Title: Admins’ Microsoft Purview Data Loss Prevention (DLP) policies containing two specific predicates may not be enforced
User impact: Admins’ DLP policies containing two specific predicates may not be enforced.
More info: This problem manifests only after modifying or creating DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates after this issue was introduced on approximately Monday, September 18, 2023, at 12:00 AM UTC. We recommend that customers refrain from modifying existing policies containing these predicates until we’ve addressed this problem to ensure proper DLP policy enforcement.
Current status: Our code fix deployment requires some additional time to complete, although we’ve confirmed it has saturated through 75 percent of the affected environment. We’re continuing to monitor its progress and expect it will complete by our next scheduled update. For admins who modified policies during the window of impact, we’re continuing to provide mitigations to those affected policies to ensure they work as expected.
Scope of impact: This issue may affect any admin’s DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates that have been modified or created since approximately Monday, September 18, 2023, at 12:00 AM UTC.
Start time: Monday, September 18, 2023, at 12:00 AM UTC
Root cause: A code regression introduced in a recent Exchange Online Protection service update may be preventing DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates from being properly enforced if the policy has been modified or created after the update was implemented.
Next update by: Tuesday, October 3, 2023, at 5:00 AM UTC