Override a block when Microsoft 365 flags sensitive information

Questions

  • How do I override a data loss prevention (DLP) policy block when sending sensitive information in Microsoft 365?
  • Why is Microsoft 365 blocking my email or file, and how can I safely override the DLP warning?
  • What steps do I follow to justify an override of a data loss prevention policy in Outlook or OneDrive?
  • How can I send a blocked attachment or sharing link in M365 when I believe it is allowed?
  • What does it mean when I see a DLP policy tip in Microsoft 365, and when is it OK to override it?

Environment

This article applies to people using Bowdoin-provided Microsoft 365 apps (such as Outlook on the web, Outlook for Windows or macOS, OneDrive and Teams/SharePoint) when a data loss prevention (DLP) policy blocks or warns about sending or sharing content that appears to contain sensitive information (for example, Social Security numbers or financial data).

Resolution

Understand what the DLP warning means

When you try to send or share something that seems sensitive, Microsoft 365 may show a message called a “policy tip”. It may say the content is “not allowed,” “restricted,” “must be reviewed,” or that it “violates your organization’s policy.” Read this message carefully so you understand what was found (for example, “possible Social Security number detected”)

Decide if the override is truly needed

Ask yourself: Only continue if you are sure the information must be shared and you are allowed to share it.

  • Does the recipient really need this exact sensitive information?
  • Can I remove or mask part of the data (for example, only show last 4 digits)?
  • Can I share this in a safer way, such as a restricted OneDrive or Teams files link instead of an attachment?

Review and reduce the sensitive content, if possible

Before overriding, open the file or email and remove anything that is not needed. For example

  • Replace full ID numbers with partial values (such as XXX-XX-1234).
  • Delete extra pages, old data, or personal details that are not required.
  • Use a secure Bowdoin location like Teams or OneDrive and share only what is needed.

After making changes, try to send or share again. The policy tip may go away if the sensitive content is reduced.

Override a DLP block when sending email in Outlook.

If your message is blocked but an override is allowed, you will usually see a bar near the top of your message with a warning and a link such as “Show details” or “Override.” Steps may look like:

  1. In the warning bar, click “Show details” or similar text.
  2. If you see an option that says something like “Override policy and send” or “I have a business justification for sending this content”, click it.
  3. Type a short reason in the “Justification” box.
  4. Click “OK” or “Submit” to confirm the override.
  5. Click “Send” again to send the email.

If you do not see an override option, the policy may not allow overrides for this type of content.

Override a DLP block when sharing files in Teams or OneDrive

When a DLP policy affects a file, you may see a warning icon next to the file name or a banner when you open the file in the browser.

  1. Open the file from Teams or OneDrive in the browser.
  2. Look for a banner or message that mentions “POLICY TIP”.
  3. Click “More Options” or similar text to see what rule was triggered.
  4. A browser tab will open. See the Policy tip on the right sidebar that describes the issue.  Click “Override”.
  5. Enter a clear, short reason for the override when prompted.
  6. Click “Submit to apply the override, then share the file again.

Use allowed sharing methods in Microsoft 365.​​​​​​​​​​​​​​

When you must send sensitive information and an override is allowed, it is usually safer to:

  • Store the file in Teams or OneDrive.
  • Share a link with restricted access (for example, “People you choose” or “Specific people”).

For more background, see Data Loss Prevention in Microsoft 365.

Know that overrides may be logged and reviewed

When you override a DLP policy and provide a justification, Microsoft 365 will log this action. This helps Bowdoin's IT Security review how sensitive information is handled. Because of this, only override when it is necessary and aligns with data handling rules.

Additional Help

If you need further assistance, you can chat with Bowdoin Bot or contact the Bowdoin College Service Desk by phone at (207) 725-3030 or in person at the Tech Hub in Smith Union.

Print Article

Related Articles (1)