Applies to: Exchange Server 2013, Exchange Online

Topic Last Modified: 2012-10-04

You can use data loss prevention (DLP) policy templates to get started with your DLP solution in Microsoft Exchange Server 2013. A DLP policy template is a model for a policy. You can select a template to begin the process of building your own customized DLP policy. Within your DLP policy, you can customize the rules to ensure that it meets your business needs for data loss prevention. Several policy templates are supplied by Microsoft, but these are not the only way to implement a data loss prevention solution in Exchange.

Looking for management tasks related to DLP policy templates? See DLP Procedures.

Contents

Extend the templates and information types to meet your needs

Import DLP policy templates from Microsoft Partners

Create your own new DLP policy template

Include DLP functionality with existing transport rules

Use DLP policies created by Microsoft

For more information

Extend the templates and information types to meet your needs

You can incorporate sensitive-content definitions and policy templates from Microsoft Partners or from files that you develop yourself as an addition to the DLP policy templates, information types, and rules already provided in Exchange 2013. Presented here are several ways in which you can add your own unique DLP content and extend DLP functionality. The templates already provided by Microsoft are a convenient method to get started with a DLP solution. In order to extend the DLP features with your own unique DLP policy template files, you must understand the XML schema requirements for policy templates that are created independent of Exchange. To learn more about the Exchange Management Shell cmdlets associated with DLP policy templates, see cmdlets related to Get-DlpPolicyTemplate in Messaging Policy and Compliance Cmdlets. Furthermore, you can define your own sensitive content types after you understand the format and procedure to incorporate them. To learn more about the Exchange Management Shell cmdlets associated with DLP policy templates, see cmdlets related to Get-ClassificationRuleCollection in Messaging Policy and Compliance Cmdlets.

Caution:
You should enable your DLP policies in test mode before enforcing them in your production environment. During such tests, it’s recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results.

Import DLP policy templates from Microsoft Partners

You can use policies within your Exchange environment that have been created by companies for this specific purpose. Policies that you import into your Exchange Server must adhere to a specific XML schema that is defined by Microsoft. Once you have obtained such a policy template file, you can use the DLP import feature to add it to your system and begin scanning messages with the rules of that policy. To get started with this, see the following information:

Create your own new DLP policy template or your own sensitive information types in a classification rule package

You can create a DLP policy template file apart from Exchange that meets the specific XML schema definition provided by Microsoft and then import the file into your system so that you can create DLP policies from it. By creating your own template files, you can define your own model for DLP policies that Microsoft has not already provided. This is different than creating a DLP policy by using the Exchange Administration Center, which typically happens after policy templates are available. If you create a policy template independent of Exchange, you will need to import it before you can use it to scan messages. You can also create your own sensitive information definitions apart from those defined by Microsoft in Exchange. There is a separate XML schema definition for DLP policy template files and classification rule packages. To get started with this, see the following information:

Include DLP functionality with existing transport rules

You can incorporate DLP detection capabilities with traditional transport rules without creating a new DLP policy. If you have created a complex set of rules in a previous version of Exchange, and you want to duplicate them or add sensitive information detection in Exchange 2013, then you can use the transport rules editor in the Exchange Administration Center or the Exchange management shell to incorporate these two features. To get started with this, see the following information:

Use DLP policies created by Microsoft

Numerous DLP policies are supplied by Microsoft. This is the easiest way to get started with a DLP solution that is flexible and simple to implement. You can always use the provided policies as a starting point and customize them further to meet your requirements. To get started with this, see the following information:

For more information