LESS RESTRICTIVE MORE RESTRICTIVE

• Apply the right level of control based on the sensitivity of the data

• Maximize control and minimize unnecessary user disruptions

Alert

“Allow delivery

but add a

warning.”

Append

“Allow delivery

but add a

disclaimer.”

Protect

“Allow delivery

but prevent

forwarding.”

Redirect

“Block

delivery

and redirect.”

Review

“Block delivery

until

reviewed.”

Block

“Do not

deliver.”

Modify

“Allow delivery

but modify

message.”

Classify

“Allow delivery

but apply

classification.”

Transport rules

Data Loss Prevention

Rights Management

11

Conditions

Actions

Exceptions

Conditions

Actions

Exceptions

12

New options

• Rules can be configured to run for a specific time

period

• Rules can be run in Test Mode

New filters

• Total message size

• Attachment extension keyword matching

• Sender IP address

New actions

• Criteria-based routing

• Forced TLS routing

• Halt processing of remaining rules on a message (“Stop

processing rules”)

DLP helps to

identify

monitor

protect

sensitive data through deep content analysis

16

• Content to monitor

• User action

• Mail flow actions

contains

• Credit cards

• EU debit cards

Defines the policy objectivesto help meet regulatory requirementsfor identified content

Contains data type definitionsto help identify sensitive content

17

Predefined rules targeted at sensitive data types

Advanced content detection

Combination of regular expressions, dictionaries, and internal functions (e.g., validate checksum on credit card numbers)

Extensibility for customer and ISV-defined data types

Conditions

Actions

Exceptions

Empower users to manage their compliance

Contextual policy education

Doesn’t disrupt user workflow

Can work even when disconnected

Admin-customizable text and actions

20

21

Comprehensive view of DLP policy performance

Downloadable Excel workbook

Drill into specific departures from policy to gain business insights

22

Information Author Information Recipient

2

3

1

4 5

68

7

9

Database Server RMS Active Directory

Publishing Consuming

Use Windows Azure AD Right Management Out-of the box

Integrate natively with Exchange online and SharePoint online

Integrate Office 365 with existing on-premises AD RMS infrastructure

NwTraders Contoso

1. NwTraders

exports private

key and SLC

2. Contoso

imports

private key

and SLC

4. Ilse sends PL

and RAC with

request for UL

from local

licensing server

5. Contoso

uses imported

private key to

decrypt PL and

issues UL

3. Robin send IRM-Protected

message to Ilse

BYOK and logging are

not compatible with

Exchange Online

emailtext

disclaimertext

image

image

image

portaltext

Exchange Online

Policy detection and

Enforcement

Tenant

configuration

O365 User Internet User

Microsoft

account/Organization

Account

Mail Reading Portal

Ilse Van Criekinge

Technology Advisor Business Productivity

@ivcrieki, ilvancri@microsoft.com