Applies to: Exchange Server 2013, Exchange Online
Topic Last Modified: 2012-09-28
In Microsoft Exchange Server 2013, you can use data loss prevention (DLP) policy templates to help meet the messaging policy and compliance needs of your organization. These templates contain pre-built sets of rules that can help you manage message data that is associated with several common legal and regulatory requirements. To see a list of all the templates supplied by Microsoft, see DLP Policy Templates Supplied in Exchange. Example DLP templates that are supplied can help you manage:
- Gramm-Leach-Bliley Act (GLBA) data
- Payment Card Industry Data Security Standard (PCI-DSS)
- United States Personally Identifiable Information (U.S.
PII)
You can customize any of these DLP templates or use them as-is. DLP policy templates are built on top of transport rules that include new conditions or predicates and actions. DLP policies support the full range of traditional transport rules, and you can add the additional rules after a DLP policy has been established. For more information about policy templates, see DLP Policy Templates. To learn more about transport rule capabilities, see Transport Rules.
 Caution: |
|---|
| You should enable your DLP policies in test mode before running them in your production environment. During such tests, it is recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results. |
For additional management tasks related to creating a DLP policy from a template, see DLP Procedures.
What do you need to know before you begin?
- Estimated time to complete: 30 minutes
- Ensure that Exchange 2013 is setup as described in Planning and
Deployment.
- Configure both administrator and user accounts within your
organization and validate basic mail flow.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
“Data loss prevention (DLP)” entry in the Messaging Policy and
Compliance Permissions topic
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
 Tip: |
|---|
| Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |
Use the EAC to configure a DLP policy from a template
- In the EAC, navigate to Compliance management >
Data loss prevention, and then click Add
.
Note:You can also select this action if you click the arrow next to the Add
icon and select New DLP policy from template from the drop
down menu. - On the Create a new DLP policy from a template page,
complete the following fields:
- Name Add a name that will distinguish
this policy from others.
- Description Add an optional description
that summarizes this policy.
- Choose a template Select the
appropriate template to begin creating a new policy.
- More options Select the mode or state.
The new policy is not fully enabled until you specify that it
should be. The default mode for a policy is test without
notifications.
- Click Save to finish creating the policy.
- Name Add a name that will distinguish
this policy from others.
| Note: |
|---|
| In addition to the rules within a specific template, your organization may have additional expectations or company policies that apply to regulated data within your messaging environment. Exchange 2013 makes it easy for you to change the basic template in order to add actions so that your Exchange messaging environment complies with your own requirements. |
You can modify policies by editing the rules within them once the policy has been saved in your Exchange 2013 environment. An example rule change might include making specific people exempt from a policy or sending a notice and blocking message delivery if a message is found to have sensitive content. For more information about editing policies and rules, see Manage DLP Policies.
You have to navigate to the specific policy’s rule set on the Edit DLP policy page and use the tools available on that page in order to change a DLP policy you have already created in Exchange 2013.
Some policies allow the addition of rules that invoke RMS for messages. You must have RMS configured on the Exchange server before adding the actions to make use of these types of rules.
For any of the DLP policies, you can change the rules, actions, exceptions, enforcement time period or whether other rules within the policy are enforced and you can add your own custom conditions for each.