AD for the Scope of Exchange, SharePoint, OneDrive and Teams, the policy does not work (see attachment DLP_WindowsServerAD group.png for example of what I mean by source). When using an on prem AD group for scope, users are still able to send SSNs or CC#s in Teams messages or emails, for example.
However, when they use a security group with a source of Cloud for the Scope, the policy does work (see attachment DLP_Cloud group.png for example).
To clarify where I’m talking about, when you’re editing a DLP, click Next twice and you’re on the Choose where to apply the policy page. Here you click Edit in the far right column to set which groups are in scope for the given policy (see attachment DLP_scope.png).
Is this expected behavior, for DLP to have an issue using groups from on prem AD to scope the policy?
Our compliance team is testing DLP in our environment and has run into a hiccup. It seems when they use a security group with a source of Windows Server AD for the Scope of Exchange, SharePoint, OneDrive and Teams, the policy does not work (see attachment DLP_WindowsServerAD group.png for example of what I mean by source). When using an on prem AD group for scope, users are still able to send SSNs or CC#s in Teams messages or emails, for example. However, when they use a security group with a source of Cloud for the Scope, the policy does work (see attachment DLP_Cloud group.png for example). To clarify where I’m talking about, when you’re editing a DLP, click Next twice and you’re on the Choose where to apply the policy page. Here you click Edit in the far right column to set which groups are in scope for the given policy (see attachment DLP_scope.png). Is this expected behavior, for DLP to have an issue using groups from on prem AD to scope the policy? Read More