Use Case 2: DLP approve by admin

This use case is designed to route the emails with DLP X-Header response “DLP reject” to your organization’s admin for approval. It is optional but can be adjusted to be DLP admin or a single shared mailbox.

Steps

  1. In Microsoft Exchange admin center page, navigate to Mail flow > Rules. The Rules screen appears.
  2. Click Add a rule + > Create a new rule. The New transport rule screen appears.
  3. On the Set rule conditions page,
    1. Enter a unique name (ex. DLP Approve by Admin) for the rule in the Name field.
    2. In Apply this rule if* field:
      1. Select The message headers… from the first drop-down list.
      2. Then select matches any of these text patterns from the second drop-down list.
      3. Click Enter text. The specify header name window appears.
      4. Enter message header X-Forcepoint-DLP-Email and then click Save.
      5. Click Enter words. The specify words or phrases window appears.
      6. Enter header text DLP-Reject and then click Save.
    3. In Do the following* field:
      1. Select Forward the message for approval from the first drop-down list.
      2. Then select to the these people from the second drop-down list.
      3. In Select members pop-up, enter admin email and press Enter.
      4. Click Save.


    4. When you complete setting the Set rule conditions page, click Next.
  4. On the Set rule settings page, configure the following settings:
    1. Select Enforced as Rule mode.
    2. Select High as Severity.
    3. Tick Stop processing more rules.
    4. When you complete setting the Set rule settings page, click Next.
  5. On the Review and finish page, verify the settings and click Finish.
  6. The Transport rule created successfully message appears. Then, click Done.

    The inbound mail flow rule for the DLP Approve by Admin is created.

    Note: After creation of the mail flow rule (DLP Approve by Admin), it might take 30 minutes or more for the new rule to be applied to emails.