If User1 sends an email externally with five credit card numbers, Policy1 applies. → Yes
If User1 sends an email externally with five credit card numbers, Policy2 also applies. → No (stopped by Policy1).
If User2 sends an email externally with five credit card numbers, Policy2 applies. → Yes
???? Policy1
Order: 0 (highest priority).
Scope: Exchange email for the Finance distribution group.
Conditions: Content shared externally AND contains ≥ 5 credit card numbers.
Actions: Encrypt with “Encrypt email” option.
Additional options: Stop processing additional DLP policies and rules.
???? Policy2
Order: 1 (lower priority).
Scope: All Exchange email.
Conditions: Content shared externally AND contains ≥ 5 credit card numbers.
Actions: Restrict/block OR encrypt depending on configuration, notify admin.
Additional options: None.
???? User-by-user Analysis
User1 (Finance group):
Policy1 applies first (priority 0).
If User1 sends email externally with ≥ 5 CCNs, Policy1 encrypts the email and stops further processing.
Therefore, Policy2 never applies to User1.
User2 (Sales group):
Not in Finance, so Policy1 does not apply.
Policy2 applies (all Exchange email).
If User2 sends email externally with ≥ 5 CCNs, Policy2 action is enforced (restrict/block or encrypt).
