Create an Encryption Gateway Rule in Exchange Online for a Sensitivity Label

Do these steps to create a rule in Microsoft Exchange Online:

  1. Go to the Exchange Admin Center.
  2. Click on Mail flow in the menu on the left.
  3. Click on Rules.
  4. Click on add Add a rule.
  5. Click on Create a new rule.
  6. Enter a name.
    For example: Zivver Encryption Gateway.
  7. Do the instructions in this manual from Microsoft on how to connect to Security & Compliance PowerShell.
  8. Run the following cmdlet to get the GUID of the Sensitivity Label you are looking for:
    Get-Label -Identity "Name" | Select-Object Guid
  9. Go back to the Mail Flow Rule in the Exchange Admin Center.
  10. Under Apply this rule if * select The recipient.
  11. Under Select one select is external/internal.
  12. Select Outside the organization.
  13. Click Save.
  14. Click the add button under the Apply this rule if * section.
  15. Under *And select The message headers….
  16. Under Select one select include any of these words.
  17. Click Enter text.
  18. Enter msip_labels.
  19. Click Save.
  20. Click Enter words.
  21. Enter MSIP_Label_<Guid>_Enabled=True. Replace <Guid> with the Guid that you’ve retrieved from the Powershell cmdlet.
  22. Click Add.
  23. Click Save.
  24. Under Do the following * select Redirect the message to.
  25. Under Select one select the following connector.
  26. Select the connector that you have created in Create a connector in Exchange Online.
  27. Click Save.
  28. Under Except if select The message headers….
  29. Under Select one select matches these text patterns.
  30. Click on Enter text.
  31. Enter X-Zivver-Transport.
  32. Click Save.
  33. Click Enter words.
  34. Enter ..*. (That is 2 dots, 1 asterisk/wildcard, 1 dot).
  35. Click Add.
  36. Click Save.
  37. Click Next.
  38. Enable the option Stop processing more rules.
  39. Enable the option Defer the message if rule processing doesn’t complete.
  40. Click Next.
  41. Click Finish.
  42. Click Done.

The rule is created but not enabled yet. Please make sure that the priority of all existing rules is correct. If the sent message needs to be processed by other rules first, please make sure that the rule created for Encryption Gateway has a lower priority.

As the rule is not enabled yet, no outbound message that matches the filter will be submitted to the Zivver SMTP Server. Please enable the rule when you are sure all priorities are correct.