


Select Enter words, and enter MSIP_Label_0e421e6d-ea17-4fdb-8f01-93a3e71333b8_Enabled=Trueįor Do the following: Select Modify the message security > Apply Office 365 Message Encryption and rights protection > Do Not Forward, and then select OK. Select Enter text, and enter msip_labels.ī. Select More options, and then select add condition.įor and: Select A message header, and then select includes any of these words:Ī. In Name, type a name for the rule, such as Apply Do Not Forward for General emails sent externally.įor Apply this rule if: Select The recipient is located, select Outside the organization, and then select OK. In the Azure Information Protection policy, this label has been configured as the default label to classify emails as General and the label does not apply protection. Substitute your own label or sublabel GUID that you want to use with this rule. In this example, the General label has a GUID of 0e421e6d-ea17-4fdb-8f01-93a3e71333b8. Example 1: Rule that applies the Do Not Forward option to emails that are labeled General when they are sent outside the organization For more information about other conditions that you can select, see Mail flow rule conditions and exceptions (predicates) in Exchange Online. The examples have a single condition that applies protection when an email is sent outside the organization. If you have problems with the user interface when you configure your rules, try a different browser, such as Internet Explorer. In the Exchange admin center: mail flow > rules > + > Create a new rule. In the Microsoft 365 admin center, choose Admin centers > Exchange. In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Microsoft 365. Example configurationsįor the following examples, create a new mail flow rule by using the following steps:
#Setup azure information protection office 365 how to#
Mail flow rules do not support inspecting the metadata for PDF documents.īefore you configure mail flow rules to identify messages and documents that are labeled, make sure that you know the GUID of the Azure Information Protection label that you want to use.įor more information about the metadata stored by a label and how to identify label GUIDs, see Label information stored in emails and documents. Prerequisite: Know your label GUIDīecause an Azure Information Protection label is stored in metadata, mail flow rules in Exchange Online can read this information for messages and Office document attachments. For more information about configuring mail flow rules, see Mail flow rules (transport rules) in Exchange Online from the Exchange Online documentation.įor more information about configuring mail flow rules to encrypt email messages, see Define mail flow rules to encrypt email messages in Microsoft 365 from the Office documentation. You can extend these examples as well as modify them. For example, an email message that has been protected by Do Not Forward cannot be changed by an Exchange mail flow rule to use the encrypt-only option. Mail flow rules that apply protection as an action are ignored if the email is already protected. If an attachment with a Confidential \ Partners label is emailed to people outside the organization and the email is not protected, apply the additional encrypt-only protection action. For emails with this label that are sent externally, apply the additional Do Not Forward protection action.

Your default label is General, which does not apply protection. Use the following information to help you configure mail flow rules in Exchange Online to use Azure Information Protection labels, and to apply additional protection for specific scenarios. For the unified labeling client, see Learn about sensitivity labels and DLP labels from the Microsoft 365 documentation. Relevant for: Azure Information Protection classic client for Windows. Configuring Exchange Online mail flow rules for Azure Information Protection labelsĪpplies to: Azure Information Protection, Office 365
