|Category||Microsoft Docs article||Related commit history on GitHub||Change details|
|compliance||Dlp Conditions And Exceptions||https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-conditions-and-exceptions.md||
To configure the sender address location at a DLP rule level, the parameter is *|condition or exception in DLP|condition/exception parameters in Security & Compliance PowerShell|property type|description| |||||
-|Attachment is password protected|condition: *DocumentIsPasswordProtected* <br/><br/> exception: *ExceptIfDocumentIsPasswordProtected*|none|Messages where an attachment is password protected (and therefore can't be scanned). Password detection only works for Office documents, .zip files, and .7z files.|
+|Attachment is password protected|condition: *DocumentIsPasswordProtected* <br/><br/> exception: *ExceptIfDocumentIsPasswordProtected*|none|Messages where an attachment is password protected (and therefore can't be scanned). Password detection works for Office documents, archive documents (such as .zip, .7z, .rar, and .tar files), and .pdf files.||Attachment's file extension is|condition: *ContentExtensionMatchesWords* <br/><br/> exception: *ExceptIfContentExtensionMatchesWords*|Words|Messages where an attachment's file extension matches any of the specified words.| |Any email attachment's content could not be scanned|condition: *DocumentIsUnsupported* <br/><br/>exception: *ExceptIf DocumentIsUnsupported*|n/a|Messages where an attachment isn't natively recognized by Exchange Online.| |Any email attachment's content didn't complete scanning|condition: *ProcessingLimitExceeded* <br/><br/> exception: *ExceptIfProcessingLimitExceeded*|n/a|Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.|
|compliance||Dlp Policy Reference||https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md||
The available context options change depending on which location you choose. If- Content contains - User's risk level for Adaptive Protection is - Content is not labeled (PDF and Office files are fully supported). This predicate detects content that doesn't have a sensitivity label applied. To help ensure only supported file types are detected, you should use this condition with the **File extension is** or **File type is** conditions.-- Document or attachment is password protected (PDF, Office files, .ZIP, and Symantec PGP encrypted files are fully supported). This condition detects only open protected files.
+- Document or attachment is password protected (PDF, Office files, .ZIP, .7z, and Symantec PGP encrypted files are fully supported). This condition detects only open protected files.- File type is - File extension is - The user accessed a sensitive website from Microsoft Edge. For more information, see, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains).
To learn more about how Purview DLP implements booleans and nested groups see, [|Sender AD attribute matches patterns | EXO | Regex length <= 128 char; Count <= 600 | Medium | |Content of email attachment(s) can't be scanned|EXO| [Supported file types](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection) | Low | |Incomplete scan of email attachment content | EXO | Size > 1 MB | Low |
-|Attachment is password-protected | EXO | File types: Office files, ZIP, and 7z |Low|
+|Attachment is password-protected | EXO | File types: Office files, .PDF, .ZIP, and 7z |Low||Attachment's file extension is |EXO/SPO/ODB | Count <= 50 | High| |Recipient is a member of |EXO | Count <= 600 | High | |Recipient domain is | EXO| Domain name length <= 67; Count <= 5000 | Low |
To ensure high performance and lower latency, there are limitations in custom SI|Maximum size of a keyword dictionary (post compression)| 1MB (~1,000,000 characters)| |Maximum number of keyword dictionary based SITs in a tenant| 50 | |Maximum number of MIP+MIG policies in a tenant| 10,000 |
-|Maximum number of DLP rules in a policy | Limited by the size of policy (100KB) |
+|Maximum number of DLP rules in a policy | up to 600, as long as the policy size remains below 100KB and there is a maximum of 600 rules in the tenant ||Maximum number of DLP rules in a tenant | 600 |
-|Maximum size of an individual DLP rule | 80KB |
+|Maximum size of an individual DLP rule | 100KB ||Maximum size of a DLP policy | 100KB | |Policy name character limit | 64 | |Policy rule character limit | 64 |