After running a data retention response rule to remove the entire violating components, it is still accessible in the incident
If multiple policies are violated by the same action/entity (eg, an email or file) then multiple incidents are created, one for each policy. To remove the violating content, or original message, the response rule must be run against all incidents generated by that action/entity.
For example, if a user sends out an email that violates two policies, there will be two incidents generated. In order to delete the original message, or its attachments you must run the Data Retention Response rule against both incidents.
Imported Document ID: TECH218957
Subscribing will provide email updates when this Article is updated. Login is required.