Article ID: 2645012 - View products that this article applies to.
This article describes how to create a policy for a group of users in a stand-alone Microsoft Forefront Online Protection for Exchange (FOPE) environment.
When you create a policy for a domain in FOPE, the policy applies to all the users in the domain. There is no option that is available in the FOPE Administration Center to apply a policy to specific users. However, in certain scenarios, you may want to create a policy that applies only to a group of users.
For example, your company has two departments, Sales and Purchase. Management wants all email messages that are sent by the Purchase department that contain the word "invoice" in the subject line to be encrypted. However, the Sales department also uses the word "invoice" in the subject line. Email messages that are sent by the Sales department that contain the word "invoice" in the subject line should not be encrypted.
This article discusses how to use virtual domains in FOPE to create a policy that applies only to specific users in the domain.
Important This article applies only to customers who use FOPE in a stand-alone environment. This article does not apply to customers who use FOPE as part of Microsoft Office 365. Office 365 customers cannot create virtual domains.
Important After a domain is configured as a virtual domain, it cannot be reconfigured as a non-virtual domain.
Virtual domainsVirtual domains are used to apply specific settings to a subset of users in a domain. A virtual domain is formatted like a subdomain and can have its own filtering settings and configurations. The domain to which the virtual domain belongs is called its "parent domain." The virtual domain is not an actual DNS mail domain, and it is used for internal configuration purposes only. For example, for a parent domain that is called contoso.com, you can create a virtual domain that is called marketing.contoso.com.
You can create virtual domains in FOPE to provide different filtering settings for a particular group of users. Virtual domains enable you to apply different configuration settings to users who belong to the same domain. After you create a virtual domain, you can upload a subset of users who belong to the parent domain and then associate them to the virtual domain to customize service settings for that group of users. Users who are assigned to the virtual domain will use the domain settings that are set for the virtual domain.
To create a virtual domain, upload the required users to the virtual domain, and then apply the specific policy to the group of users.
Step 1: Create a virtual domain
Step 2: Create a list of users in a CSV file and upload the CSV file to the FOPE Administration CenterTo associate user accounts with a virtual domain through the FOPE Administration Center, create a CSV file by using Microsoft Excel, and then upload the file to the FOPE Administration Center. The file should contain a list of user names and other information. Make sure that you specify the target virtual domain in the Choose the virtual domain as this is for user grouping drop-down list to associate the users with the virtual domain.
To create a list of users as a CSV file, follow these steps:
To import the CSV file to the FOPE Administration Center, follow these steps:
Step 3: Apply the policyYou have created a group of users and listed them in a specific domain (virtual domain). Because this is a separate domain, you can now create separate policy rules and apply the rules only to this virtual domain. Because the scope of these rules is limited only to this virtual domain, other users in the parent domain are not affected. External and internal users will continue to send email messages to the previous email addresses and will not be aware that these users have moved to a virtual domain.
Note If a user who is associated with the virtual domain has multiple proxy addresses, only the proxy addresses that belong to the parent domain will have the virtual domain settings applied to them.
For more information about virtual and parent domains in FOPE, visit the following Microsoft website: