Got sensitive #Exchange2013 mail? DLP has you covered

With the release of Exchange 2013 and the recent update to the Exchange Online service in Office 365, Microsoft announced an extension of the already existing transport rules to provide data loss prevention (DLP) capabilities. This DLP feature allows administrators to define DLP rules (consisting of conditions, actions and optional exceptions) that determine what happens to mail in-transit in their organizations. For example disclaimers can be added, mail dropped between users or groups of users either silently or with a non-delivery report (exceptions can be made for internal mail), forwarding the mail for approval purposes or applying classifications. DLP Policies can be built using these rules, either manually or via a template (provided out-of-the-box or from a third-party) that help to ensure that sensitive data does not leave the organization.



The DLP feature of Exchange 2013 is more powerful than transport rules as it can perform content analysis — through keyword matches, dictionary matches, regular expression evaluation, and other content examination — to detect content that violates organizational DLP policies. DLP also includes policy tips, a notification in the Outlook 2013 client that warns email users that the content of a mail message infringes on your DLP policy, before the email is sent.


For auditing purposes, incident reports can be sent to up to 10 SMTP addresses. DLP policy data is also written to the message tracking logs. However, native reporting is only available within Office 365. The upcoming release of MessageStats Business Insights will provide DLP reporting capabilities for on-premises Exchange 2013 to complement the offering in Exchange Online. Reporting is provided on high-severity violations and the number of DLP violations over time while enabling administrators to drill into specifics, including severity, violation date and the policy that triggered the violation. Searches can be refined and reports customized to deliver more granular results while making it easier for organizations to take corrective action.


For more information on the Exchange 2013 DLP feature, please download my tech brief available at