Data Loss Prevention (DLP) Policy

DLP Policy filters outgoing emails to ensure that sensitive data does not reach unauthorized recipients.

In addition, it can also filter incoming emails to ensure sensitive data is not stored in your organization's mailboxes and/or that it is shared only through authorized delivery methods.

For more details about the DLP security engine, see Data Loss Prevention .

Note - DLP is not available for Infinity Portal accounts residing in the United Arab Emirates (UAE) region. If required, you can request to enable DLP. However, sensitive data analysis will be performed in the United Kingdom (UK) and not within the borders of the UAE. If you wish to enable DLP, contact Check Point Support.

Sync Times with Microsoft

  • If you change the policy protection mode from Monitor Only or Detect and Remediate mode to Prevent (Inline) mode, it takes time to start protecting in Prevent (Inline) mode. It could take up to an hour, depending on the number of protected users in the Harmony Email & Collaboration account.

  • When adding a user to the scope of a Prevent (inline) policy that is not set to All Users and Groups, it may take up to 1 hour for emails from this user to be inspected inline.

  • When a new user is added to Microsoft 365, administrators can include them in the policy scope within 10 minutes or it might take up to 24 hours.

Enhanced DLP Policy using Microsoft Purview Sensitivity Labels

Harmony Email & Collaboration allows administrators to define Data Loss Prevention (DLP) policies using Microsoft Purview Sensitivity Labels, enabling effective management of sensitive data shared through emails, messages, attachments or files.

  • Relevant SaaS Applications: Office 365 Mail, OneDrive, SharePoint, and Microsoft Teams.

  • Supported file formats: Emails, DOCX, XLSX, PPTX, PDF.

To define Data Loss Prevention (DLP) policies using Microsoft Purview Sensitivity Labels:

  1. Go to Policy.

  2. Open an existing DLP policy or create a new one.

  3. Go to the DLP Criteria section.

  4. Enable the Microsoft sensitivity labels toggle button and from the list, select one of these:

    • Any label

    • Specific labels and then enter the label name

    • All labels except and then enter the label name

    • Without labels

    Note - After enabling Microsoft sensitivity labels for the first time, an administrator must reauthorize the Check Point application to grant the InformationProtectionPolicy.Read.All permission. For more information, see Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn

  5. To include the email and attachment without labels, select the Include emails/attachments without labels checkbox.

  6. Click Save and Apply.