Netskope Global Technical Success (GTS)
Netskope and Office 365: A Seamless Approach to Releasing Quarantined Emails
Netskope Cloud Version - 120
Objective
Releasing of Quarantined email using Netskope Email DLP Solution with O365 Email Service
Prerequisite
Netskope Email DLP for O365 License is required
Context
This article describes how to configure Email Release for Quarantined sensitive emails with O365 Email Service along with required SMTP Configurations
Do You Know?
When you configure Netskope SMTP Proxy with Microsoft O365 Exchange, all outgoing emails from Microsoft O365 Exchange are sent to Netskope SMTP Proxy for policy evaluation.
If manager approval is required for an email, it can be quarantined using the SMTP header injected by Netskope (for a quarantine action, the SMTP header is X-Netskope-Action: Quarantine) and the email will be forwarded to the manager assigned in the Transport Rule
Below are the actions on basis of Manager’s decision:
- Manager approves the email - Email will be transferred to the recipient
- Manager rejects the email - Email will get blocked and the User gets notified about the message rejection by manager
- No decision made by manager within 2 days - Email will be returned to Sender notifying that ‘The message has been returned to the sender because no decision was made’
Configuration
Step 1: Ensure that Inbound & Outbound connector is correctly configured in Microsoft Exchange following the below articles:
Configure Netskope SMTP Proxy with Microsoft O365 Exchange - Link
Send Traffic from Netskope back to Exchange - Link
Step 2: You also need to ensure that below Transport rule is configured in Microsoft Exchange so that email traffic that has been inspected by Netskope and sent to Exchange is not resent to Netskope causing an infinite loop. The rule checks for 'x-netskope-inspected: true' in the SMTP header.
To configure the same: Login to your Microsoft Exchange Portal.
- Go to Mail Flow > Rules > Add New Rule
- Add the Rule like below with message header as X-Netskope-Inspected: true
Step 3: Now configure a Transport Rule in O365 Exchange for Manager Workflow so that the Quarantined Email will be sent to manager for the approval.
To configure the same: Login to your Microsoft Exchange Portal.
- Go to Mail Flow > Rules > Add New Rule
- Add the Rule like below with message header as X-Netskope-Action: Quarantine
Kindly note: You can also choose to forward the message to a specific people or to sender’s manager. Here, the rule is chosen for the specific people.
Step 4: Now configure the DLP Policy in Netskope Tenant UI. Here, choose the Action as ‘Add SMTP Header’ and specify the header value as X-Netskope-Action: Quarantine
For this Use Case, DLP-PII Predefined DLP Profile is used.
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection
Verification
Attempt to send an email containing PII data to an external domain recipient. The email should get quarantined by O365 based on the injected SMTP header, and the email will be forwarded to the manager as specified in Transport Rule.
Manager gets the below notification for message approval.
Scenario 1: Manager approves the email
The Sender will receive the confirmation as above stating that ‘The sender responded Approve’
Scenario 2: Manager rejects the email
The Sender will receive the confirmation as above stating that ‘Your message was rejected by a moderator for these recipients’
Scenario 3: Manager takes no action on email
Within 2 days of no decision, Message returns back to the Sender with the above notification.
Terms and Condition
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
