Microsoft Purview compliance portal: OCR - Restrict OCR Scan to mails sent outside the organization 

🚨 The Signal: Microsoft Purview's Optical Character Recognition (OCR) can now be configured to scan only outbound emails, excluding internal and inbound communications. This refines data loss prevention (DLP) and eDiscovery scope, potentially reducing compliance costs.

The Impact

Security teams are affected by refined DLP scanning capabilities, reducing the risk of data exfiltration via outbound email.

• Security Teams: Reduced risk of sensitive data exfiltration in outbound emails.
• Compliance Officers: Improved accuracy and cost-efficiency of eDiscovery and DLP scans.
• IT Administrators: Simplified management of Purview OCR policies and reduced operational costs.

The Action

1. Navigate to Microsoft Purview compliance portal > Data loss prevention > Policies.
2. Create or edit a DLP policy that uses OCR.
3. Locate the OCR settings within the policy configuration.
4. Enable the option to 'Restrict OCR Scan to mails sent outside the organization'.
5. Review and publish the updated DLP policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview