You wish to create a rule that routes emails from Microsoft 365 to your DLP cloud detector

DLP 16.x

Login to https://admin.exchange.com

Select Mailflow

Click rules, click +, and select Create a new rule

Type a rule name in the Name field.

In the Apply this rule if field, select The Recipient is

Select recipient outside the location

Hit save.

Under "Do the following"

Select Modify the message properties

Select Set a message header

Set the message header name to "X-DetectorID" in Set the Message header to this value

Click Save

Click "Enter text"

to set the header value to the detector ID. You can find the detector ID in your Symantec welcome email. You can also find it on the Enforce Server administration console, at System > Servers and Detectors > Overview > Server / Detector Detail page under Detector ID.

Click Save

Click add action

Select Redirect the message to

Select use the following connector

Select the connector that you created.

Click Save

Click add exception and choose  IP address is in any of these ranges or exactly matches

In the specify IP address ranges dialog, “enter an IPv4 address or range.”

In the “enter an IPv4 address or range “ enter the following address: To avoid loops for cloud detectors in the US data center and the EU data center, when prompted, add this DLP Cloud Service IP block: 144.49.0.0/16

Be sure to hit “Add” then “Save” 

Click Save

Click Next

On the “Set Rule Settings” Click “Next” *set according to specific environments need*

Click Next

“Review and Finish”

Click "Finish”

And click “Done”

Now “Click the “Disabled” field and enable the rule

For additional guides please see the "Getting Started with Data Loss Prevention"

To provide feedback please click on the "Feedback" link or send an email to "[email protected]"