Feb 15 2021 03:13 AM - last edited on Nov 16 2021 12:14 PM by Trevor_Rusher
Hoping someone can help me. I have a number of DLP polices setup, which are working and alerting users as they should be. The issue I have is when DLP sends an alert externally, to a guest account, it changes the 'from' address from the tenant domain to email@example.com, causing issues with some client spam filters.
I have looked in the DLP policy but am unable to see any setting that will change the 'from' address to the domain name. Can anyone help with guidance to resolve this please?
Feb 15 2021 09:56 AM
Didnt even expect to have DLP policies fire on Guest accounts. But the no-reply address is "standard" behavior for SPO notifications - the user's account will be used, if found, and if not, the no-reply address.
Feb 16 2021 12:41 AM
Thanks for the response.
The response you have given is the same as I receive from Microsoft when I discuss how services are limited for Guest users in a tenant, even though their business architecture is to use BYOD for both devices and subscriptions. It amazes me how much is overlooked from a Guest account, from little things like this to big things such as authenticating to IaaS and PaaS services.
It seems in this case the firstname.lastname@example.org is being treated as a spam email buy the Guests systems because it isnt passing authentication. I am exploring DMARC, DKIM and transport rule options to see which may be able to solve the issue in the safest way.
Feb 23 2021 07:13 AMSolution
After doing a lot of testing the best solution, due to a number of reasons with external spam settings, was to create a Power Automate flow to pickup up the information of the DLP alert from an email in a shared mail box. The flow extracts the required information needed to inform the user of the event and presents it in a fully customised email sent from the shared mailbox.