Integrating sensitive information rules with transport rules
Applies to: Exchange Online, Exchange Server 2013
Topic Last Modified: 2015-01-14
In Microsoft Exchange, you can create DLP policies that contain rules for not only traditional message classifications and existing transport rules but also combine these with rules for sensitive information found within messages. The existing transport rules framework offers rich capabilities to define messaging policies, covering the entire spectrum of soft to hard controls. Examples include:
Limiting the interaction between recipients and senders, including interactions between departmental groups inside an organization.
Applying separate policies for communications within and outside of an organization.
Preventing inappropriate content from entering or leaving an organization.
Filtering confidential information.
Tracking or archiving messages that are sent to or received from specific individuals.
Redirecting inbound and outbound messages for inspection before delivery.
Applying disclaimers to messages as they pass through the organization.
Transport rules allow you to apply messaging policies to email messages that flow through the transport pipeline in the Transport service on Mailbox servers and on Edge Transport servers. These rules allow system administrators to enforce messaging policies, help keep messages more secure, help to protect messaging systems, and help prevent accidental information loss. For more information about transport rules, see Mail flow or transport rules ( Exchange Server 2013) or Mail flow or transport rules (Exchange Online).
Sensitive information rules are integrated with the transport rules framework by introduction of a condition that you can customize: If the message contains…Sensitive Information. This condition can be configured with one or more sensitive information types that are contained within the messages. When multiple DLP policies or rules within a policy are configured with this condition, the policy or rule is satisfied when any of the conditions match. Exchange policy rules examine the subject, body and any attachments of a message. If the rule matches any of these message components, the rule actions will be applied.
The sensitive information condition may be combined with any of the already existing transport rules to define messaging policies. If combined, the condition works in conjunction with other rules and provides the AND semantics. For example, two different conditions are added together with an AND statement such that both need to match for the action to be applied. Any of the transport rule actions can be configured as result of rules containing the sensitive information type matching. Many different file types can be scanned by the transport rules agent, which scans messages to enforce transport rules. To learn more about the supported file types, see Use transport rules to inspect message attachments (Exchange Server 2013) or Use mail flow rules to inspect message attachments (Exchange Online).
The rules can also be used in the exception part of a rule definition. Their use in the exception definition is independent of their use as a condition within the rule. This provides the flexibility to define rules that have the condition specifying multiple information types to be applied as part of the condition and also differing information types in the condition. This would allow policies such as matching specific traditional message-classification rules, but not matching other sensitive information types before performing actions that you define within a policy.