Messaging policy and compliance in Exchange Online Protection

Microsoft Exchange Online Protection (EOP) provides messaging policy and compliance features that can help you manage your email data.

Looking for information about all EOP features? See the Exchange Online Protection service description.

Mail flow rules

Mail flow rules (also known as transport rules) provide you with the flexibility to apply your own company-specific policies to email. Mail flow rules are made up of flexible criteria, which allow you to define conditions, exceptions, and actions to take based on the criteria. For more information, see Mail flow rules (transport rules) in Exchange Online Protection.

Audit logging

Audit logging lets you track specific changes made by administrators to your organization. These reports help you meet regulatory, compliance, and litigation requirements. For more information, see Auditing reports in EOP.

Microsoft Purview Data Loss Prevention

Not available to EOP standalone customers. Data loss prevention (DLP) helps you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP is increasingly important for enterprise message systems because business-critical email includes sensitive data that needs to be protected. The DLP feature lets you protect sensitive data without affecting worker productivity.

You can configure DLP policies in the EAC, which allows you to:

  • Start with a pre-configured policy template that can help you detect specific types of sensitive information such as PCI-DSS data, Gramm-Leach-Bliley act data, or even locale-specific personally identifiable information (PII).

  • Use the full power of existing mail flow rule criteria and actions and add new mail flow rules.

  • Test the effectiveness of your DLP policies before fully enforcing them.

  • Incorporate your own custom DLP policy templates and sensitive information types.

  • Detect sensitive information in message attachments, body text, or subject lines and adjust the confidence level at which the service takes action.

  • Detect sensitive form data by using Document Fingerprinting. Document Fingerprinting helps you easily create custom sensitive information types based on text-based forms that you can use to define mail flow rules and DLP policies.

  • Add Policy Tips, which can help reduce data loss by displaying a notice to your Outlook 2013, Outlook on the web, and OWA for Devices users and can also improve the effectiveness of your policies by allowing false-positive reporting.

  • Review incident data in DLP reports or add your own specific reports by using a generate incident report action.


DLP policies are applied only to mail that passes in or out of the organization. Intra-organizational (internal) mail does not have DLP policies applied unless you run Exchange Server 2013 with DLP on-premises. This also applies to DLP policy tips, which inform users about potential policy violations before sensitive data is mistakenly sent to unauthorized recipients.

To learn more about DLP, see Data loss prevention (DLP) in Exchange Online.

Microsoft Purview Message Encryption

Microsoft Purview Message Encryption, a part of Azure Information Protection, is an online service that allows email users to send encrypted email messages to anyone. On-premises customers can access Microsoft Purview Message Encryption by purchasing Azure Information Protection and using Exchange Online Protection to set up mail flow through Exchange Online. To learn more about Microsoft Purview Message Encryption in Exchange Online, see Microsoft Purview Message Encryption in the Exchange Online service description.

Messaging policy and compliance features across EOP options

Feature EOP standalone EOP features in
Exchange Online
Exchange Enterprise
CAL with Services
Mail flow rules Yes1 Yes1 Yes1, 3
Audit logging Yes2 Yes Yes
Data loss prevention (DLP) No Yes Yes3
Microsoft Purview Message Encryption Yes4 Yes Yes4


1 The available mail flow rule conditions, exceptions, and actions differ slightly between EOP and Exchange Online. These differences are noted in Mail flow rule conditions and exceptions (predicates) in Exchange Online and Mail flow rule actions in Exchange Online.
2 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
3 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
4 Supported for on-premises customers who purchase the Azure Information Protection add-on and use Exchange Online Protection to route email through Exchange Online. For the desktop experience, in addition to the Azure Information Protection add-on, Microsoft 365 Apps for enterprise needs to be purchased.