Skip to main content
McAfee Enterprise MVISION Cloud

Enabling Inline DLP

Part of integration is setting up a new connector in Office 365 to allow the proper flow of email traffic. You can learn more about connectors here: Configure mail flow using connectors in Office 365.

Step 1: Set up Exchange Online in MVISION Cloud

The first step is to enable Inline DLP for Exchange Online in MVISION Cloud.

To enable Exchange Online:

  1. Choose Settings > Service Management.
  2. Click Microsoft Exchange Online.
  3. If Exchange Online has been configured, click Default. Otherwise click New Instance.
  4. Click Setup, then click Configure to the right of Configure Email DLP.

    MSEO Config.png
     
    1. In the Business Requirements screen, select Inline Only. Click Next.

Inline Email DLP Biz Reqs.png
 

  1. Review the prerequisites, then select I have reviewed all prerequisites and click Next.

Inline Email DLP Prereqs.png

  1. Now we'll add domains that will be used for DLP. Add the Microsoft Exchage Online domain(s), and then the email domain associated with your ePO deployment. Next, enter a value for Host Name and the Port. Make sure that the automatically-generated MVISION Cloud Email Server Domain is correct. Click Next.


Inline Email DLP Add Domains.png

  1. For Quarantine Settings, you can enter an optional email address where quarantined files are sent. To enable this option, select Quarantine Emails and Attachments, then type the email address. Click Next.

Inline Email DLP Quarantine.png

  1. In the Summary screen, make sure all settings are correct. Click Done.


Inline Email DLP Summary.png

 

Step 2: Create a Security Group

To limit the impact of enabling Inline DLP, it's wise to set up a security group in Office 365 with a few email addresses that you can use to test. Once you're happy with the performance, you can then either add additional security groups, or use Inline DLP with all email addresses in your organization.

You'll find instructions in Manage mail-enabled security groups.

Make sure to set the following:

  • Type: Mail-enabled security group
  • Name: MVCEmailDLP
  • Allow people outside of my organization to send email to this distribution group: OFF

Step 3: Create Mail Connectors

You'll need to create two mail connectors. The first connector sends emails from O365 to MVISION Cloud for inspection, and the second accepts emails after they were scanned by MVISION Cloud.

If you're unfamiliar with setting up connectors in Office 365, you can find information here.

IP addresses for MVISION Cloud environments to use with connecters are listed here:

United States
  • 52.8.140.255
  • 35.169.47.31
  • 18.217.82.134
  • 54.164.132.26
Canada
  • 35.182.84.200
  • 15.222.68.144
  • 15.222.50.218
  • 35.183.159.113
EU

Allow list IP addresses for Ireland reflector pop. These are IP addresses in Ireland NAT Gateways:

  • 54.154.11.112
  • 52.208.188.45
  • 52.214.141.239

Allow list IP addresses for Stockholm pop. These are IP addresses in Stockholm NAT Gateways:

  • 13.48.141.247
  • 13.48.175.172
  • 13.48.146.72

Allow list IP addresses for Frankfurt euprod SPOP. These are IP addresses in Frankfurt NAT Gateways:

  • 35.157.197.205
  • 3.120.8.62
  • 3.120.122.0
GOV
  • 96.127.68.39 (gov-west)
  • 18.253.184.13 (gov-east)
  • 18.253.200.217 (gov-east)
  • 18.253.209.236 (gov-east)
  • 18.253.81.126 (gov-east reflector)

 

Route Email from Office 365 to MVISION Cloud

To create a mail connector to route email from Office 365 to MVISION Cloud for inspection:

  1. Log in to Office 365 as a Global Admin and navigate to the Exchange Admin center.
  2. Select Mail flow, then connectors.
  3. Add a new connector. Follow the instructions you'll find here: Set up connectors to route mail between Office 365 and your own email servers. Make sure to set the following options:
    • Name the new connector Office 365 to MVISION Cloud Cloud Email DLP.
    • Make sure to select "Only when I have a transport rule set up that redirects messages to this connector" when setting up the new connector.
    • Be sure to select Always use TLS and Any digital certificate, including self signed when asked how to connect Office 365 to your partner's email server.

Next, you'll create another new connector to accept emails after they're scanned by MVISION Cloud.

Route Email Back After Scanning

To create a connector to accept email after scanning:

  1. Return to Mail flow, then connectors.
  2. Add a new connector.
  3. Under Select your mail flow scenario, set the following:
    • From: Your organization's email server
    • To: Office 365
  4. Click Next.
  5. In the New connector screen, enter the following:
    • Name: MVISION Cloud Cloud Email DLP to Office 365.
    • Description: Receives email after they are scanned by MVISION Cloud Cloud DLP.
  6. Under What do you want to do after connector is saved, select both of the following:
    • Turn it on
    • Retain internal Exchange email headers
  7. Click Next.
  8. In the Edit Connector screen, under How should Office 365 identify email from your email server, choose By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization. Then type a list of all Source IP addresses.
  9. Click Next.
  10. You should now have two connectors, one configured in each direction:

 

Step 4: Create Mail Routing Rule in Office 365

Now that connectors are set up, you'll need to specify the mail routing rule.

  1. Log in to Office 365 as a Global Admin and navigate to the Exchange Admin center.
  2. Select Mail flow, then rules.
  3. Configure a new rule as follows:
    • Name: Send to MVISION Cloud Cloud Email DLP for inspection
    • Apply this rule if: The sender is a member of the [security group you created earlier in Step 2].
  4. Click More options
  5. From the Do the following menu, choose Redirect the message to and then choose the following connector


     
  6. Select the Office 365 to MVISION Cloud Cloud Email DLP connector. Click OK.
    IMPORTANT:  We strongly recommend setting up email DLP only on EXTERNAL OUTBOUND emails. Internal communications between employees/users within an organization don't need to be scanned with the same degree of security.


     
  7. Next, in the new rule screen, you'll add an exception. Under Except if, choose A message header, then pick matches these text patterns. Click Enter text; type X-SHN-DLP-SCAN. Click OK.
  8. Type success in the text box and then click OK.
  9. Deselect Audit this rule with severity level, and then click Save to save the rule.

Step 5: Test

Once the integration is complete, you'll need to test it.

To test outbound email:

1. Log in to your Office 365 account using a user that is a member of the security group you created in Step 2.

2. Send a test email to your work email address and confirm it is received.

To confirm the test message was relayed via MVISION Cloud Email DLP:

You can use the message trace in the Exchange admin center to verify that Inline DLP is functioning.

  1. Use a custom date range to filter out noise as required.
  2. Create a policy that will trigger low (log only), medium (quarantine) and high (delete)
  3. Find the message you sent to yourself earlier, and double-click to review details.
  4. Review the message trace and confirm the email was sent out using the connector.


  • Was this article helpful?