Whitelist emails with server (Cloud) side mode signature using DLP policy


After implementing data loss prevention (DLP) rules in your Microsoft 365 setup, even though you've set up a special allowance in your custom DLP guideline for emails that include a cloud-based (server-side) signature from Sigsync, the DLP is still blocking such emails.


When emails are processed by the Sigsync Azure email service to apply a cloud-based signature, they undergo another round of DLP processing, which surprisingly leads to their being blocked. This happens because the initial override marker, initially applied by the DLP policy during the first email processing, is removed.

To make sure that emails with cloud signatures smoothly navigate through DLP obstacles, the solution involves creating a customized DLP policy that revolves around the unique header introduced by Sigsync in each email it handles. Here's a clear step-by-step guide to assist you in the process:

Steps set up custom DLP Policy in Office 365

  1. Log in to the Microsoft 365 compliance center.
  2. Navigate to 'Data loss prevention' > 'Policies' from the left pane and click the 'Create policy' button on the right pane.

    Data loss prevention policies

  3. Select the 'Custom' type of policy and give a name and description to your policy.

    Custom type of policy

  4. Keep the 'Exchange email' as the only location to apply the policy

    Select public apps

  5. Keep the selection 'Create or customize advanced DLP rules' and click 'Next'. In the 'Customize Advanced DLP rules' page, click the 'Create Rule' button.

    Create or customize advanced DLP rules

  6. Give a name to the rule and click 'Add condition'. Then, select, 'Header contains words or phrases' from the dropdown list

    Customize Advanced DLP rules Add condition

  7. Enter header name as 'X-SigsyncProcessed' in the first field and word as 'yes' in the second field . Then, click the 'Add' button

    Enter header name

  8. Scroll down the page and in the 'Additional options' section, check the option 'If there’s a match for this rule, stop processing additional DLP policies and rules' and set the rule’s priority to 0 (High). Click the 'Save' button to save the rule settings.

    Additional options

  9. The current rule settings should be the same as shown in the screenshot below

    current rule settings

  10. In the 'Policy mode' page, select the option 'Turn it on right away'

    Test or turn on the policy

  11. As you reach the last step of the wizard, take a moment to double-check your configured settings. If you're satisfied with them, just click the 'Submit' and 'Done' to save and put your policy into action
  12. At this point, your policy ought to appear on the 'Policies' tab, ensuring that emails containing a cloud-based (server-side) signature are no longer subject to DLP blockades

    Note: If your newly created policy isn't visible at the top of the policies list, just click the three dots button and choose "Move to top". By giving it the highest priority and selecting the option to halt the processing of other DLP policies (as explained in step 8), you ensure that DLP won't put emails with a cloud signature through a second processing round, preventing them from being blocked.

    Move to top

Streamline Email Signature Management with a Free On-demand Demo from Sigsync

Sigsync email signature service provides effortless, centralized signature management for Office 365 and Exchange. Our team can assist you in quickly setting up company-wide signatures. Request a free on-demand demo to see how Sigsync can simplify your email signature management process.


Demo sitemap