Skip to main content

AD_4nXfumCVnQEbTL7-Vz5qnDf5FsvJvN1KuY3bbRIdKKYDk4w8e-UdIJyv0GeK1HhV1ZfnHzomTjHNRZXUG4KN8VmehRjj3XvW5ZG7Pw-tqA_OKjO_bh0u0sS5_bgx2gP1BoWdgj8qj5S-6vTbF-Fx4T1DgsEXF?key=ZOM-IdImQyho_Esj3XwT1g

Netskope Global Technical Success (GTS)

Utilizing Netskope DLP to Block/Detect Sensitive Email Sharing in O365

 

Netskope Cloud Version - 119

 

Objective

Block sharing of sensitive email using Netskope Email DLP Solution with O365 Email Service

 

Prerequisite

Netskope Email DLP for O365 License is required

 

Context

This article describes how to block sensitive emails with O365 Email Service along with required SMTP Configurations

 

Do You Know?

  • When you configure Netskope SMTP Proxy with Microsoft O365 Exchange, all outgoing emails from Microsoft O365 Exchange are sent to Netskope SMTP Proxy for policy evaluation.
  • If the Netskope SMTP Proxy detects a violation of the DLP policy, it inserts an SMTP header (for a Block action, the SMTP header is X-Netskope-Action: Block) and forwards the message back to Exchange for further processing based on the injected SMTP header.
  • Exchange will read the injected SMTP header and execute the corresponding action based on its value.

 

Configuration

Step 1: Ensure that Inbound & Outbound connector is correctly configured in Microsoft Exchange following the below articles:

  • Configure Netskope SMTP Proxy with Microsoft O365 Exchange - Link
  • Send Traffic from Netskope back to Exchange - Link

 

Step 2: You also need to ensure that below Transport rule is configured in Microsoft Exchange so that email traffic that has been inspected by Netskope and sent to Exchange is not resent to Netskope causing an infinite loop. The rule checks for 'x-netskope-inspected: true' in the SMTP header.

To configure the same: Login to your Microsoft Exchange Portal.

  • Go to Mail Flow > Rules > Add New Rule
  • Add the Rule like below with message header as X-Netskope-Inspected: true

 

AD_4nXcm0teoh1oK0aGIwqyLs7t6EpRC8vYXsv_W20AJZcHfLrLB9x_XmwjxwJaGdlz-0PH6EPtmjcC09AR9KJp9HjRFKaB4Hlg4pn3IUDshB9-zGCrX9ySFigG5Fz9Q19PWd98m8EZNqX46uj-k1yYREE4F1GAY?key=ZOM-IdImQyho_Esj3XwT1g

 

Step 3: Now configure a Transport Rule in O365 Exchange for Blocking in case of DLP violation and notify the end user.

To configure the same: Login to your Microsoft Exchange Portal.

Go to Mail Flow > Rules > Add New Rule

Add the Rule like below with message header as X-Netskope-Action: Block

 

AD_4nXchZYpD-037HmaEEV-CwBYYCHNGpgjhB526UTMC9Y4-4VYR_-3BKjblpffow4acAm2tB68WabJrKP_EFlPlqfnb-Z_KvaqSYQR0W6vb4wVRkvM0RgrGODTRz2HrP3BQzOOKhncfzn5xJ7V5yy3oFWqMrsKU?key=ZOM-IdImQyho_Esj3XwT1g

 

Step 4: Now configure the DLP Policy in Netskope Tenant UI. Here, choose the Action as ‘Add SMTP Header’ and specify the header value as X-Netskope-Action: Block

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection

For this Use Case, DLP-PII Predefined DLP Profile is used

AD_4nXcdZ9emMPviTeldvXsLRPpKO-al64fiIDf_30FVDVtmCkdyYzE9ujyF_W3YzDhHbv4Avdcki3zv2gcPltEkHtVM21xtccpSVq9O918C__yN_QrPKXApw3b8M-7WeqaLfi8Vj2Y4Oe5LFfJ1Hypss4Bs1xs?key=ZOM-IdImQyho_Esj3XwT1g

 

Verification

Attempt to send an email containing PII data to an external domain recipient. The email should be blocked by O365 based on the injected SMTP header, and the user should receive a notification email with the reason labeled as 'DLP Rejection'.

AD_4nXdXY1wSjPEavcb2c0JNho76hQn_2FDIw_BHuFvZP1P_wI4GRUnBcivhsZvlS6LY0OeH2ZeEMVJIi9lYSjbBX7wQ-FhR_KyV9a7NDWdP9xwcryCk8NfrQGF68Fr5BeSTZWuH8-GYv42gbIO_0zRKO1cRHdk?key=ZOM-IdImQyho_Esj3XwT1g

 

AD_4nXepGjr7TP6Ds-ZUq5Gv0bXhZ9pur46vU5-0cUQT3xf6R_rPONLIyR2ZTcgG_MWCfo0O5k9ssVWVbNIXD20ojJ0aZ7pued09Aew0UE4FMpOjgwhiAM4JvGs4dCR8Q1kTmBWJ_YzWtNYg86AwzL6HrqNjYJym?key=ZOM-IdImQyho_Esj3XwT1g

 

Verify the DLP violated Incident at Netskope Tenant UI. Note that the action taken by the Netskope SMTP Proxy is 'add_headers' rather than 'Block,' as Netskope only injects the header, with further actions being handled by O365.

Path: Netskope Tenant UI >>> Incidents >>> DLP

AD_4nXcUJLUX7nXRhPEVBlQW1NhuhUTi0Vt7dP-yODfQevJgWnQT-hcxf12kQHLkdRsg0v-Ctd3qaIhP_1u1GU20x47MKS0UhkCK1xPVBLRWb4daDI1XDIGuxuxJU5Z8P8uWJey1__gp8AqrdxcZwD7PfHAcwIdd?key=ZOM-IdImQyho_Esj3XwT1g

 

Terms and Condition

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.