How to control data spillage in Office 365 Dedicated/ITAR
This article describes how to remove an email message, or an attachment to an email message, from one or more mailboxes in Microsoft Office 365 Dedicated/ITAR in an urgent situation.
Note If a user unknowingly sends or forwards an email message that contains sensitive information or information that may have serious business consequences, this is known as data spillage. This is generally an urgent situation where you must remove the email message as quickly as possible.
BackgroundMany customers categorize their company data according to the kind of information that the data contains. For example:
- High Business Impact
- Low Business Impact
- A user leaks the information.
- A system is not secure or is prone to the spread of sensitive information.
Customer preparednessIncidents of data spillage may occur at any time. Therefore, you should be prepared to deal with these incidents immediately. You should identify and document the steps that the organization follows in spillage scenarios to access, identify, and delete data. To do this, make sure that you can do the following:
- Understand the available options for each available tool.
- Identify the administrators or people who have access to each tool. Or, document the process to enable the appropriate people to make a request for access quickly.
Available toolsThe tools that are described in this section are available for self-service operations and require membership to specific security groups.
- Message tracing
Use message tracing to track messages as they pass through the Exchange Online or Exchange Online Protection (EOP) service. Message tracing helps you determine whether a targeted email message is received, rejected, deferred, or delivered by the service. Message tracing also shows what events have occurred on the message before the message reaches its final status.
- Multi-mailbox search
Exchange Online lets customers search the contents of mailboxes across an organization by using a web-based interface. Administrators or compliance and security personnel who have the appropriate permissions can search email messages, attachments, calendar appointments, tasks, contacts, and other items across mailboxes and archives. Rich filtering capabilities include sender, receiver, message type, send/receive date, and carbon copy/blind carbon copy, together with the Keyword Query Language syntax. Search results also include items in the Deleted Items folder if they match the search query.
- Search and delete
You can use the Compliance Search feature in Office 365 to search for and remove an email message from all mailboxes in your organization. Compliance and security personnel who have the appropriate permissions can use PowerShell to search for and destroy data. This includes email messages, attachments, appointments, tasks, and contacts.
- Transport rules
Administrators can use Exchange transport rules to search for specific conditions in messages that pass through organizations and to take action on them. These rules are taken on messages "in-transit" or "in-flight" before they are delivered. This is a valuable tool that can be used to prevent or contain a spill, or that can be used when a spill is occurring. For example, if the data spill involves one or more attachments that are sent through an email message, you can create a transport rule to block and delete all messages that contain the attachment (or attachments).
Article ID: 2811786 - Last Review: 04/27/2016 23:03:00 - Revision: 2.0
Microsoft Business Productivity Online Dedicated, Microsoft Business Productivity Online Suite Federal
- vkbportal226 KB2811786