Configure Exchange Online to forward emails to Proofpoint after DLP scans the email
search cancel

Configure Exchange Online to forward emails to Proofpoint after DLP scans the email

book

Article ID: 210664

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email

Issue/Introduction

There is a business requirement to relay messages to another email gateway after scanning messages with DLP Cloud Service for Email.

This example is provided for reference only. Broadcom does not support the configuration of O365 message rules.

For further assistance please contact Microsoft O365 Support.

Environment

Release : 15.x

Component : DLP Cloud Service for Email in Reflect Mode

Cause

Inbound messages from DLP Cloud Service for Email in reflect mode are delivered by Microsoft Exchange Online. An additional rule is required to relay these messages to another email gateway for final delivery.

Resolution

Log into Exchange Admin Center and create a rule to relay messages to another connector whenever the header 'X-DetectorID-Processed' is present.

For example, when setting up DLP Cloud Service for Email in Reflect Mode:

  1. Create connectors*
    1. Inbound DLP
    2. Outbound DLP
    3. Outbound 3PO (third party organization)
  2. Create rules**
    1. Send message to 'Outbound 3PO' if message header 'X-DetectorID-Processed' exists
    2. Add message header 'X-DetectorID' if sender is internal
    3. Send message to 'Outbound DLP' except if IP range 144.49.0.0/16

*Refer to product specific documentation when creating connectors and rules; the example reference is greatly simplified.

**The order of rules is important.

Additional Information

DLP Cloud Service for Email requires the header 'X-DetectorID’ to accept emails from Exchange Online. This header is replaced by the header  'X-DetectorID-Processed' after the message is scanned and reflected back to Exchange Online. 

 

Powered by Wolken Software