Learn what is Microsoft 365 email protection, how it works, and how to activate and deactivate it. Configure a mail flow rule either automatically or manually.
Before you can activate the protection, you must first add your Microsoft 365 tenant to Safetica.
In this article, you will learn:
- How does Microsoft 365 email protection work
- Activating Microsoft 365 email protection in Safetica console
- Configuring mail flow in Microsoft Exchange admin center
- Configuring policies for M365 email protection
- Deactivating email protection
Introduction
Microsoft 365 email protection empowers you to:
- Audit all emails (both with and without attachments) sent by your Microsoft 365 users via Outlook on the web.
- Prevent sensitive email attachments from leaving via Outlook on the web. Activate our Outlook add-in to block emails that violate your policies before they are sent. (will be available in the near future)
How Microsoft 365 email protection works
After activating Microsoft 365 email protection, you will gain visibility into every email sent by your Microsoft 365 users, including those without attachments.
The activation process involves creating a mailflow rule in your Exchange Online. Based on this rule, a copy of every sent email will be sent to Safetica Cloud Protection to scrape the necessary metadata and create a DLP record. Since Safetica is added as a hidden recipient in Exchange Online, it is never visible to the email sender.
- An email request is sent from the email sender to Exchange Online.
- Exchange Online sends the email to its intended destination.
- Exchange Online adds internal Safetica address to hidden copy (BCC). Safetica analyzes the necessary data (sender, recipient(s), timestamp, email body size, attachment size, attachment classification identifiers) and creates a DLP record. After the email is processed by Safetica Cloud Protection, it is immediately deleted from our queue, including all attachment(s).
Limitations
- Supports Exchange Online only (not Exchange On-Premises).
- Audits and protects only sent emails.
- Without our Outlook add-in, it supports logging policies only.
- If you have blocking policies for email, you must use our Outlook add-in to extend them into Microsoft 365 environment. (will be available in the near future)
- If you have notification policies for email, Safetica will only log the emails.
Activating Microsoft 365 email protection in Safetica console
The Microsoft 365 email protection currently supports auditing and protection of sent emails only.
1. In Safetica console, go to Cloud services, and click your M365 tenant.
2. Click the Activate email protection button.
3. You will be shown a list of steps you must perform in your Exchange Online to enable email protection.
4. Check the box and click Finish. Then proceed to Microsoft Exchange admin center.
Completing the configuration in the Microsoft Exchange admin center is a crucial prerequisite for the correct operation of this feature.
Configuring mail flow in Microsoft Exchange admin center
You can configure the mail flow rule either:
A. Automatically via our configuration script (recommended) or
B. Manually in Microsoft Exchange admin center.
A. Configuring the mail flow rule automatically via configuration script
1. Download this configuration script.
2. Right-click the script and select Run with PowerShell.
3. Afterward, all information about sent emails should become available in Safetica within a few minutes.
B. Configuring the mail flow rule manually in Microsoft Exchange admin center
1. In Microsoft Exchange admin center, click Mail Flow in the navigation panel on the left.
2. Then click Rules > Add a rule > Create a new rule.
3. Choose an appropriate name for this rule (e.g. Safetica Cloud Protection).
4. In Apply this rule if... choose The sender is external/internal and Inside the organization.
5. In Do the following select Add recipients to the Bcc box and select copy@audit.cloudprotection.safetica.com
6. In the next step of the wizard (Set rule settings), select Match sender address in message envelope.
7. Save the rule. We recommend you place your new rule at the top of the rule list.
Make sure to set the status of the mail flow rule to Active. By default, all new rules are created as Inactive.
8. Once you successfully complete these steps, all information about sent emails should become available in Safetica within a few minutes.
Configuring policies for Microsoft 365 email protection
- After you finish the activation in Microsoft Compliance Portal, policies configured for the Email destination type will start applying to emails sent via Outlook on the web by users in your Microsoft 365 tenant.
Deactivating the email protection
You must deactivate email protection in the following order:
- First, deactivate the mail flow rule you previously created. Open Microsoft Exchange admin center and set the status of the mail flow rule to Inactive.
- Open Safetica, go to Cloud services > your M365 tenant, and deactivate email protection.
Always start with deactivating the mail flow rule before proceeding with deactivation in Safetica console.
Read next
Cloud services: How to add your Microsoft 365 tenant
Cloud services: How to activate file protection in Microsoft 365
Cloud services: How to protect a subset of Microsoft 365 users