Use Case 3: DLP quarantine

This use case is designed to route the emails with DLP X-Header response “DLP reject” to quarantine. Currently, this use case is supported using header “DLP-Reject”. In a future release, DLP X-Header response “DLP-Quarantine” will be introduced.

Steps

  1. In Microsoft Exchange admin center page, navigate to Mail flow > Rules. The Rules screen appears.
  2. Click Add a rule + > Create a new rule. The New transport rule screen appears.
  3. On the Set rule conditions page,
    1. Enter a unique name (ex. DLP Quarantine) for the rule in the Name field.
    2. In Apply this rule if* field:
      1. Select The message headers… from the first drop-down list.
      2. Then select matches any of these text patterns from the second drop-down list.
      3. Click Enter text. The specify header name window appears.
      4. Enter message header X-Forcepoint-DLP-Email and then click Save.
      5. Click Enter words. The specify words or phrases window appears.
      6. Enter header text DLP-Reject and then click Save.
    3. In Do the following* field:
      1. Select Redirect the message to from the first drop-down list.
      2. Then select hosted quarantine from the second drop-down list.


    4. When you complete setting the Set rule conditions page, click Next.
  4. On the Set rule settings page, configure the following settings:
    1. Select Enforced as Rule mode.
    2. Select High in Severity.
    3. Tick Stop processing more rules.
    4. When you complete setting the Set rule settings page, click Next.
  5. On the Review and finish page, verify the settings and click Finish.
  6. The Transport rule created successfully message appears. Then, click Done.

    The inbound mail flow rule for the DLP Quarantine is created.

    Note: After creation of the mail flow rule (DLP Quarantine), it might take 30 minutes or more for the new rule to be applied to emails.