Protect your Data – Stop losing control over it – E-Mail Service

In the last posts, you saw how to

Now, I will show you a way to block specific classifications from being sent with Exchange/O365 to other organizations. When a document is protected, some properties are added to the file. An exchange rule can detect them and react on them. For example, if the e-mail or an attachment contains a specific Azure Information Protection Label and is sent to a contact outside your organization, then you can block the message.

To get this behavior you must create two mail flow rules in your exchange environment. The first one is to block attachments, which have the specific classification set. The classification is stored in a property called Sensitivity. Your rule should look like that:

The second rule is to block messages, which have a specific classification in their mail header. The classification and many other Azure Information properties are stored in a mail header called msip_labels.

msip_labels: MSIP_Label_40e837e6-3da8-45aa-97d8-ce91cde76b47_Enabled=True;
MSIP_Label_40e837e6-3da8-45aa-97d8-ce91cde76b47_Application=Microsoft Azure
Information Protection;

Because there is much more information in this property, we have to use the match operator. You can just search for the Label Name or you can specify “Sensitivity=Confidential” as the value.

After activating these two rules, your users can no longer send classified documents to other organizations.

After protecting your Data, you would like to see how you can monitor and react to thefts. Stay tuned and follow me on twitter @ThomasKurth_CH to get an update, when the next post of this series is online.


Thomas Kurth

Thomas Kurth

I’m a consultant, trainer and architect formodern workplace and enterprise mobility projects with Microsoft Technologies in the past eight years. I love to push and design the modern workplace based on Windows 10, EM&S and O365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.
Enterprise Adminstrator ExpertMCTCMCE


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hosting sponsored by: