Messaging Policy and Compliance

Office 365

Applies to: Office 365

Topic Last Modified: 2018-06-13

Microsoft Exchange Online Protection (EOP) provides messaging policy and compliance features that can help you manage your email data.

Looking for information about all EOP features? See the Exchange Online Protection Service Description.

Transport rules provide you with the flexibility to apply your own company-specific policies to email. Transport rules are made up of flexible criteria, which allow you to define conditions and exceptions, and actions to take based on the criteria. For more information about Transport rules in EOP, see Transport Rules.

Audit logging lets you track specific changes made by administrators to your organization. These reports help you meet regulatory, compliance, and litigation requirements. For more information, see Auditing Reports in EOP.

Not available to EOP standalone customers. Data loss prevention (DLP) helps you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP is increasingly important for enterprise message systems because business-critical email includes sensitive data that needs to be protected. The DLP feature enables you to protect sensitive data without affecting worker productivity.

You can configure DLP policies in the EAC, which allows you to:

  • Start with a pre-configured policy template that can help you detect specific types of sensitive information such as PCI-DSS data, Gramm-Leach-Bliley act data, or even locale-specific personally identifiable information (PII).

  • Use the full power of existing transport rule criteria and actions and add new transport rules.

  • Test the effectiveness of your DLP policies before fully enforcing them.

  • Incorporate your own custom DLP policy templates and sensitive information types.

  • Detect sensitive information in message attachments, body text, or subject lines and adjust the confidence level at which the service takes action.

  • Detect sensitive form data by using Document Fingerprinting. Document Fingerprinting helps you easily create custom sensitive information types based on text-based forms that you can use to define transport rules and DLP policies.

  • Add Policy Tips, which can help reduce data loss by displaying a notice to your Outlook 2013, Outlook Web App, and OWA for Devices users and can also improve the effectiveness of your policies by allowing false-positive reporting.

  • Review incident data in DLP reports or add your own specific reports by using a generate incident report action.

DLP policies are applied only to mail that passes in or out of the organization. Intra-organizational (internal) mail does not have DLP policies applied unless you run Exchange Server 2013 with DLP on-premises. This also applies to DLP policy tips, which inform users about potential policy violations before sensitive data is mistakenly sent to unauthorized recipients.

To learn more about DLP, see Data Loss Prevention.

Office 365 Message Encryption, a part of Azure Information Protection, is an online service that allows email users to send encrypted email messages to anyone. On-premises customers can access Office 365 Message Encryption by purchasing Azure Information Protection and using Exchange Online Protection to set up mail flow through Exchange Online. To learn more about Office 365 Message Encryption in Exchange Online, see Office 365 Message Encryption in the Exchange Online Service Description.


Feature EOP standalone EOP features in Exchange Online Exchange Enterprise CAL with Services

Transport rules




Audit logging




Data Loss Prevention (DLP)




Office 365 Message Encryption




1 The available criteria and actions differ between EOP and Exchange Online. For a list of available criteria and actions in EOP, see Transport Rule Criteria and Transport Rule Actions. For a list of available criteria and actions in Exchange Online, see Transport Rule Criteria and Transport Rule Actions.
2 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
3 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
4 Supported for on-premises customers who purchase the Azure Information Protection add-on and use Exchange Online Protection to route email through Exchange Online. For the desktop experience, in addition to the Azure Information Protection add-on, Office 365 ProPlus needs to be purchased.