Prior to DLP in Microsoft 365 compliance center, most organizations protected data using the transport rules aka mail flow rules created in Exchange admin center. You can use transport rules to identify and act on messages that flow through the Exchange Online organization. With the evolution of a centralized console for all the workloads, it’s recommended to move the existing Exchange admin center-DLP policies to DLP in Microsoft 365 Compliance Center. To learn more about Data loss prevention, please refer DLP.
Advantages of migrating to Compliance Center:
Why now?
With the rich experience of Microsoft compliance portal and for easy maintenance of all the DLP policies across workloads at a common place, it's advisable to migrate all the legacy ETR(EAC-DLP) policies into Microsoft Compliance portal (DLP-EXO). We plan to deprecate the EAC-DLP experience in Exchange admin center between April-June 2022. Hence, this is the right time to re-validate the existing legacy rules, consolidate, and rationalize, and migrate to Unified console. To help in migrating the EAC-DLP policies, we are providing a migration wizard which will bring over the policies to Microsoft 365 compliance center.
Migration Process & Playbook:
To fast up the migration process, we have an in-built Wizard within the compliance portal, that will help to migrate all the policies in a simple flow of few clicks. The entire process has been explained in the Playbook. Please view the playbook at aka.ms/mipc/oss
The attached Playbook helps in identifying the activities in each of the below phases along with insights and best practices.
In summary, this playbook will help to:
For more up-to-date information, please refer to the documentation here.
Frequently asked questions:
No changes planned for mail flow rules. Only Exchange DLP will be deprecated (Dates, yet to announce)
No. The migration wizard only creates new policies in Compliance Center.
You can choose to disable the Exchange policies using the wizard or independently
Migration wizard banner will be displayed only if you have active Exchange DLP policies
Check details in the migration report to understand the root cause. Make required edits in Exchange policy and retry migration using the wizard
Yes. As soon as, the results are satisfied, make the EAC-DLP rules to disable state.
This is expected in case both Exchange and Microsoft365 DLP policies are in enabled state
Create a separate mail flow rule for conditions like SCLOver which are not supported in Unified DLP (Microsoft 365 DLP), remove the unsupported condition from the transport rule and perform the migration.
If policies are enforced in both Exchange and Microsoft365 DLP, please refer to this document to understand the expected behavior
Additional Resources
Join Microsoft Information Protection Preview ring
Microsoft Information Protection Tech Communities
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.