Evaluation of location-based File Encryption rules on endpoints

On endpoints, File Encryption rules are sorted in an order that causes the more specifically defined locations to be evaluated first:

• If two rules with the same Path and Scope settings originate from policies that are assigned to different nodes, the rule from the policy nearest to the user object in Users and Computers is applied.
• If two rules with the same Path and Scope settings originate from policies that are assigned to the same node, the rule from the policy with the highest priority is applied.
• Absolute rules are evaluated before relative rules, for example c:\encrypt before encrypt. For further information, see Additional information for configuring paths in location-based File Encryption rules.
• Rules with a path containing more subdirectories are evaluated before rules with a path containing less subdirectories.
• Rules defined with UNC are evaluated before rules with drive letter information.
• Rules with Only this folder activated are evaluated before rules without this option.
• Rules using the Ignore mode are evaluated before rules using Encrypt or Exclude mode.
• Rules using the Exclude mode are evaluated before rules using Encrypt mode.
• If two rules are equal regarding the criteria listed, the one that comes first in alphabetical order is evaluated before the other rule.