Messaging policy and compliance in Exchange Online Protection
Microsoft Exchange Online Protection (EOP) provides messaging policy and compliance features that can help you manage your email data.
Looking for information about all EOP features? See the Exchange Online Protection service description.
Mail flow rules
Mail flow rules (also known as transport rules) provide you with the flexibility to apply your own company-specific policies to email. Mail flow rules are made up of flexible criteria, which allow you to define conditions, exceptions, and actions to take based on the criteria. For more information, see Mail flow rules (transport rules) in Exchange Online Protection.
Audit logging lets you track specific changes made by administrators to your organization. These reports help you meet regulatory, compliance, and litigation requirements. For more information, see Auditing reports in EOP.
Data loss prevention (DLP)
Not available to EOP standalone customers. Data loss prevention (DLP) helps you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP is increasingly important for enterprise message systems because business-critical email includes sensitive data that needs to be protected. The DLP feature lets you protect sensitive data without affecting worker productivity.
You can configure DLP policies in the EAC, which allows you to:
Start with a pre-configured policy template that can help you detect specific types of sensitive information such as PCI-DSS data, Gramm-Leach-Bliley act data, or even locale-specific personally identifiable information (PII).
Use the full power of existing mail flow rule criteria and actions and add new mail flow rules.
Test the effectiveness of your DLP policies before fully enforcing them.
Incorporate your own custom DLP policy templates and sensitive information types.
Detect sensitive information in message attachments, body text, or subject lines and adjust the confidence level at which the service takes action.
Detect sensitive form data by using Document Fingerprinting. Document Fingerprinting helps you easily create custom sensitive information types based on text-based forms that you can use to define mail flow rules and DLP policies.
Add Policy Tips, which can help reduce data loss by displaying a notice to your Outlook 2013, Outlook on the web, and OWA for Devices users and can also improve the effectiveness of your policies by allowing false-positive reporting.
Review incident data in DLP reports or add your own specific reports by using a generate incident report action.
DLP policies are applied only to mail that passes in or out of the organization. Intra-organizational (internal) mail does not have DLP policies applied unless you run Exchange Server 2013 with DLP on-premises. This also applies to DLP policy tips, which inform users about potential policy violations before sensitive data is mistakenly sent to unauthorized recipients.
To learn more about DLP, see Data loss prevention in Exchange Online.
Office 365 Message Encryption
Office 365 Message Encryption, a part of Azure Information Protection, is an online service that allows email users to send encrypted email messages to anyone. On-premises customers can access Office 365 Message Encryption by purchasing Azure Information Protection and using Exchange Online Protection to set up mail flow through Exchange Online. To learn more about Office 365 Message Encryption in Exchange Online, see Office 365 Message Encryption in the Exchange Online service description.
Messaging policy and compliance features across EOP options
|Feature||EOP standalone||EOP features in
CAL with Services
|Mail flow rules||Yes1||Yes1||Yes1, 3|
|Data loss prevention (DLP)||No||Yes||Yes3|
|Office 365 Message Encryption||Yes4||Yes||Yes4|
1 The available mail flow rule conditions, exceptions, and actions differ slightly between EOP and Exchange Online. These differences are noted in Mail flow rule conditions and exceptions (predicates) in Exchange Online and Mail flow rule actions in Exchange Online.
2 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
3 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
4 Supported for on-premises customers who purchase the Azure Information Protection add-on and use Exchange Online Protection to route email through Exchange Online. For the desktop experience, in addition to the Azure Information Protection add-on, Microsoft 365 Apps for enterprise needs to be purchased.