Define a Policy Based Encryption Essentials policy
Article ID: 169842
Updated On:
Products
Issue/Introduction
Policy Based Encryption Essentials (PBE Essentials) is closely integrated with Email Data Protection (Data Protection). When an outbound email meets the criteria you define in a Data Protection policy, encryption is triggered. The emails that trigger the policy are redirected to a specific email address, which routes the email through the encryption infrastructure and on to the recipient.
Two PBE Essentials templates are available in the Email Data Protection policy list to help you create custom policies for your organization. Each policy is a set of rules that are designed to analyze your organization's email and encrypt any email that matches the predefined conditions. You are not required to use a template to create a policy, but the templates provide relevant default settings to help you maintain consistency. For example, the templates have the recipient group condition and the redirect to administrator address included as defaults. You configure your policies to encrypt those emails that meet specific criteria. The criteria are trigger keywords or phrases that the sender types into the body of an email. For example, you can set up a policy that encrypts any emails that include the word "encrypted". Other triggers for a policy might include number sequences that appear to be credit card numbers, or particular product or project names. If the Email Encryption Add-In for Microsoft Outlook is configured in your organization, your users can also insert headers into their email to trigger encryption.
Resolution
Table: Policy Based Encryption Essentials Templates
|
Template Name and Redirect to Administrator Email Address |
Description and Actions |
|---|---|
|
PBE Essentials Trigger Template (EU) |
The recipient receives the original message in an encrypted PDF attachment. This template is set to look for a specific keyword within the subject, email body, attachments, or the header inserted by the Email Encryption Add-In of email sent from your organization. Apply To: Outbound Email Only Execute If: All rules are met Action: Redirect to administrator (check the box to stop the evaluation of lower priority policies) Notification: Use settings as defined on Email Data Protection Settings page |
|
PBE Essentials Trigger Template (US) |
The recipient receives the original message in an encrypted PDF attachment. This template is set to look for a specific keyword within the subject, email body, attachments, or the header inserted by the Email Encryption Add-In of email sent from your organization. Apply To: Outbound Email Only Execute If: All rules are met Action: Redirect to administrator (check the box to stop the evaluation of lower priority policies) Notification: Use settings as defined on Email Data Protection Settings page |
|
Legacy Policy Based Encryption E and Policy Based Encryption Z templates are available in the portal for use by existing customers of those services. If you are a Policy Based Encryption E customer who is interested in using Policy Based Encryption Advanced functionality, speak to your Support Representative about updating your organization's existing encryption profile. Policy Based Encryption Essentials customers can only use the Policy Based Encryption Essentials templates. |
To define an encryption policy from a template
-
Select Services > Email Services > Data Protection.
-
Click the New Policy from Template option.
-
Select the appropriate PBE Essentials template from the list and click Create. A new PBE Essentials policy is created at the bottom of your policy list. You may need to adjust the number of policies shown to display your newly created PBE Essentials policy in the list, or you can manually navigate to the end of the list.
-
Click on the newly created policy name to open it. You can modify the name of the policy if required. The policy will already have the default setting of Outbound mail only applied, and the default action is Redirect to Administrator.
-
Ensure that you are using the correct template, and then double-check the policy is using the correct redirect address.
-
The first rule in a PBE Essentials template policy is a Recipient Group rule. Note that all PBE Essentials policies require a recipient group rule to be triggered. By default, the Recipient Group rule in a PBE Essentials template is configured to trigger if the message recipient does not match an address in the "Default PBE Recipient Group". By default, the default group contains "[email protected]", so as long as [email protected] is not a recipient of the message, the rule will always be triggered. This setup works for almost all configurations and therefore rarely needs to be modified.
-
The PBE Essentials templates contain two additional rules by default that are used to help identify messages containing sensitive data. The first rule looks for common keywords that may be found in messages that customers may want to be encrypted. Examples of these keywords are "confidential", "sensitive", and "encrypt". The second such rule looks for headers that are found in a message if the sender has flagged the message for encryption using the Email Encryption Add-In. These rules can be left in place, or you can remove them and create your own new rules to identify messages with sensitive data.
-
Once your PBE Essentials policy is finalized, click the Save button in the bottom right hand corner of the page. Once saved, you can move the policy to where you want it positioned in your policy list. Note that you must activate the policy by clicking the Activate link in the far right hand column. Once activated, your policy will typically be in effect in 30-60 minutes.
More Information:
Introduction to Policy Based Encryption Essentials
Enforce TLS inbound and outbound for Policy Based Encryption
Install the Email Encryption Add-In for Policy Based Encryption Essentials
FAQs on Policy Based Encryption Essentials and Policy Based Encryption Advanced
Feedback
