About
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure.
Assumptions:
- Completed Virtru Hosted gateway installation prerequisites
- Using the Virtru 365 Add-in
- Note: This is NOT a supported feature with our legacy Desktop only extension
(Example)
- Mail Encryption Trigger:
- Sender is Inside the Organization
- Recipient is Outside the Organization
- Mail Flow: Office 365 > Gateway > Final Delivery
- Authorization
- X-Virtru-Auth: 00000000000000000000 (Virtru provided)
Note
The Authorization Header is specific to your organization and will be provided to you by Virtru.
Jump To:
Diagram of Standard Mailflow
Create Send Connector
Create Transport Rule
Create Virtru Encryption Rule
Diagram of Standard Mailflow
Create Send Connector
1. Login into the Admin Console - https://admin.exchange.microsoft.com/
3. Click on the “Mail flow” dropdown and select “Connectors”
4. Click “Add Connector”
- From: Office 365
- To: Partner Organization
5. Name the Connector - e.g. Virtru Hosted Gateway Outbound
- Enter a description (Optional)
6. When to use this connector
- Only when I have a transport rule setup that redirects message to this connector
7. How do you want to route email messages
- Route email through these smart hosts
- smtp.virtrugateway.com
8. How should Office 365 connect to your partner organization's email server
- Always use TLS
- Issued by a trusted certificate authority (CA)
9. Validate Connector
- Connector may need to be validated
- The connector test message may fail since the Auth header is not in place yet, this is ok
Create Transport Rule
Optional but recommended
Before enabling this rule in production we recommend scoping this rule to a specific OU/Group/subset of users for testing before rolling out to everyone.
1. Navigate to the Mail Flow Section
2. Navigate to the Rules Tab
Add New Rule
Enter Rule Details
- Name
- Hosted Gateway DLP outbound
- Conditions
- The Sender is located: Inside the organization
- The Recipient is located: Outside the organization
- The Message headers Matches [A-Za-z0-9+/=]{10,}
- Actions
- Add Header
- Name: X-Virtru-Auth
- Value: <Virtru Provided>
- Use the following connector: Virtru Hosted Gateway Outbound
- Add Header
- Exceptions
- If Header Exists
- Name: X-Virtru-Gateway-Version
- Value: saas
- If Header Exists
Diagram
Set rule settings to match your policy
Click review and Finish.
Create Virtru Encryption Rule
Once the message is routed to the Virtru Hosted Gateway, a Virtru DLP Rule must be created and enabled to evaluate the message and encrypt. For this feature the specific rule must be created to look for the specific X-Virtru-Policy-Options header that the add-in will create that includes the encryption policy information.
- As a Virtru admin navigate to your control center rules page here
- Scroll to the bottom to create a new custom rule
- Basic conditions
- Example Name: Encryption Control feature for Outlook Add-In
- If: SMTP header contains X-Virtru-Policy-Options
-
Then: Encrypt Email
To create additional DLP rules please follow this LINK to our general control center documentation.