DLP Configuration with Outlook/Web

This can vary I went through a few cases with Sophos on it. Much of this depends on your licensing and having the ability to change Outlook (for example) in the GPO and where it will store an attachment when you drag an drop.  To run a simple test, attempt to attach a document in outlook by clicking the  attach file icon in a new email, DLP will block the attachment this way regardless of the GPO settings which will in turn let you know that your DLP rules are working.  However (simple explanation) if you drag an drop Outlook is using a different means to attach the attachment and Sophos is not capable of seeing this, so you must tell Outlook to store the attachment in a different location.  Again however this is not possible with certain licensing, most notably the Office 365 licensing Business or Business Premium since you are not able to control Office 365 with that licensing via the GPO.  I tried believe me, broke it all down with procmon to determine that Office 365 will just rewrite the registry setting when you open a new email with the business premium licensing.  But hey if you have e1 or higher for Windows 10 and Office 365 you should be great!

Instructions to get it working can be found here-

https://community.sophos.com/products/sophos-central/f/sophos-central/110155/dlp-email-attachment-not-being-blocked 

Also I have found a good testing document is to simply create a word doc or excel spread sheet and add 5 or more fake names, with 9 digit numbers (social security), 16 digit, then 4 digit date, then 3 digit (credit card numbers) and some addresses.  Once you create this it should be flagged if you have an financial settings configured in DLP.

This can vary I went through a few cases with Sophos on it. Much of this depends on your licensing and having the ability to change Outlook (for example) in the GPO and where it will store an attachment when you drag an drop.  To run a simple test, attempt to attach a document in outlook by clicking the  attach file icon in a new email, DLP will block the attachment this way regardless of the GPO settings which will in turn let you know that your DLP rules are working.  However (simple explanation) if you drag an drop Outlook is using a different means to attach the attachment and Sophos is not capable of seeing this, so you must tell Outlook to store the attachment in a different location.  Again however this is not possible with certain licensing, most notably the Office 365 licensing Business or Business Premium since you are not able to control Office 365 with that licensing via the GPO.  I tried believe me, broke it all down with procmon to determine that Office 365 will just rewrite the registry setting when you open a new email with the business premium licensing.  But hey if you have e1 or higher for Windows 10 and Office 365 you should be great!

Instructions to get it working can be found here-

https://community.sophos.com/products/sophos-central/f/sophos-central/110155/dlp-email-attachment-not-being-blocked 

Also I have found a good testing document is to simply create a word doc or excel spread sheet and add 5 or more fake names, with 9 digit numbers (social security), 16 digit, then 4 digit date, then 3 digit (credit card numbers) and some addresses.  Once you create this it should be flagged if you have an financial settings configured in DLP.