Monday 22 October 2012

Exchange 2013 Preview: Data Loss Prevention

Exchange 2007 and 2010 offered the concept of Hub Transport Rules, allowing an Administrator to create mail flow rules based on a set of parameters and rulesets. On top of this there was also support for a Custom Transport Agent (eventsink) allowing true customization at the transport layer.
 
Both agents supported Regular Expressions. See “Regular Expressions in Hub Transport Rules” http://technet.microsoft.com/en-us/library/aa997187(EXCHG.80).aspx
 
In Exchange 2013 Preview this concept has evolved and we now have the concept of Data Loss Prevention, or DLP.
 
This is supported in Powershell as well as the Exchange Administrative Center, or EAC. I will show you the steps for creating a DLP Policy here using the EAC, however the Exchange cmdlets you are interested in should you so wish to user Powershell are based on DlpPolicy. For example, Get-DlpPolicy, New-DlpPolicy etc.
 
 
So in Exchange 2013 Preview log into the EAC. Go to the Compliance Management section and select ‘Data Loss Prevention’
 
 
Select to create a new DLP Policy from a template, I am specifying UK financial data here to pick up on a credit card number and setting it to report to an incident management mailbox
 
 
 
Once created we can test the policy, enforce it or test  with notifications
 
 
I set it to alert with a notification
 
 
Finally I publish the policy and then send an email with a (faked) credit card number.
 
 
 
My email is reported to the incident mailbox and a notification is sent.
 
 
You can see this is a far easier and manageable solution than using Regular Expressions such as
 
(\\()*\d\d\d(\\)|\s|.)\d\d\d(-|.)\d\d\d\d
 
 
Take care,

Oliver Moazzezi - MVP Exchange Server


 

No comments: