MSExchangeGuru.com

Data loss prevention (DLP) is a system/approach designed to monitor, detect a possible data leakage happening in an appropriate manner and avoid the Data leakage to outside the corporate network while in-use (end user actions), in-motion (Network communication) and at-rest (storage). Until Exchange 2013 released, administrator had to depend on 3rd party solutions to achieve Data Loss Prevention and sometimes it use to end up with some other issues and user productivity loss. Microsoft introduced an integrated DLP solution with Exchange 2013, which allows exchange administrators to manage the sensitive data in Exchange organization.

The Exchange 2016 Data loss prevention (DLP) contains 80 sensitive information types which are ready to use in DLP policies. The sensitive information type is defined by a configuration which can be recognized by a regular countenance or a purpose. Sensitive information type will be identified by using corroborative evidence such as keywords and checksums and the evaluation process uses Confidence level and proximity.

Let us see how to create DLP Policy in Exchange 2016:

Data Loss Prevention works through DLP Policies, which comprise a set of conditions created by rules rules, actions and exceptions. These are based on Transport Rules which can be created either using Exchange Administration Center [EAC] or Exchange Management Shell [EMS]. Once the rule is created and activated, it will start analyzing and filtering the emails.

NOTE: We can even create a DLP Policy without activating it, and test its performance without affecting mail flow.

Open EAC and Navigate to Compliance management àClick on Add
or Drop down and select New DLP Policy from Template:

In the new DLP policy window, provide the details as below and click on Save:

• Name and description for the policy
  
• Choose a Policy template as per the requirement: Choose any one out of 80 pre-defined templates
  
• Choose the status of the policy: Disabled or enabled
  
• Choose the Mode for the requirements: Enforce, Test Policy with Policy Tips or Test Policy without Policy Tips
  

Policy Tips: Policy Tips are similar to the MailTips introduced in Exchange 2010; which inform senders that they are violating a DLP Policy before sending the message.

Once done, you can find the Outlook DLP policy under EAC as below:

We can change the properties of the Policy by clicking on Edit:

Under General Tab you can find the details which we have chosen while creating the policy:

Click on Rules to configure the policy:

From the screen shot we can see 6 rules for this Template:

1. Allow Override : if the message includes “override” in the subject, Exchange will simply override the policy
   
2. Scan email sent outside- low count: if a message is sent to outside the organization that contains sensitive information types: ‘Japan bank account number’ or credit card number’, Exchange sets the Audit sensitivity Level to ‘Medium‘ and notify the sender that the message violates the DLP policy’, but the message will send out.
   
3. Scan email sent outside- high count: if a message is sent to outside the organization that contains sensitive information types: ‘Japan bank account number’ or credit card number’, Exchange sets the Audit sensitivity Level to ‘High‘ and notify the sender that the message can’t be set, but allow the user to override and provide the justification. Include the explanation “Unable to deliver your message. You can override this policy by adding the word ‘Override’ to the Subject line.” With status code ‘5.7.1’
   
4. Scan text limit Exceeded: If the message includes an attachment that cannot be fully processed due to the text extraction or other limits,
   Exchange sets the Audit sensitivity Level to ‘High‘
   
5. Attachment not supported: If the message includes an attachment that cannot be inspected, Exchange sets the Audit sensitivity Level to ‘Medium‘.
   
6. Sent to Scope outside the Organization: if a message is sent to ‘outside the organization’ and the message contains sensitive information types: ‘Japan bank account number’ or credit card number’ Exchange will notify the sender that the message violates the DLP policy’, but send the message and the incident report to Administrator, include these message properties in the report: original mail.
   

Administrator can add a new rule to automatically override the policy if the e-mail comes from any authorized users like CEO. To add new rules to a policy, click on the drop down next to the  icon;

Click on Add to add the new policy, click on Edit to modify the expiation policy:

You can simply click on Add to create a new rule and provide the required details as per the requirement in the new rule window as below and click on save:

Ratish Nair

Microsoft MVP | Exchange Server

Team @MSExchangeGuru

Posted January 26th, 2016 under Exchange 2016. RSS 2.0 feed. Leave a response, or trackback.