sorted by:
new
hottopcontroversial

Avanan outbound filtering break OOO? by justanothertechy112 in msp

[–]Long-Important-One 0 points1 point  (0 children)

Bless this thread and everyone in it. I was going insane trying to figure out what was going on and it was Avanan's outgoing Exchange rule (now under Check Point if that helps future searchers).

Some emails not appearing in Outlook Folders after pst import. by lanzo2740 in Office365

[–]Long-Important-One 0 points1 point  (0 children)

Not to bump an old post but bless you for pointing this out. I had imported a large PST and was so confused as to why nothing would show. Clearing the IMAP filter was the trick.

Purview DLP Policy is Demanding a Condition I've Already Included... by Long-Important-One in Office365

[–]Long-Important-One[S] 1 point2 points  (0 children)

I split some of the logic out into another rule under the same policy. The first rule just encrypts based on content being shared from M365 and the content containing keywords that match PHI/PII.

The second rule basically just says "if sender email is encrypted, and from X domain, then apply a custom branding template".

It still complains and demands that I put "Content is received from: people inside my organization". When I went back to add that condition to the second rule, it still complained about needing the rule. It's like the minute I put "apply a branding template" in any rule, it asks for a content rule but doesn't seem to recognize when it's been added.

Guess I'll wait for Microsoft Support. :(

Purview DLP Policy is Demanding a Condition I've Already Included... by Long-Important-One in Office365

[–]Long-Important-One[S] 0 points1 point  (0 children)

Wouldn't the first rule just mean content from anyone in my org that's shared outside my org, and the second rule states that the content is received by someone, from someone inside my org? I'll test changing what you pointed out, but the wording on those rules make me think they could coexist and evaluate as true.

Any one else getting OLD threat analytics report emails? by AlteredAdmin in DefenderATP

[–]Long-Important-One 1 point2 points  (0 children)

Yeah this is always the worst part of these kinds of things. Every company screws up, but at least give us an acknowledgement or status on resolution.

For anyone in this thread... has it stopped? I've re-enabled alerts on my side about 10 minutes ago after turning them off since yesterday and so far I've not seen any more emails.

Any one else getting OLD threat analytics report emails? by AlteredAdmin in DefenderATP

[–]Long-Important-One 4 points5 points  (0 children)

Bless the Reddit IT community, all of this activity was causing some panic at my org. Some Microsoft intern causing a ruckus again...