Admins’ Microsoft Purview Data Loss Prevention (DLP) policies containing two specific predicates may not be enforced

Title: Admins’ Microsoft Purview Data Loss Prevention (DLP) policies containing two specific predicates may not be enforced

User impact: Admins’ DLP policies containing two specific predicates may not be enforced.

More info: This problem manifests only after modifying or creating DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates after this issue was introduced on approximately Monday, September 18, 2023, at 12:00 AM UTC. We recommend that customers refrain from modifying existing policies containing these predicates until we’ve addressed this problem to ensure proper DLP policy enforcement.

Current status: We’re in the final stages of our code fix deployment and we’ve confirmed the fix has been successfully applied throughout the majority of the affected environment. Additionally, we’ve resolved impact for most of the recently-modified policies that were affected by the issue. We’re anticipating the remaining impact will be remediated by our next scheduled communications update.

Scope of impact: This issue may affect any admin’s DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates that have been modified or created since approximately Monday, September 18, 2023, at 12:00 AM UTC.

Start time: Monday, September 18, 2023, at 12:00 AM UTC

Root cause: A code regression introduced in a recent Exchange Online Protection service update may be preventing DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates from being properly enforced if the policy has been modified or created after the update was implemented.

Next update by: Tuesday, October 3, 2023, at 7:00 PM UTC