NonBifurcatingAccessScope - Block email thread

Data Loss Prevention(DLP) policies in Microsoft 365 provides a rich set of capabilities to prevent loss of sensitive data from Microsoft 365 environment including emails through Exchange Online.

One of the action that I have regularly used within deployments is the "Restrict access or encrypt the content in Microsoft 365 location" and the configuration looks like this:

If you are configuring a DLP rule for emails, the above configuration can be misleading depending on how you interpret it. You might expect that selecting the "Block everyone" option would block the email thread for all recipients included in the original email. However, this is not the case. The email will only be blocked for those recipients on the email thread for whom the defined conditions match. To understand the details, hover over the information icon located near the setting.