×

Want to Search?

Go here

Switch Language

English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

Help Center >  Setup DLP Gateway for Exchange Online

Setup DLP Gateway for Exchange Online

Introduction

To use Zivver DLP Gateway with Exchange Online, configuration of several mail flow rules is required. In simple terms the rules specify which outgoing emails should and should not be routed to Zivver DLP Gateway and adds an email header which will be recognized by the Zivver Platform.

Follow the steps below to set up the DLP Gateway mail flow rules in Exchange Online.

If you are configuring any additional mail flow rule conditions, actions, exceptions or settings which are not specified on this page, we recommend following Microsoft’ best practices for configuring mail flow rules in Exchange Online.

Prerequisites

  • Exchange Administrator privileges
  • In order to follow these steps, you must have already created a connector.

Part 1: Configuring the primary mail flow rule

This part covers configuration of the primary mail flow rule for DLP Gateway, which will be responsible for routing selected email traffic to Zivver.

Getting started

  1. Go to the Exchange Admin Center.
  2. Click on Mail flow in the menu on the left.
  3. Click on Rules.
  4. Click on Add a rule.
  5. Click on Create a new rule.
  6. Enter a name. For example: Zivver DLP Gateway

Set mail flow rule conditions

  1. Under ‘Apply this rule if’ select ‘The sender’ and then ‘is external/internal’
  2. In the side pane that opens, select ‘Inside the organization’ and click Save
  3. Add any other conditions you want to be satisfied for emails to be routed to Zivver DLP Gateway.

In case of a phased or partial roll-out of DLP Gateway, you can configure conditions based on sender characteristics, e.g. specific users, user groups, or email domains. Further information from Microsoft on mail flow rule conditions can be found here.

Note that any conditions you apply must apply to the entire message, not to any recipients of the message. Conditions applied on recipient level will lead to only the message to the recipient(s) matching the conditions being relayed to Zivver, resulting in split conversations.

Set mail flow rule actions

  1. Under ‘Do the following’ select ‘Modify the message properties’ and then ‘set a message header
  2. Click the first ‘enter text’ field, set the message header to zivver-relay and click Save
  3. Click the second ‘enter text’ field, set the value to smart and click Save
  4. Click the + icon to the right of ‘set a message header
  5. Under ‘And’ select ‘Redirect the message to’ and then ‘the following connector
  6. Select the connector that you have previously created for Zivver.
  7. Click Save.

Set mail flow rule exceptions

  1. Under ‘Except if’ select ‘The message headers…’ and then ‘matches these text patterns
  2. Click the ‘Enter text’ field, set the message header to skip-zivver-relay and click Save
  3. Click the ‘Enter words field, set the value to ..*. (that is 2 dots, 1 asterisk/wildcard, 1 dot) and click Save

If there are any further exclusions from DLP Gateway related to a phased/partial roll-out of DLP Gateway and/or specific to your organization, you can configure additional exceptions. Further information from Microsoft on mail flow rule exceptions can be found here.

Set rule settings

  1. Leave the ‘Rule mode’ in the default setting of ‘Enforce
  2. Leave the ‘Severity’ in the default setting of ‘Not specified
  3. Optional: Enable ‘Activate this rule on’ and select a date and time, if you want this mail flow rule be automatically activated from a specific date and time.
  4. Leave ‘Deactivate this rule on’ disabled
  5. Enable the option ‘Stop processing more rules
  6. Enable the option ‘Defer the message if rule processing doesn’t complete’
  7. Leave ‘Match sender address in message’ to the default setting of ‘Headers
  8. Leave the Comments section blank, unless otherwise desired
  9. Click Next

Review and finish

  1. Carefully review all rule conditions, actions, exceptions and settings. Any errors in mail flow rule configuration may result in delivery issues of outbound emails.
  2. When you are satisfied that the mail flow rule is configured correctly, click Finish

Modify the priority of the mail flow rule, if needed

Make sure that the priority of all the existing rules is correct.If other rules must process a message first, make sure that the Smart Rule rule has a lower priority. Also, make sure that the other rules with a higher priority do not have the setting ‘Stop processing other rules’ enabled, unless you explicitly want messages that trigger this/these rule(s) not to be processed by DLP Gateway.

