Office 365 Prevent Bad Language in Email Using DLP

Get this blog post sent to you as a PDF file to read later

Enter your email address and press Send Now

Office 365 has some great features such as Data Loss Prevention (DLP) which is used to stop users from sending sensitive financial or medical information via email or by sharing files in SharePoint and OneDrive. Using DLP we can also do something else really cool, we can stop users using bad language in their emails. Hopefully you don’t have employees who are far more professional than that but using a simple rule you can prevent users using certain words. The words don’t have to be swear words either, they could even be special project codewords you want to keep secret!

Lets get stuck in and configure our email DLP policy.

Log into the portal and click through to the Exchange Admin Centre.


Click into the data loss prevention feature.


Click the cross symbol and select to create a New custom DLP policy.


Give the policy a name and description, enable it and select to enforce the rule so it becomes active.


Edit the rule you just created.


Now we create a new policy rule which will trigger the policy. Select this policy to apply if the subject or body includes.. from the drop down list and enter the words you want to block. In this example we make up some trigger words ‘word1’, ‘word2’ ‘word3’. You can enter any number of key words here you want and if a user uses them in an email the policy will fire.

Next select what will happen when the policy rule files in the “Do the following” selection. Here we select to ‘reject the message with the explanation’ and we enter a custom message to display to the user.

Save the policy rule and now we are ready to test.


Lets send a test email which contains one of the keywords and see what happens.


Boom! the email is rejected and displays the message to the user informing them of why the email was rejected. The user can now resend the email without using the keyword.



Exchange DLP is extremely useful for preventing users sending medical or financial information to users outside the company. It can also be used to prevent users using swear words or other special keywords.


Author: Ian@SlashAdmin

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *