Exchange Online Protection Data Loss Prevention

To help protect ECU information and avoid the accidental breach of sensitive data, Microsoft's Exchange Online Protection (EOP) tool includes a Data Loss Prevention (DLP) component.

DLP scans outgoing email for certain "markers." For example, DLP may flag digits formatted like a social security number (xxx-xx-xxxx) or a long string of numbers near a date that could indicate a credit card number. Since DLP cannot read the message but only filters for certain formatting, you must make the final decision for encryption. No one is reading your email.

Encrypted messages are delivered straight to the recipients while unencrypted messages sent outside the ECU network are checked against the sensitivity markers. If the message meets certain criteria, the following happens:

  1. High Sensitivity. Messages are encrypted and delivered. Senders are reminded of the encryption policy through an email.

  2. Low Sensitivity. Sensitive messages are delivered unencrypted. Again, senders are reminded of the encryption policy through an email.
Here is what all users sending sensitive information should do:
  1. Encrypt emails containing sensitive data addressed to non-ECU users by typing [ sendsecure] in the subject line or setting the Confidential tag. See the email encryption page for exact instructions with screen shots.

  2. Make sure that sensitive pdf files have Optical Character Recognition (OCR) applied to make the text searchable. Images cannot be read by the DLP filter.
For more information on sensitive data at ECU, see these websites:
Email Encryption:
Sensitive Data:
Sensitive Data Storage:
Social Security Numbers:
FERPA policy:
Payment Card Industry (PCI):