Enterprise DLP
How Does Email DLP Work?
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
-
- About Enterprise DLP
- What’s Supported with Enterprise DLP?
- Data Patterns, Document Types, and Data Profiles
- Enable Role Based Access
- Edit the Cloud Content Settings
- Edit the Enterprise DLP Data Filtering Settings
- Edit the Enterprise DLP Snippet Settings
- Configure Syslog Forwarding for Enterprise DLP Incidents
- Request a New Feature
-
-
- Enable Existing Data Patterns and Filtering Profiles
- Modify a DLP Rule on Strata Cloud Manager
- Create a SaaS Security Policy Recommendation to Leverage Enterprise DLP
- Reduce False Positive Detections
- Data Dictionaries
- Recommendations for Security Policy Rules
- Enterprise DLP Migrator
-
-
-
-
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- April 2024
- March 2024
- January 2024
- December 2023
- November 2023
- October 2023
- August 2023
- July 2023
- June 2023
- May 2023
- March 2023
- February 2023
- January 2023
- November 2022
- October 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- July 2021
- New Features in Enterprise DLP Plugin 5.0
- New Features in Enterprise DLP Plugin 4.0
- New Features in Enterprise DLP Plugin 3.0
- New Features in Enterprise DLP Plugin 1.0
-
- Known Issues in the Enterprise DLP Cloud Service
- Known Issues in Endpoint DLP
-
- Known Issues in Enterprise DLP Plugin 3.0.9
- Known Issues in Enterprise DLP Plugin 3.0.8
- Known Issues in Enterprise DLP Plugin 3.0.7
- Known Issues in Enterprise DLP Plugin 3.0.6
- Known Issues in Enterprise DLP Plugin 3.0.5
- Known Issues in Enterprise DLP Plugin 3.0.4
- Known Issues in Enterprise DLP Plugin 3.0.3
- Known Issues in Enterprise DLP Plugin 3.0.2
- Known Issues in Enterprise DLP Plugin 3.0.1
- Known Issues in Enterprise DLP Plugin 3.0.0
-
- Known Issues in Enterprise DLP Plugin 1.0.8
- Known Issues in Enterprise DLP Plugin 1.0.7
- Known Issues in Enterprise DLP Plugin 1.0.6
- Known Issues in Enterprise DLP Plugin 1.0.5
- Known Issues in Enterprise DLP Plugin 1.0.4
- Known Issues in Enterprise DLP Plugin 1.0.3
- Known Issues in Enterprise DLP Plugin 1.0.2
- Known Issues in Enterprise DLP Plugin 1.0.1
- Enterprise DLP Limitations
-
How Does Email DLP Work?
Learn more about the Email DLP architecture and how emails are transported to and
from Enterprise Data Loss Prevention (E-DLP) for inspection.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
To prevent sensitive data exfiltration, Enterprise Data Loss Prevention (E-DLP) needs to perform inline
inspection of all outbound emails. To do this, Enterprise DLP uses an inbound and
outbound connector to transport outbound emails to and from Enterprise DLP for
inspection and verdict rendering. You must also create email transport rules to specify
the actions Microsoft Exchange or Gmail take based on the verdicts rendered by Enterprise DLP.
Enterprise DLP adds an email header to the email after inspection to indicate that
Enterprise DLP has already inspected the email. If Enterprise DLP renders
a Block or Quarantine verdict
for inspected email, an email header to indicate the verdict is added as well. Emails
that are already inspected are not transported to Enterprise DLP a second time and
Microsoft Exchange or Gmail take action based on the existing email headers.
After Enterprise DLP inspects an email, it's returned back to Microsoft Exchange or
Gmail for further action based on the rendered verdict.
The email flow for inline inspection of emails using Enterprise DLP is as
follows:
- An email is sent from within your organization to a recipient outside your organization.The outbound email can be sent from a desktop mail client, a web-based mail client, or a mobile device.
- The email transport rule instructs Microsoft Exchange or Gmail to forward the outbound email to Enterprise DLP for inspection.
- Enterprise DLP inspects the email subject line, body, and attachments against your Email DLP policies and renders a verdict.Enterprise DLP adds email headers to mark that it's been inspected and what verdict was rendered.Enterprise DLP does not support inspection of document links contained in either the email subject or body.
- The email is returned back to Microsoft Exchange or Gmail.
- Microsoft Exchange or Gmail takes action based on their respective transport rules.
- Microsoft Exchange or Gmail send the allowed email to the intended recipient if allowed.An email is allowed if Enterprise DLP did not detect any sensitive data or if the email was quarantined and approved.
![](/content/dam/techdocs/en_US/dita/_graphics/dlp/dlp-email-architecture.png)
Which Components of the Email Does Email DLP Inspect?
Enterprise DLP supports inspection of the following email
components.
- Email subject
- Email body
- Email attachmentsEnterprise DLP supports the inspection of the following types of email attachments.
- All supported file types up to 20 MB in size
- .eml files and up to five levels of nested .eml email files
Microsoft Exchange—User must click Forward as Attachment. Enterprise DLP requires this is setting to inspect the email file attachments. Forwarding email file attachments using any other method isn't supported and prevents Enterprise DLP for inspecting .eml attachments.Gmail—Only MIME email file attachments are supported. Gmail does not support Forward as Attachment functionality. Users must attach the nested email file in .eml format.
Which Regions Does Email DLP Support?
Enterprise DLP supports Email DLP in the following regions:
- Australia
- Germany (Europe)
- India
- Japan
- Singapore (APAC)
- United Kingdom
- United States
What Microsoft Exchange Online Licenses Are Required for Email DLP?
Email DLP supports any Microsoft Exchange Online license, including Microsoft 365
Defender, Microsoft 365, and Office 365 E5 licenses for inline inspection of
outbound emails using Enterprise DLP.
The type of Microsoft Exchange Online license you have active determines the
supported Email DLP functionality available to your Microsoft Exchange Online
deployment.
Enterprise DLP does not support the MSDN license for Email DLP. MSDN does
not support the use of inbound connectors to route emails, which
Enterprise DLP requires to forward outbound emails back to Microsoft
Exchange after inspection.
What Functionality Do Microsoft Exchange Licenses Support?
Email DLP supports the following functionality based on your active Microsoft
Exchange license.
- Any Microsoft Exchange Online licenses except MSDN
- Inspect outbound emails
- Block outbound emails containing sensitive data
- Send outbound emails containing sensitive data for admin approval
- Send outbound emails containing sensitive data for manager approval
- Microsoft 365 Defender licenseSee the Microsoft 365 Defender prerequisites for more information.
- Inspect outbound emails
- Block outbound emails containing sensitive data
- Send outbound emails containing sensitive data for admin approval
- Send outbound emails containing sensitive data for manager approval
- Send outbound emails containing sensitive data to hosted quarantine for approval
- Microsoft 365 or Office 365 E5 license
- Inspect outbound emails
- Block outbound emails containing sensitive data
- Send outbound emails containing sensitive data for admin approval
- Send outbound emails containing sensitive data for manager approval
- Send outbound emails containing sensitive data to hosted quarantine for approval
- Encrypt outbound emails containing sensitive data before they are sent to the recipient
Expand all
Collapse all