Admins’ Microsoft Purview Data Loss Prevention (DLP) policies containing two specific predicates may not be enforced

Title: Admins’ Microsoft Purview Data Loss Prevention (DLP) policies containing two specific predicates may not be enforced

User impact: Admins’ DLP policies containing two specific predicates may not have been enforced.

More info: This problem manifested after modifying or creating DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates after this issue was introduced on approximately Monday, September 18, 2023, at 12:00 AM UTC.

Final status: The code fix deployment has finished for the remainder of the affected environment, completely remediating impact.

Scope of impact: This issue may have affected any admin’s DLP policies that contained the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates that were modified or created since approximately Monday, September 18, 2023, at 12:00 AM UTC.

Start time: Monday, September 18, 2023, at 12:00 AM UTC

End time: Tuesday, October 3, 2023, at 4:30 PM UTC

Root cause: A code regression introduced in a recent Exchange Online Protection service update may have prevented DLP policies containing the “DocumentContainsWords” and “DocumentMatchesPatterns” predicates from being properly enforced if the policy was modified or created after the update was implemented.

Next steps:
– We’re reviewing and improving our code change validation process to prevent similar DLP policy code regressions from causing impact in the future.

This is the final update for the event.