Using mail flow rules to apply OME templates – Microsoft SC-400 Certification

To create a mail flow rule that is designed to use our newly created OME template, we can either go via the Exchange Online Admin Center (EAC) or via PowerShell.

Creating a mail flow rule in EAC is realized by following the steps outlined here:

  1. Sign in to the EAC, https://outlook.office365.com/ecp/, using an account that has been granted the Exchange Service Administrator permissions.
  2. In the EAC, go to mail flow > rules and select New > Apply Office 365 Message Encryption and rights protection to messages:

Figure 6.6 – Mail flow (1), rules (2), Apply Office 365 Message Encryption and rights protection to messages (3)

Here we provide the following information to create our mail flow rule:

  1. Name: A name for the rule, to easily distinguish it in the EAC.
  2. Apply this rule if: Select the condition The recipient address includes and any of these words and add a domain that you want to use the rule for:

Figure 6.7 – The different options for creating a mail flow rule in EAC

Once we have entered a name for our rule and the external domain for which it is intended, we proceed with selecting an OME encryption template by going through these steps:

  1. Click on Select one to get a pop-up window displaying the OME templates available for encrypting email messages:

Figure 6.8 – Click on Select one… to display the OME templates available

2. Select the OME template you wish to use for encrypting the emails sent to the domain you specified when you created the rule:

Figure 6.9 – Select the desired OME template in the drop-down menu

3. In the Choose a mode for this rule: field, specify whether or not it should be enforced immediately on creation or whether it should run in Test mode with policy tips activated or deactivated:

Figure 6.10 – Select a mode for the transport rule

4. We could choose to delay the activation of the rule to a specific date. For instance, if we want our new rule to become active starting on the January 1, 2022, we specify this in the Activate this rule on the following date field:

Figure 6.11 – How to specify a date for activation of the mail flow rule

5. Once all options in the creation of the mail flow rule are taken care of, we simply click on Save to create our rule in the EAC:

Figure 6.12 – Click Save to create the mail flow rule

6. We have now created a mail flow rule that will encrypt all messages sent to the domain we specified. Well done!

To summarize this section, we have covered the way we create mail flow rules to use in conjunction with our OME templates created in the previous section.

Summary

This chapter has been all about encryption in Microsoft 365 – how it is used to secure our data in the cloud, and how we, as customers, can take advantage of these encryption settings to make sure that our email messages are safe from prying eyes, both at rest and in transit.

Up next, we have a chapter on data loss prevention and how to implement this feature to make sure that no data leakage occurs in our environment.

Section 3: Implementing Data Loss Prevention

This part of the book will focus on implementing data loss prevention within a Microsoft 365 tenant. This will include DLP policies, Microsoft Endpoint data loss prevention, and managing data loss prevention activities.

This section comprises the following chapters:

  • Chapter 7, Creating and Configuring Data Loss Prevention Policies
  • Chapter 8, Implementing and Monitoring Microsoft Endpoint Data Loss Prevention
  • Chapter 9, Managing and Monitoring Data Loss Prevention Policies and Activities

Leave a Reply

Your email address will not be published. Required fields are marked *