microsoft-365-docs
microsoft-365-docs copied to clipboard
Limitations for Header Matches Patterns
We'd like to request updates to call out specific limitations for DLP Conditions such as "Header matches patterns". Currently there are errors that occur when you try go go outside of the bounds of the tool, but these are not documented anywhere (that I have seen).
Examples of what has been tested and found via errors:
- "You cannot configure a pattern that begins with a wildcard like (.*, .+, .{0,n} or .{1,n}). You must remove the wildcard from the beginning of the pattern to continue."
- You cannot configure a pattern than matches everything.
- "You cannot configure a pattern that ends with a wildcard like (.*, .+, .{0,n} or .{1,n}). You must remove the wildcard from the end of the pattern to continue."
- You cannot configure a pattern with groups of multiple match conditions like (.*, .+, .{0,n} or .{1,n}). Remove the group or the multiple match condition from the pattern to continue.
- "Patterns cannot contain multiple multi-matches of the same type in a row (e.g. ..)."
- You cannot configure a pattern with empty 'OR' conditions (e.g. 'a|' or '|a'). Remove the empty 'OR' conditions from the pattern to continue.
- "Running regular expression '{0}' takes too much CPU time. Consider using a less complex pattern."
- "The pattern '{0}' exceeds the maximum length of {1} characters."
These seem to also line up with the limitations of header RegEx from Exchange Transport Rules - functionality that is moving over into the DLP section of M365.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 28be949f-8589-8f7c-8e08-c029389a1f6e
- Version Independent ID: f5928319-0360-41fa-dda0-5473b4e1a5b2
- Content: DLP policy conditions, exceptions, and actions - Microsoft Purview (compliance)
- Content Source: microsoft-365/compliance/dlp-conditions-and-exceptions.md
- Service: o365-seccomp
- GitHub Login: @chrfox
- Microsoft Alias: chrfox
@chrfox Please help us in resolving this issue. Thanks