MCAS Session Policy Exceptions for Trusted Domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1936230%22%20slang%3D%22en-US%22%3EMCAS%20Session%20Policy%20Exceptions%20for%20Trusted%20Domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1936230%22%20slang%3D%22en-US%22%3E%3CP%3ENew%20to%20MCAS%20and%20I%20do%20not%20have%20direct%20access%20so%20bear%20with%20me.%26nbsp%3B%3C%2FP%3E%3CP%3ERequired%20use%20case%3A%20Block%20emails%20that%20contain%20sensitive%20keywords%20except%20where%20the%20mail%20recipient%20is%20a%20trusted%20partner%20(check%20domain%20part%20of%20email%20address%20is%20one%20of%20a%20list%20of%20trusted%20partners%20e.g.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E.com).%3C%2FP%3E%3CP%3EBeing%20told%20by%20my%20supplier%20that%20it%20is%20not%20possible%20to%20do%20in%20MCAS%20and%20need%20to%20set%20up%20in%20O365%20Security%20%26amp%3B%20Comp%20Centre.%20They%20tell%20me%20that%20MCAS%20cannot%20check%20the%20mail%20recipient%20domain%20in%20the%20condition%2C%20only%20individual%20usernames%20that%20have%20been%20imported.%3C%2FP%3E%3CP%3EAny%20way%20I%20can%20do%20that%20in%20MCAS%20-%20to%20avoid%20rules%20in%20multiple%20places%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1936230%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Senior Member

New to MCAS and I do not have direct access so bear with me. 

Required use case: Block emails that contain sensitive keywords except where the mail recipient is a trusted partner (check domain part of email address is one of a list of trusted partners e.g. @microsoft.com).

Being told by my supplier that it is not possible to do in MCAS and need to set up in O365 Security & Comp Centre. They tell me that MCAS cannot check the mail recipient domain in the condition, only individual usernames that have been imported.

Any way I can do that in MCAS - to avoid rules in multiple places?

1 Reply

@GrahamP67 I don't think MCAS is the right tool to configure DLP. You should block this in realtime, and except for session control that is not possible with MCAS. 

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE