Maxim_Kazmin - Fotolia
Data loss prevention features allow Exchange Server 2013 to identify and act on potentially sensitive email content. Using templates to establish policies is a start. You also need to understand transport rules and their roles to properly execute DLP policies in Exchange Server 2013.
Exchange Server 2013 relies on transport rules to scan messages, identify policy violations and take action. Transport rules are created when policies are established; and you must keep transport rules up to date with regulations and business conditions.
Normally, rules are created with DLP policies, PowerShell or the Exchange Admin Center and then stored in Active Directory. A transport rules agent processes each message in the Exchange transport path against established rules. If the message violates any rules, the transport rules agent takes action. Exchange professionals need to ensure transport rules are properly assembled with conditions, exceptions and actions.
Transport rules check a number of parts in each email, including sender, recipient, subject, message body and attachments, using conditions to find violations. For example, if the message header or body contains the company's secret project name, it might be flagged as a violation. But implementing exceptions can offer an override to certain conditions.
Transport rules also define which actions to take when conditions are met, including blocking, deleting or redirecting the message. Actions can even insert proper disclaimers in the message to ensure corporate compliance. For example, any message originating from a financial advisor might need to include a Safe Harbor statement, but transport rules can ensure that the correct statement is appended to the body. Actions can also be logged for additional investigation and disciplinary action.
Remember to thoroughly test rules before enforcing them. This reduces a significant amount of work for Exchange professionals and company managers while easing stress on email users. Many organizations start testing transport rules without policy tips to log possible issues, but without alerting end users or associated enforcement. This is when most rules are tweaked and adjusted to meet specific company preferences. As transport rules become more established, it's possible to test rules with policy tips that actually inform end users of potential violations before the message is ever sent. It's a good heads-up for changing rules or new company requirements. Rules can also be enforced where all action will be taken in response to possible messaging violations.
This is part two in a series about the best ways of implementing data loss prevention features in Exchange Server 2013.
Part one covers DLP templates.
Stay tuned for part three, which covers document fingerprinting.