DXfoto.com - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Enforce acceptable use guidelines with policy tips

Policy tips in Exchange 2013 remind end users of acceptable use policies and prevent accidental violations before they ever occur.

Data loss prevention features in Exchange Server 2013 warn end users about possible policy violations before messages are sent. In part four of our Exchange Server 2013 DLP checklist series, we explain how policy tips can help admins and end users.

No matter how detailed and formal an organization's written email use policies are, employees or other end users will eventually violate the company's acceptable use guidelines. Data loss prevention (DLP) exists to prevent occasions of end-user malfeasance -- because these instances do occur -- but many email policy violations are innocent or unintentional. Established policies might invoke email actions (such as alerting a manager) and trigger an investigation, taking time and resources that simply reveal an accidental oversight on the end user's part.

DLP in Exchange Server 2013 helps mitigate unintentional violations by creating policies that allow sending policy tip notifications to the end user's Outlook client. If any part of the message appears to potentially violate a policy, a corresponding policy tip will remind the user about current policies and acceptable use guidelines. This can include violations in recipients, subjects, message bodies or attachments.

If, for example, a doctor creates an email containing a patient's medical record number and addresses the message to a recipient outside of the business, HIPAA or other healthcare policies will deem this as a possible violation. Before the message is actually sent, triggering a real violation and response, a policy tip can appear reminding the sender about the organization's policies regarding sensitive information. When the doctor sees this reminder, he or she can re-check the recipient or remove the sensitive info before sending the email.

Policy tips help to reinforce acceptable use guidelines while preventing "accidental" violations before they occur. To enable policy tips for email senders, transport rules must include a "Notify the sender with a policy tip" action. Because policy tips are specific actions, it's possible to use tips in selected situations while forgoing tips in other situations depending on the DLP needs of the business. It's also possible to create your own policy tips.

Next Steps

This is part four in a series about data loss prevention features in Exchange Server 2013.

Part one took a look at DLP templates. Part two covered transport rules. Part three helped organizations put a finger on the importance of document fingerprinting.

Stay tuned for part five, which covers the importance of incident reporting.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.