Exchange Server Data Loss Prevention Techniques

Aftab Alam | Updated On - 31 Aug 2021 |

Read time 4 min

Exchange Server is the most dependable professional email server that most businesses like to use. In addition to the enterprise-level email facilities, Exchange Server provides a feature called Data Loss Prevention (DLP), making it a safe and secure platform for confidential email communications. Organizations don’t want sensitive data to be leaked through emails. And this is taken care of with Data Loss Prevention techniques.

The Data Loss Prevention feature also helps to meet data compliance requirements set by the regulatory agencies. The DLP is a collection of multiple mail flow rules, and they have certain conditions, exceptions, and actions that check the emails and their attachments based on their content.

The mail flow rules of the DLP work on the message in the transit in multiple ways. For example, a single rule can check only the incoming messages’ attachments, and another rule can check for a text pattern through some regular expressions. You can also create rules that check for the messages violating your business’s messaging policies.

Mail Flow Rule Components

Any DLP rule that you want to create will have the following types of components-

  1. Conditions
    Conditions are the parameters on which you want to test the message. The Condition can check the message header fields like To, From, Cc, Bcc fields. Another condition can check the email message properties like email text, attachments, subject, size, classification. The Condition requires a comparison operator like equals, does not equal, and contains. If you do not apply the exceptions to the Rule, it applies to all the email messages.
  2. Exceptions
    The exceptions are applied to such messages where you do not want to apply a set rule. The comparison operators that you used in the conditions are also available in the exceptions. The exception will override the set mail rule conditions and skip the messages that fit the exception parameter.
  3. Actions
    Actions define the course of activities that will apply to the message that comes under the set Condition. Several actions are available, like rejection, deletion, message redirection, additional recipient addition, the addition of new prefixes in the subject, etc. It can also insert a new disclaimer in the message body.
  4. Properties
    Properties are the rule settings that are different from the earlier applied Conditions. These rules are not even exceptions or actions. It may be when the Condition should be applied, the period for which it should be active, etc.

Create a Data Loss Prevention rule

The Rule that the user creates for data loss prevention should be tested before turning it on completely. It will protect you from creating a rule that may interact with the messages wrongly and delete the data.

  • Create the Rule in test mode
    When you create the Rule in the test mode, it skips the action part and only matches the email messages with the conditions. You will get an email whenever the message is compared with the Rule. Follow the below lines-

    1. Login to Exchange Admin Center and choose Mail Flow>>Rules.
    2. Either you can create a new rule or edit an existing Rule.
    3. Go to scroll down ‘Choose a mode for this’ and select either ‘Test without Policy Tips‘ or ‘Test with Policy Tips.’
      NOTE
      Test without Policy Tips – This mode will provide the incident report action information applied to the message that matched the conditions.
      Test with Policy Tips – This mode works solely for the Data Loss Prevention feature. It will provide an email related to a matching email message but will not take action.
    4. Click ‘Add action,’ and if the option is not there, click More Options>>Add action.
    5. Click ‘Generate incident report and send it to‘ and select the user to get the emails.
    6. Choose ‘Include message properties‘ and apply such properties that you want to use on the Rule.
    7. Click Save, and a new rule is created.
  • Test whether the new Rule is working correctly.
    To test the Rule, you can send many test messages from another email address and see if the Rule checks them and provides you the intended information. You should send several messages that match the Rule and do not match the Rule. Messages from inside the organization and outside from the organization.
  • Activate the well-tested Rule.
    When you have tested the Rule, you can activate it and enforce it on email communication.

    1. Click Mail Flow>>Rules>>Edit.
    2. Click Enforce, and if you have created an incident report, then Remove it.
    3. Click Save.
Conclusion

The Database Loss Prevention feature helps to secure email communication, but its success depends on the quality of the Rule that the Administrator creates to protect the data. There is a probability that a malicious email can bypass the Rule and corrupt the Exchange database. When the Exchange database is damaged by corruption, Kernel for Exchange Server Recovery software will help you deal with the situation. Exchange Recovery tool will scan the EDB file and recover all the mailboxes. Then the user can save the recovered data in several formats or save it to a live Exchange directly.

Exchange Recovery tool

Download Now