Inline Email DLP extends MVISION Cloud DLP to the messages sent from your organization's mailboxes. Because Exchange Online remediation actions occur in real-time, meaning that sensitive data never leaves your organization through Exchange Online email messages.
To configure inline DLP, you need the following:
- MVISION Cloud tenant
- Office 365 account with global admin permissions
- Exchange Online email account
Make sure that you've confirmed that you can send and receive emails before proceeding.
The following components are required for this feature:
- Exchange Online mail routing (connectors and rules)
- Sky Gateway (mail is routed from O365 to Sky Gateway proxy)
- Sky Link (API) connection to Exchange Online for quarantine and delete remediation actions
Office 365 is configured to send messages through Sky Gateway so it can inspect the contents of the message. Sky Gateway acts as an SMTP proxy and as such never stores or queues messages. Messages are processed in real-time and require an active inbound and outbound SMTP session to proxy both legs.
The email flow is as follows:
- A user in your organization sends a message.
- Based on mail routing rules configured in Exchange Online, messages are forwarded to the Sky Gateway SMTP server.
- The Sky Gateway SMTP server proxies the connection from Exchange Online server (2), performs DLP inspection, and proxies back the connection to Exchange Online server (4).
- The message is received by Exchange Online.
- Exchange Online forwards the message onto the original destination(s).
Message Transport Error Handling
As the Sky Gateway acts as an SMTP proxy, it never accepts the SMTP connection unless the outbound leg can be established. Sky Gateway never queues or stores messages so therefore both legs of the connection must be up for messages to flow. This ensures that any issues with connections are handled by Exchange Online. Should a connection fail the sending Exchange Online will re-queue the message and try again.
Error messages received from the receiving SMTP gateway are relayed back to the sending SMTP gateway so the sending gateway can re-queue the message for transport.
Because Inline DLP is done in real-time, it requires the API-based Sky Gateway integration. Sky Gateway ensures that emails are blocked, deleted, or quarantined before they ever leave a sender's email account. For example, if you set up a DLP policy that deletes emails containing sensitive keywords, any message containing a specified word is deleted from a sender's mailbox.
With Sky Gateway, you can choose from the following options:
- Block. When an email is blocked, the email remains in the sender's Sent folder, but the intended recipient does not receive the message. The MVISION Cloud admin does not receive a copy of the email in the Quarantined folder. The email does not leave the sender's account.
- Delete. When an email is deleted, the email is removed from the sender's Sent folder, and the intended recipient does not get the email. The MVISION Cloud admin does not receive the email in the Quarantined folder.
- Quarantine. When an email is quarantined, the MVISION Cloud Admin receives the email in the Quarantined folder. Emails are quarantined in real-time, via API.
- Notifications. You can choose to notify users and/or MVISION Cloud admins via email when messages are blocked, deleted, or quarantined.
- Block Failed. Block Failed indicates that no modifications are made to the incident response because the email has left the sender’s account, the block has failed, and the email has reached the recipients.
- Add X Header Failed. Add X Header Failed indicates that no header is added. No modifications are made to the incident response because the block has failed and the email has reached the recipients.