Introduction

Email is a common medium through which sensitive information is shared. Egnyte is in the process of rolling out a beta version of an Exchange Online connector to find sensitive content in emails and attachments.

For a limited time, customers may participate in a beta program to add Exchange Online as a source to find sensitive data in emails and attachments. Customers will be able to see email threads with any sensitive emails or attachments based on built-in or custom classification policies they have enabled in Secure & Govern.

 

How to add Exchange Online as a source

To add Exchange Online as a source, follow the steps below:

  1. To start, you need to ensure the Exchange Online admin account you are using has impersonate rights. Follow the steps below (see screenshot for reference) to set this up:
    a. Open the Exchange Admin center and click on the permissions option.
    b. Go to the admin roles tab
    c. Choose the '+' option to add a new admin role (you may also edit an existing role).
    d. In the role details, add the ApplicationImpersonation role.
    e. Add the admin user you will use to authorize Exchange Online classification as a member and save. You are now ready to add Exchange Online as a source for content classification.

    admin.png

  2. In Egnyte Secure & Govern, go to Settings > Content Sources. If you haven't already added Microsoft/Office 365 as a source, go to step 3. Otherwise, go to step 4.

  3. Choose the option to add a new cloud content source and select the Microsoft option. If you are part of the beta program, you will see the option to add Exchange Online as an additional step during the setup process (use the account given ApplicationImpersonation privileges from step 1). You will be asked to assign privileges for our application to read email content from all users. Note that you are not required to select the option to enable this privilege for all users.

    Congratulations - you've successfully added Microsoft/Office 365 with Exchange Online as a source.

  4. Open the source details for your existing source. If you are part of the beta program, you will see the option to Configure Exchange Online, which appears as a sub-source in addition to OneDrive and SharePoint Online. Ensure you use the account which was given ApplicationImpersonation privileges from step 1.

    configure.png

    Congratulations - you've successfully added Exchange Online as a source.

Sensitive Content in Emails

After adding Exchange Online as a Content source, you can see emails and matches that meet enabled classification criteria from the Sensitive Content tab in Secure & Govern.

Sensitive emails appear under a new source with the label you specified during setup. Sensitive matches are grouped by the thread they appear in and a folder denoting the month that the first message in the thread was sent. Threads incorporate all the messages, replies, and forwards that stem from a single email.

threads.png
Sensitive threads are grouped by the month in which they were started in the Sensitive Content view.

When you open a thread, you will see one or more emails that contain sensitive content in that thread. An email is considered sensitive if there is sensitive information within the body of the email or any attachments. When viewing sensitive matches for emails, results are split across an 'Email' and 'Attachments' tab.

results.png
Sensitive content is found within an email's content and attachments

 

Notable Behaviors and Limitations

  • During the beta phase of email classification, classified email content will not be counted toward total content under protection.
  • It is currently not possible to re-authorize an instance of Exchange Online after it is added. To re-authenticate, you must first remove the existing Exchange online source in the Microsoft/Office 365 source details view before authorizing a new one.
  • Proactive whitelisting is not supported for email sources. However, you can whitelist policies for specific threads from the Sensitive Content View.
  • You cannot exclude a subset of email addresses from classification from Secure & Govern. All emails that can be read using the access level provided by the admin account are classified.
  • Only Secure & Govern admins may view Sensitive matches for emails - this will soon extend to non-admin users with the role-based privilege to see all sensitive content results.
  • For policies which detect email addresses (eg. GDPR), email addresses are not considered sensitive if they appear within an email body to avoid triggering every email as a policy match. However, email addresses within attachments are considered sensitive and will trigger a policy match.
  • When running a Subject Access Request and using email as an identifier, you may see email results in cases where the email address appears in from, to, cc, or bcc headers.