This guide takes you through the configuration steps you need to complete to begin using the Zscaler Outbound Email Data Loss Prevention (DLP) for your organization. Because Zscaler Outbound Email DLP uses Zscaler DLP tools to monitor and prevent the leakage of sensitive data in outbound email content sent to external domains, Zscaler recommends reading the following articles before you begin configuring your outbound email policy.

• About Data Loss Prevention
• About DLP Dictionaries
• Understanding Predefined DLP Dictionaries
• About DLP Engines
• About Zscaler Incident Receiver
• What Is Workflow Automation?

Configuring Zscaler Outbound Email DLP

To configure Zscaler Outbound Email DLP, complete the following steps:

• Step 1: Complete Prerequisite Tasks

  To enable granular user management, ensure you have onboarded users for your organization in the ZIA Admin Portal. To learn more, see Adding Users.

  Close
• Step 2: Configure Domains

  Ensure that the domains you intend to use in your outbound email policy are set up in your Company Profile. To learn more, see About the Company Profile.

  Close
• Step 3: Add Email Tenants

  Adding an email tenant is the first step in setting up an outbound email policy. You can use the tenants you create to configure an outbound email policy that protects your organization from data loss by monitoring and taking action on sensitive data that end users include in outbound emails sent to external domains. Adding an email tenant allows the Zscaler service to act as a smart host where your email service can send emails for content inspection.

  To learn more, see Adding Email Tenants.

  Close
• Step 4: Configure Your Email Server to Connect to the Zscaler Smart Host

  To allow the Zscaler service to process and take action on email content, you must configure your Gmail or Exchange server with connectors and rules with optional custom headers.

  To learn more, see Configuring Microsoft Exchange for Zscaler Outbound Email DLP and Configuring Gmail for Zscaler Outbound Email DLP.

  Close
• Step 5: Configure Email Profiles (Including Domain Profiles and Recipient Profiles)

  Email profiles, which consist of domain profiles and recipient profiles, give you the flexibility to apply policy actions to specific domains, users, groups, and departments.

  To learn more, see Adding Email Profiles.

  Close
• Step 6: Configure Outbound Email Policy Rules

  You can use Zscaler's DLP engines to detect data, allow or block transactions, or add a custom header when an email triggers an outbound email policy rule. If you don't use Zscaler DLP engines, the service functions instead as a filter, only flagging content based on specific criteria.

  Based on how your rules are configured, the Zscaler service adds headers to emails that trigger outbound email policy rules, and your email server uses those headers for enforcement. If you select an action of Allow or Block on your policy rule, the Zscaler service adds a default header. You can also add custom headers that you have defined on your email server to take a custom action on emails that trigger policy rules.

  To learn more, see Configuring Outbound Email Policy Rules.

  Close
• (Optional) Step 7: Use Zscaler Workflow Automation to Manage and Resolve Incidents

  If you configured an Incident Receiver as part of your outbound email policy rules, you can integrate it with Workflow Automation to capture and remediate incidents generated by policy violations. To learn more, see About Incidents.

  Close
• (Optional) Step 8: Configure NSS Feeds

  You can configure Nanolog Streaming Service (NSS) feeds to specify the data from the Zscaler Outbound Email DLP Policy logs that the NSS sends to your security information and event management (SIEM) system. To learn more, see Adding NSS Feeds for Email DLP Logs.

  Close
• Step 9: Monitor Activity with Dashboards and Reports

  You can use Zscaler Outbound Email DLP Policy reports and logs to gain visibility and insight into your organization's outbound email activity. Specifically, dashboard or report widgets, or charts on an Insights page allow you to work with DLP data types and filters to define the outbound email policy information that you want to view.

  To learn more, see About the Email Security Report and Email DLP Data Types and Filters.

  Close