Trigger word: E-mail monitoring gets easy in Office 365, Exchange

It’s now simpler than ever for the boss to watch what you send in e-mail.

Exchange 2013 and Office 365 (O365) include a new feature that can peek into e-mail messages and enclosed documents and then flag them, forward them, or block them entirely based on what it finds. This sort of data loss prevention technology has become increasingly common in corporate mail systems, but its inclusion as a feature in Office 365’s cloud service makes it a lot more accessible to organizations that haven’t had the budget or expertise to monitor the e-mail lives of their employees.

As we showed in our review of the new Office server platforms, the data loss prevention feature of Microsoft’s new messaging platforms can detect things like credit card numbers, social security numbers, and other content that has no business travelling by e-mail.  Because of how simple it is to configure rules for Microsoft’s DLP and security features, administrators will also have the power to do other sorts of snooping into what’s coming and going from users’ mailboxes.

Unfortunately, depending on the mix of mail servers in your organization—or which Exchange instances you happen to hit in the O365 Azure cloud—they may not work all the time. And they won’t help defeat someone determined to steal data via e-mail.

In tests we performed with DLP and security features, we found that Exchange and O365 were pretty good at catching credit card numbers and other personal identifiable information. However, some of the rules we set for testing didn’t take for all of our users. That in part may have been because of the limited rollout of the new Exchange within Microsoft’s O365 infrastructure when we were performing the testing. When setting rules, we got a warning from the Exchange Administrative Console:

So in other words, if you’re rolling out Exchange 2013 in your organization or are using Office 365 from multiple locations, your mileage with DLP may vary. And even when the rules do work, there are some limits to what you can stop from going out the SMTP gateway.

Exchange 2013 and Office 365 allow rules to be applied to direct mail flow. Those rules can be used for all sorts of things, like rerouting inbound e-mail from one mailbox to another based on the sender, keywords in the subject or contents, and a number of other parameters. For data loss prevention, those rules can be triggered by filters checking for keywords or specific patterns. Those patterns can require some calculations to be made with the text. For example, you won’t set off the credit card detection filter provided by Microsoft out of the box unless the numbers properly validate as “real” credit card numbers based on the rules for each issuer.

Exchange and O365’s filters can read both message bodies and common file attachments by scanning their content. The filters can also check compressed files for content. We ZIP-compressed documents with content banned by rules put in place to stop them from getting out, including credit card numbers, and the filters caught them with no trouble.


Leave a Reply

You must be logged in to post a comment.