Configuring API scan for Calendar and Mail

For Google Workspace and Microsoft 365, you can scan emails and calendar for visibility into sensitive content (both text within the subject/body or attachments).

Following the instructions to scan the data and log the files in the API logs.

Steps

  1. On the Microsoft 365 and Google Workspace apps, under Cloud Email and calendar, click the green plus icon to add a new policy for generating an alert.


  2. Select which user the policy applies to (all scanned users or specific user groups). You add more than one group with And/Or criteria.
  3. Set the condition you want to alert on with the same And/Or criteria.
    • Status: If the file was identified as being shared or marked as matching a DLP data pattern.
    • Data Pattern: If the file matched a specific data pattern.
    • From: Matching the specific user that sent the email.
    • To/CC/BCC: Matching the specific person(s) the email was sent to.
    • DLP Match Location: If the data pattern matched in the subject/body or as an attachment.
    • Type: Separates based on if the match was made in an email or calendar.
    • Email Folder: Can match on a default created folder that the email resides under - Inbox, Sent, Draft, Spam.
      Note: Email folder detection will match on the highest folder within the hierarchy (if an email is detected in a custom folder within the Inbox, the email folder identified will be "Inbox").
  4. Select if a violation of the policy will alert the admin or notify the user.
  5. Under the Notifications section, send an email to either the owner or to a specific group that you have configured.
  6. On the Cloud Email & Calendar Policy dialog, click Ok.
  7. On the Policies page, click Save.