Introduction
Email is a common medium through which sensitive information is shared. Egnyte offers an Exchange Online connector to find sensitive content in emails and attachments.
Once Exchange Online is added, customers will be able to see email threads with any sensitive emails or attachments based on built-in or custom classification policies they have enabled in Secure & Govern.
How to Add Exchange Online as a Source
To add Exchange Online as a source, follow the steps below:
- In Egnyte Secure & Govern, go to Settings > Content Sources. In case Microsoft/Office 365 has not yet been added as a source, go to step 2. Otherwise, go to step 3.
- Choose the option to add a new cloud content source and select the Microsoft option. The option to add Exchange Online appears as an additional step during the setup process. During this step, privileges are requested for the application to access email content across all users.
Congratulations - Microsoft/Office 365 with Exchange Online has been successfully added as a source. -
Open the source details for the existing Microsoft source. The option to Configure Exchange Online appears as a sub-source in addition to OneDrive and SharePoint Online. Click on it.
-
Provide a name for the source and credentials. These can be the same credentials used to connect OneDrive / SharePoint Online sources. The list of application permissions will also be provided.
Sensitive Content in Emails
After adding Exchange Online as a Content source, emails and matches that meet enabled classification criteria will be displayed in the Sensitive Content tab in Secure & Govern.
Sensitive emails appear under a new source with the label specified during setup. Sensitive matches are grouped by the thread they appear in and a folder denoting the month that the first message in the thread was sent. Threads incorporate all the messages, replies, and forwards that stem from a single email.
Opening a thread displays one or more emails identified as containing sensitive content. An email is considered sensitive if there is sensitive information within the body of the email or any attachments. When viewing sensitive matches for emails, results are split across an Email and Attachments tab.
Remediation Options for Sensitive Content in Emails
When reviewing sensitive content in emails, users have the option to delete emails with unpermitted sensitive content within the email body or attachments. Deleted emails are sent to the Recoverable Items location in Exchange after which they are purged based on settings within Exchange Online. To delete emails with unpermitted sensitive content choose Manage > Delete email or attachements in the Sensitive Content Details section when a sensitive content location is selected.
Notable Behaviors and Limitations
- Proactive whitelisting is not yet supported for email sources. However, policies for specific threads can be whitelisted from the Sensitive Content View.
- A subset of email addresses cannot be excluded from classification from Secure & Govern. All emails that can be read using the access level provided by the admin account are classified.
- Only Secure & Govern admins may view Sensitive matches for emails - this will soon extend to non-admin users with the role-based privilege to see all sensitive content results.
- For policies that detect email addresses (for example; GDPR), email addresses are not considered sensitive if they appear within an email body to avoid triggering every email as a policy match. However, email addresses within attachments are considered sensitive and will trigger a policy match.
- When running a Subject Access Request and using email as an identifier, the user may see email results in cases where the email address appears in from, to, cc, or bcc headers.
Learn more about Exchange Online Email Classification by watching a Quick Tip on Egnyte University: Exchange Online Email Classification