Friday, November 16, 2012

Exchange 2013 Data Loss Prevention

Data Loss Prevention [DLP] is a system designed to detect a potential data breach/leakage incident in a timely manner and prevent it. When this happens, sensitive data such as personal/company information, credit card details, social security numbers, etc., is disclosed to unauthorized users either with malicious intent or by mistake. This has always been an important matter for most companies as the loss of sensitive data can be very damaging for a business. For many years now, there have been both software and hardware solutions that monitor data while:
in-use: end-user actions such as copying data to USB or printing it for example;
in-motion: network communications like e-mail, web traffic, Instant Messaging, etc.;
at-rest: data stored in file shares or on users’ drives.

Up until now, Exchange Administrators had to rely on 3rd-party solutions to achieve this, but some solutions would cause more harm than good and user productivity would suffer. With Exchange 2013, Microsoft now makes it possible to enforce compliance requirements for such data and control how it is used in e-mail. DLP is the new feature that allows administrators to manage sensitive data in Exchange!

To read the full article, please go to MSExchange.org - Exchange 2013 Data Loss Prevention.

7 comments:

  1. Nuno...very nice articles on MSExchange.org...thank you! I have a question about the actual editing of the XML file to include more robust search options. In the TechNet article “Matching Methods and Techniques for Rule Packages”, it mentions that terms can be matched by using the Term sub-element or in an external dictionary file by specifying the Dictionary sub-element. This is configured by Term and Dictionary sub-elements. However I cannot find any documentation on how to include a Dictionary sub-element, what properties it takes, and where the external dictionary must be located. I have searched the web extensively for the documentation of the elements in the DLP XML schema but can find nothing….not even samples. The sample info on TechNet is incomplete. If you have a URL to the DLP XML schema documentation it would be a big help or if you can discuss in a future article (beyond what is in TechNet)…that would be really useful.

    ReplyDelete
    Replies
    1. Hi,

      Apologies for the delay in replying to you...
      Unfortunately I haven't tried that myself yet to be honest. I am guessing you have read the "Developing DLP Policy Template Files" article at http://technet.microsoft.com/en-us/library/jj674702(v=exchg.150).aspx? It doesn't mention dictionary sub-elements but it has some examples.
      Sorry I couldn't be of more assistant...

      Regards, Nuno

      Delete
    2. Hi,
      I have difficulties in importing the XML File to the sensitive information types for Exchange Server 2013. I managed to script the XML file, but however there's one error that keep me behind after a lot of attempts.
      "Unable to continue processing classification rule collection payload for decryption or further validations. Payload may contain invalid data."
      Perhaps you know how to generate Rule Pack ID, Publisher ID? I only know that entity ID is by GUID generator found in Microsoft Windows Tools.
      Thank you! :)

      Delete
    3. Hi

      I'm trying to add more sensitive information types by import XML file through the use of PowerShell. However, i'm not sure how to generate Rule Pack ID, Publisher ID to complete the XML schema. What i know is that for entity ID, we can generate by GUID generator on Microsoft Windows SDK Tools.

      The error that always prompt is "Unable to continue processing classification rule collection payload for decryption or further validations.Payload may contain invalid data"
      Hope you can help me with this. Thank you

      Delete
    4. Hi Hussein,
      Unfortunately I haven't tried doing what you are attempting so I'm afraid I cannot help you with this...

      Regards, Nuno

      Delete
  2. Hello Nuno Muta
    is it true that DLP does not work with exchange 2013 evaluation version?

    ReplyDelete
    Replies
    1. Hi,
      Yes, it does work! All features all fully functional in Eval version :)

      Regards, Nuno

      Delete