  1. If you need to adjust the priority of the mail flow rule, find the mail flow rule you have created in the overview on the Rules page
  2. Check the checkbox to the left of ‘Disabled’ and use the ‘Move up’ or ‘Move down’ buttons to move the mail flow rule up or down into the correct order of priority.
  3. Alternatively, click the name of the mail flow rule. In the side pane which opens, select ‘Edit rule settings’. Then, under ‘Priority’, enter the correct priority for the mail flow rule. Then click ‘Save’ and wait for the setting to be saved.

Part 2: Handle exceptions

This part covers configuration of additional mail flow rules which will exclude email traffic from being routed to Zivver DLP Gateway.

This is required for emails that originate from the Zivver Platform. These should not be rerouted to the Zivver Platform, but delivered within the Exchange. Without excluding these emails, they would go into a loop and result in a bounce.

Getting started

  1. Create another mail flow rule and give it a name. For example: Exclude X-Zivver-Transport from DLP Gateway

Set mail flow rule conditions

  1. Under ‘Apply this rule if’ select ‘The message headers…’ and then ‘matches these text patterns
  2. Click the ‘Enter text’ field, set the message header to X-Zivver-Transport and click Save
  3. Click the ‘Enter words field, set the value to ..*. (that is 2 dots, 1 asterisk/wildcard, 1 dot) and click Save

Set mail flow rule actions

  1. Under ‘Do the following’ select ‘Modify the message properties’ and then ‘set a message header
  2. Click the first ‘enter text’ field, set the message header to skip-zivver-relay and click Save
  3. Click the second ‘enter text’ field, set the value to true and click Save

Set rule settings

  1. Leave the ‘Rule mode’ in the default setting of ‘Enforce
  2. Leave the ‘Severity’ in the default setting of ‘Not specified
  3. Optional: Enable ‘Activate this rule on’ and select a date and time, if you want this mail flow rule be automatically activated from a specific date and time.
  4. Leave ‘Deactivate this rule on’ disabled
  5. Leave the option ‘Stop processing more rules’ disabled
  6. Leave the option ‘Defer the message if rule processing doesn’t complete’ disabled
  7. Leave ‘Match sender address in message’ to the default setting of ‘Headers
  8. Leave the Comments section blank, unless otherwise desired
  9. Click Next

Review and finish

  1. When you are satisfied that the mail flow rule is configured correctly, click Finish

Set the priority

  1. Ensure the mail flow rule has a higher priority than the primary DLP Gateway mail flow rule configured in Part 1.

Activate the rule

  1. Click the name of the mail flow rule you have created in the overview on the Rules page. In the side pane which opens, under ‘Enable or disable rule’ toggle the switch to ‘Enabled
  2. Wait while the side pane shows ‘Updating the rule status, please wait…’
  3. When the side pane shows ‘Rule status updated successfully’ the mail flow rule is now enabled.

Repeat steps for X-Zivver-DLP header

If your organization also uses a Zivver client integration (such as Zivver for Outlook, or Zivver for Gmail), this additional exception is strongly advised for emails that have been scanned by a Zivver client integration and for which the user decided not to activate Zivver. These can be excluded from being routed to DLP Gateway, because DLP Gateway may end up overruling the user’s decision, causing unwanted and unexpected behavior.

  1. Repeat all steps in Part 2, substituting the X-Zivver-Transport header with the X-Zivver-DLP header wherever it occurs.

Part 3: Enable the primary DLP Gateway mail flow rule

Before turning on the mail flow rule for DLP Gateway, verify that all implementation requirements for DLP Gateway are satisfied and Zivver is correctly configured for your organization. If you need help, please reach out to your relevant contact at Zivver. If you are unsure, contact support@zivver.com.

If you configured an activation date and time in the ‘rule settings’ section, you can skip this step. In this case, it is advised to set a calendar reminder on the specified date and time to verify that the mail flow rule has indeed been automatically activated.

  1. Click the name of the primary mail flow rule you have created in the overview on the Rules page. In the side pane which opens, under ‘Enable or disable rule’ toggle the switch to ‘Enabled
  2. Wait while the side pane shows ‘Updating the rule status, please wait…’
  3. When the side pane shows ‘Rule status updated successfully’ the mail flow rule is now enabled. Every outbound message that satisfies the configured conditions will be relayed to Zivver DLP Gateway.

Updated on 2024-03-26

Was this article helpful?

thumb_up thumb_down