: Connect Microsoft Exchange and Enterprise DLP

Connect Microsoft Exchange and Enterprise DLP

Table of Contents

Connect Microsoft Exchange and
Enterprise DLP

After you create the email transport rules, you must connect Microsoft Exchange and
Enterprise Data Loss Prevention (E-DLP)
to complete onboarding.
Where Can I Use This?
What Do I Need?
  • Strata Cloud Manager
  • Enterprise Data Loss Prevention (E-DLP)
  • Data Security
  • Prisma Access
  • AIOps for NGFW Premium
  • AIOps for NGFW Free
Connect Microsoft Exchange to
Enterprise Data Loss Prevention (E-DLP)
SaaS Security
Strata Cloud Manager
to complete the onboarding.
Before you begin connecting Microsoft Exchange to
Enterprise DLP
, ensure that the admin performing the connection has at least
Email Administrator
access for Microsoft Exchange. This is required to allow
Enterprise DLP
API access to Microsoft Exchange.
  1. Contact your email domain provider to update your SFP record to add the required
    Enterprise DLP
    service IP addresses.
    Add the IP addresses for the region where your email domain is hosted. You can update your SFP record with multiple regional IP addresses if you have email domains hosted in multiple regions.
    • APAC
    • E.U
    • U.S
  2. (
    Best Practices
    ) Confirm that Active Directory is properly configured so email senders have a manager to approve or reject quarantined emails.
    Microsoft Exchange Active Directory is required to assign a manager to a sender. You can create a transport rule to quarantine and send the email for approval by the sender's manager. To successfully quarantine a sender's email if sensitive data is detected by
    Enterprise DLP
    , a sender must have a manager assigned.
    If no manager is assigned to a user, then the quarantined email is sent to the recipient because no manager is assigned to approve or reject the email.
  3. Palo Alto Networks recommends configuring evidence storage so you can download emails for investigative analysis when your review Email DLP incidents.
  4. CIE is recommended so you can create targeted Email DLP policies.
  5. Create the Microsoft Exchange connectors and transport rules, and create the Email DLP Policy.
    Palo Alto Networks recommends setting up all connectors, transport rules and Email DLP policies to ensure enforcements begins as soon as you successfully connect Microsoft Exchange Online to
    Enterprise DLP
  6. Log into
    Strata Cloud Manager
  7. Select
    SaaS Security
    Apps Onboarding
  8. Search for
    and click
    Microsoft Exchange
  9. In the
    Email DLP Instance
    , click
    Add Instance
  10. In the
    Setup Connectors and Rules
    page, click
    Continue to Next Section
    since you have already configured the outbound connector, inbound connector, and transport rules.
  11. In the
    Configure Smart Host
    page, add the email domains and relay hosts.
    Adding one or more email domains and relay hosts is required to ensure emails inspected by
    Enterprise DLP
    are successfully forwarded back to Microsoft Exchange.
    1. Enter an
      Email Domain
      and its corresponding
      Relay Host
      you obtained in the previous step.
      Obtain Your Microsoft Exchange Domain and Relay Host if you don't have the Microsoft Exchange email domain and relay host immediately available.
    2. (
      any additional email domains and relay hosts as needed.
    3. Connect
  12. Microsoft Exchange is now successfully connected and onboarded.

Recommended For You