To create a policy which flags mail sent by a user to another specific user, please set the following in the DLP policy.

1. create a new DLP policy and select the type 'Sharing Control'

2. provide a name for the policy

3. In the next 'Whom the policy applies to?' section add the user(s) for whom you need to monitor the sent mails for.

4. In the 'Which services do you want to protect?' section, please select only the Mail service because you just want the mails to be checked for.

5. In the 'Check only emails sent to' section you have 2 options,

  • External Domains - if you select this option, all the mails sent to the domains other than that of the applied user's will be flagged.
  • Specific Domain/user - in this option, you can specify a certain email address or a certain domain for which the mails sent should be checked for. If you add an specific email address, the mails sent to this particular email address by the user will be flagged as violation. If you add a specific domain, the mails sent to any user in this particular domain will be flagged as violation. Note that you can add both specific user and specific domain concurrently for the policy to work. Please check snapshot attached for reference.

6. You can set the 'Exception Management' and 'Incident reporting and communication' settings according to your needs.

7. Finally Save the policy and activate it.