I learnt something last week.
I was reading about Data Loss Prevention (DLP) implementation in Exchange 2013 when my attention got caught on “Data Classification”.
In Exchange 2007 and 2010, I was aware of message classification, but vaguely as I never had time focusing properly on it.
So I’ve decided to have a deeper look to the concept of classification.
In Exchange 2010, message classification is added by the sender of an e-mail before sending it, or through a transport rule. There are three default message classifications: Attachment Removed, Originator Requested Alternate Recipient Mail, and Partner Mail. The usage of these message classifications may vary.
i.e: You create a message classification, then you add it to a transport rule enforcing the appending of a disclaimer to the e-mail based on that classification.
In Exchange 2013, DLP adds to this “traditional” classification, the Sensitive Information Types. They are as various as Credit Card numbers, IP addresses, Driver’s license numbers, Passport numbers, Bank Accounts numbers,…
Exchange 2013 provides a set of types in the “Microsoft Rule Pack” that gets installed during the application deployment. To view the types, you can run the PowerShell command Get-DataClassification.
In each of them is defined the type of information to validate:
So, once you have associated a Sensitive Information Type to a Transport Rule (this association is then called a DLP Policy), if a user inserts information such as Credit card numbers, IP addresses, etc. in an e-mail and sends it, depending on your settings, Exchange 2013 can replace the message, drop it, reply with a warning to the sender, and so on.
But what I have found more interesting, is the introduction of Policy Tips in Exchange 2013.
Policy Tips work just like MailTips in Exchange 2010. They can help you warn the user before he/she sends the message being composed about sensitive information detected inside. This can help removing some processing on the server side (not significant but still useful), the user being warned BEFORE the e-mail is sent, and not after the server processes the message and finds it eventually non-compliant with a policy.
I think all this adds some more possibilities to security policies enforcement in organizations.
If you want to read more about DLP implementation on Microsoft Exchange 2013, please look at: http://technet.microsoft.com/en-us/library/jj150527(v=exchg.150).aspx
And more about Policy Tips : http://technet.microsoft.com/en-us/library/jj150512(v=exchg.150).aspx