Data Loss Prevention in Office 365: Part One


As you surely know, email is at the very heart of business communication (as I’ve probably said and/or written about a million times – or perhaps only 10).

Which means that all sorts of information can pass through your messaging system – not all of it desirable; some of it potentially damaging.

For example, let’s say you’re concerned about credit card data being sent to external recipients in potential violation of the Payment card Industry Data Security Standard (PCI DSS), how would you know, and what could you do to prevent it?

The answer is data loss prevention – also known as DLP.

The Wikipedia entry on DLP summarizes:

Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.

Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.

If your email platform is Office 365 (or Exchange 2013 on premise), Microsoft has provided a host of built-in sensitive data type templates you can employ as a part of a DLP strategy.

Although the underlying algorithms are quite complex, the initial workflow is fairly simple to understand so long as you recall that sensitive information types form the foundation of the data loss prevention policy’s actions.

Note the following for example:

The screenshot shows a DLP policy configured to capture potential instances of PCI-DSS violations (in this case, messages sent to external recipients that contain numerical sequences which seem to match the standard credit card format).

Note also that you access the DLP screen from the Exchange Admin Center by selecting the compliance management option.

In the next post, we’ll review in greater detail the process of creating a DLP from a template – or from scratch – including the relationship between sensitive information types and DLP policies.

Until then, check out these links:

Using PowerShell to Remove Specific Emails


Email is at the heart of business communications and so, it shouldn’t come as a surprise when you’re called upon to perform a variety of tasks above and beyond simply keeping messages flowing.

For example, removing emails which, for whatever reason, are considered targets for deletion.

Using PowerShell, it’s possible (on both Office 365 and on-premise Exchange) to remove messages by using a modified application of the search-mailbox cmdlet.

So, to find a message within a user’s mailbox by subject heading, you can issue the following:

Get-Mailbox -Identity | Search-Mailbox -SearchQuery ‘Subject:”your subject”‘ -EstimateResultOnly

And to remove the message found via your search you simply add the -DeleteContent switch:

Get-Mailbox -Identity | Search-Mailbox -SearchQuery ‘Subject:”your subject”‘ -DeleteContent

Note that to perform the basic search, you need the discovery management role and to delete items you need the mailbox import-export role.

Of course, your search parameters aren’t limited to subject line alone but can include date, keywords within a message, target folder and more.