Skip to main content
McAfee Enterprise MVISION Cloud

About Passive Email DLP

MVISION Cloud Email DLP allows you to apply DLP policies to your Exchange Online deployment using email journaling in Exchange Online. Journaling gives you the ability to send a copy of email traffic to MVISION Cloud DLP for inspection. Each email sent from your organization is forwarded to a MVISION Cloud-hosted mailbox where it is scanned. 

After sending an email, the following steps occur:

  1. The mail server (Exchange Online) creates a copy of the email.
  2. The mail server attaches this email to an "envelope" email addressed to the customer-specific MVISION Cloud DLP scanning mailbox.
  3. MVISION Cloud receives the email and checks if it is coming from an allow listed domain.
  4. MVISION Cloud scans each message, comparing the contents of the email against DLP policies.
  5. If no DLP violations exist, the email is immediately (and permanently) deleted from MVISION Cloud's data center.
  6. If DLP violations are found, remediation actions include either quarantining the email or deleting it from the originating mailbox. Your team can investigate the quarantined email and remediate the issue. Then the journaled email is immediately deleted from MVISION Cloud's data center.

It's important to note that this process does not prevent the original recipient of the email from receiving it. MVISION Cloud does not sit between your outbound email endpoint and the recipient's email address. This Email DLP solution uses automatic remediation options based on the DLP policy.

  • Was this article helpful?