Maxim_Kazmin - Fotolia

Manage Learn to apply best practices and optimize your operations.

Support Exchange 2013 DLP policies with transport rules

Transport rules can help organizations spot and prevent violations, but testing the rules is a crucial part of the setup process.

Data loss prevention features allow Exchange Server 2013 to identify and act on potentially sensitive email content. Using templates to establish policies is a start. You also need to understand transport rules and their roles to properly execute DLP policies in Exchange Server 2013.

Exchange Server 2013 relies on transport rules to scan messages, identify policy violations and take action. Transport rules are created when policies are established; and you must keep transport rules up to date with regulations and business conditions.

Normally, rules are created with DLP policies, PowerShell or the Exchange Admin Center and then stored in Active Directory. A transport rules agent processes each message in the Exchange transport path against established rules. If the message violates any rules, the transport rules agent takes action. Exchange professionals need to ensure transport rules are properly assembled with conditions, exceptions and actions.

Transport rules check a number of parts in each email, including sender, recipient, subject, message body and attachments, using conditions to find violations. For example, if the message header or body contains the company's secret project name, it might be flagged as a violation. But implementing exceptions can offer an override to certain conditions.

Transport rules also define which actions to take when conditions are met, including blocking, deleting or redirecting the message. Actions can even insert proper disclaimers in the message to ensure corporate compliance. For example, any message originating from a financial advisor might need to include a Safe Harbor statement, but transport rules can ensure that the correct statement is appended to the body. Actions can also be logged for additional investigation and disciplinary action.

Remember to thoroughly test rules before enforcing them. This reduces a significant amount of work for Exchange professionals and company managers while easing stress on email users. Many organizations start testing transport rules without policy tips to log possible issues, but without alerting end users or associated enforcement. This is when most rules are tweaked and adjusted to meet specific company preferences. As transport rules become more established, it's possible to test rules with policy tips that actually inform end users of potential violations before the message is ever sent. It's a good heads-up for changing rules or new company requirements. Rules can also be enforced where all action will be taken in response to possible messaging violations.

Next Steps

This is part two in a series about the best ways of implementing data loss prevention features in Exchange Server 2013.

Part one covers DLP templates.

Stay tuned for part three, which covers document fingerprinting.

Dig Deeper on Exchange Server setup and troubleshooting

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Looks into the message subjects and attachments when evaluating polixies