Exchange Server 2016 brings a lot of technological changes in it. Its features include improvement in Outlook web app, better searching capabilities and document collaboration, Improved emailing features, advent of the cloud approach and Improvement in Data Loss Prevention Policy (DLP). These solid features provide new expertise and proficiencies that benefit to their business.
In every business communications security is the most important factor to consider. Because, these communications may contain very sensitive informationsuch as Credit card number, Passwords, financial data, etc. Organizations need to protect their data from leaking outside. In order to achieve this Microsoft introduced Data Loss Prevention (DLP) policy and Transport rules.
DLP is introduced in Exchange server 2013, that helps the administrators to manage the sensitive information in Exchange Organization. In Exchange 2016 DLP contains 80 sensitive information types which are ready to use in DLP policies. DLP policies are a package of mail flow rules it contains specific conditions, actions and expectations that filter messages and attachments based on their content. DLP policies can make use of the mail flow rules to detect and then take action on the messages in transit. For Example, Mail flow rules can analyze the content based on the keyword and text pattern matches, dictionary matches, regular expression examination techniques to detect the contents that violates organization’s policies.
What you can do with Data Loss Prevention Policy?
- It is possible to identify the sensitive information across many locations such as share point, Exchange online, One drive for Business.
- Helps to prevent the accidental sharing of the sensitive information.
- Monitor and protect sensitive information in Desktop version of Excel 2016, Power point 2016 and word 2016.
- You can educate the users about DLP policies and help them remain compliant, without blocking their work.
- You can view DLP reports showing the contents that matches your organization DLP policies.
How to create a new DLP policy using Exchange Admin center (EAC)?
In Exchange Admin Center, under Compliance management, click on data loss prevention. Then click Add (+) and select New DLP policy from template to create a new DLP policy.
In the new window select a template from the 80 predefined DLP templates as per your requirement. And enter the name and description for the new policy. Choose the state of the policy enable or disabled and then select mode for the requirement. Save it.
Once you save it, you can see the newly created DLP policy in Exchange Admin center window.
If you want to edit the properties of the DLP policy, then click on edit, as shown in the below image. There are 2 sections
General: You can edit the Name, description and other details which you have provided while creating the policy.
Rules: Here, you can set the rules for your policy.
You can set 5 rules to your policy as shown in the below image.
- Allow override: overrides the policy with the value ‘Transport rule override’ if the message contains ‘override’ in the subject.
- Scan Email sent outside-low count: If the message is sent outside the Organization and the message contains any of these sensitive information types: ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’ or ‘U.S. / U.K. Passport Number’ then Set audit severity level to ‘Medium’ and Notify the sender that the message violates a DLP policy, but send the message.
- Scan Email sent outside-high count: If the message is sent outside the Organization and the message contains any of these sensitive information types: ‘U.S. Individual Taxpayer Identification Number (ITIN)’ or ‘U.S. Social Security Number (SSN)’ or ‘U.S. / U.K. Passport Number’ then Set audit severity level to ‘High’ and Notify the sender that the message can’t be sent, but allow the sender to override and provide justification. Include the explanation ‘Unable to deliver your message. You can override this policy by adding the word ‘override’ to the subject line.’ with status code ‘5.7.1’
- Scan Text limit exceeded: If the message includes an attachment that cannot be fully processed due to text extraction or other limits then Set audit severity level to ‘High’.
- Attachment not supported: If the message includes an attachment with content that can’t be inspected then Set audit severity level to ‘Medium’.
You can also create a new role by clicking on New (+) and enter all the essential fields.