Create an Encryption Gateway Rule in Exchange Online for a Sensitivity Label

Do these steps to create a rule in Microsoft Exchange Online:

  1. Go to the Exchange Admin Center.
  2. Click on mail Mail flow in the menu on the left.
  3. Click on Rules.
  4. Click on add Add a rule.
  5. Click on Create a new rule.
  6. Enter Zivver: Secure email based on classification + Outbound DLP as the name of the rule.
  7. Follow the instructions in this manual from Microsoft to connect to Security & Compliance PowerShell.
  8. Run the following cmdlet to get the GUID of the sensitivity label you want to use.
    Replace "Name" with the name of the sensitivity label you want to use in the rule.
Get-Label -Identity "Name" | Select-Object Guid
  1. Go back to the Mail Flow Rule in the Exchange Admin Center.
  2. Under Apply this rule if *, select The sender.
  3. Under Select one, select is external/internal.
    A pop-up will appear asking you to select the type of recipient.
  4. Select Inside the organization.
  5. Click .
  6. Click the add button under the Apply this rule if * section.
  7. Under And, select The sender.
  8. Under Select one, select domain is.
  9. Enter every sending domain and click .
  10. After all domains are added, click .
  11. Click the add button under the Apply this rule if * section.
  12. Under And, select The message headers….
  13. Under Select one, select includes any of these words.
  14. Click Enter text.
  15. Enter msip_labels.
  16. Click .
  17. Click Enter words.
  18. Enter MSIP_Label_<Guid>_Enabled=True.
    Replace <Guid> with the GUID you retrieved from the PowerShell cmdlet.
  19. Click .
  20. Click .
  21. Under Do the following *, select Modify the message properties.
  22. Under Select one, select set a message header.
  23. Click the first Enter text field.
  24. Enter zivver-relay.
  25. Click .
  26. Click the second Enter text field.
  27. Enter smart-org.
  28. Click .
  29. Click the add button under the Do the following * section.
  30. Under And, select Redirect the message to.
  31. Under Select one, select the following connector.
  32. Select Zivver Send Connector.
  33. Click .
  34. Under Except if, select The message headers….
  35. Under Select one, select matches these text patterns.
  36. Click Enter text.
  37. Enter skip-zivver-relay.
  38. Click .
  39. Click Enter words.
  40. Enter true.
  41. Click .
  42. Click .
  43. Click .
  44. Enable the option Stop processing more rules.
  45. Enable the option Defer the message if rule processing doesn’t complete.
  46. Set Match sender address in message to Envelope.
  47. Enter the following text in the Comments section:
Send secure messages via Zivver based on your own information classification within Microsoft Exchange (e.g. a mail flow rule that looks for specific content in an email or attachments), Microsoft Purview (e.g. using sensitivity labels applied to attachments) or another application.
  1. Click .
  2. Click .
  3. Click .

The rule is created but not enabled yet. Please make sure that the priority of all existing rules is correct. If the sent message needs to be processed by other rules first, ensure that the rule created for the Encryption Gateway has a lower priority.

As the rule is not enabled yet, no outbound message that matches the filter will be submitted to the Zivver SMTP Server. Please enable the rule when you are sure all priorities are correct.