[CES/DLP] Email DLP (#16940)

maxvp · patriciasantaana · commit 778bbf675980 · 2024-09-26T10:52:59.000-07:00
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx
@@ -12,7 +12,7 @@ To configure allow policies:
 1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, then go to **Detection settings** > **Allow policies**.
-4. On the **Detection settings** page, select **+ Add a policy**.
+4. On the **Detection settings** page, select **Add a policy**.
 5. On the **Add an allow policy** page, enter the policy information:
    - **Input method**: Choose between **Manual input**, and **Uploading an allow policy**:
        - **Manual input**:
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/blocked-senders.mdx
@@ -12,7 +12,7 @@ To configure blocked senders:
 1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, go to **Detection settings** > **Blocked senders**.
-4. On the **Detection settings** page, select **+ Add a sender**.
+4. On the **Detection settings** page, select **Add a sender**.
 5. Select the **Input method**: Choose between **Manual input**, and **Upload blocked sender list**:
      - **Manual input**:
         - **Sender type**:
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/impersonation-registry.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/impersonation-registry.mdx
@@ -18,7 +18,7 @@ To add a user to the impersonation registry:
 1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings** > **Impersonation registry**.
-4. Select **+ Add a user**.
+4. Select **Add a user**.
 5. Select **Input method**: Choose between **Manual input**, **Upload manual list**, and **Select from existing directories**:
    - **Manual input**: Enter the following information:
        - **User info**: enter a valid **Display name**.
diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/trusted-domains.mdx
@@ -12,7 +12,7 @@ To configure a trusted domain:
 1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
 2. Select **Email Security**.
 3. Select **Settings**, go to **Detection settings** > **Trusted domains**.
-4. On the **Detection settings** page, select **+ Add a domain**.
+4. On the **Detection settings** page, select **Add a domain**.
 5. Select the **Input method**: Choose between **Manual input**, and **Upload trusted domain list**:
    - **Manual input**:
      - **Domain info**: Enter a valid domain name.
diff --git a/src/content/docs/cloudflare-one/email-security/directories/index.mdx b/src/content/docs/cloudflare-one/email-security/directories/index.mdx
@@ -12,7 +12,7 @@ To add a directory:
 1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
 2. Select **Email security**.
 3. Select **Directories**.
-4. Select **+ Add a directory** > **Manage integrations**.
-5. On the SaaS integrations page, select **+ Add integration**.
+4. Select **Add a directory** > **Manage integrations**.
+5. On the SaaS integrations page, select **Add integration**.
 
 To sync a directory, select the three dots, then select **Sync now**.
diff --git a/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx b/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx
@@ -0,0 +1,62 @@
+---
+title: Outbound Data Loss Prevention (DLP)
+pcx_content_type: how-to
+sidebar:
+  order: 6
+---
+
+:::note[Compatibility]
+Outbound DLP is only compatible with Microsoft 365.
+:::
+
+Outbound Data Loss Prevention ensures the protection of sensitive information in outbound emails with [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/policies/data-loss-prevention/). Outbound Data Loss Prevention integrates with your inbox, and it proactively monitors your email to prevent unauthorized data leaks.
+
+## Get started
+
+To begin using outbound DLP, install the Cloudflare add-in in Microsoft 365:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
+2. In **Protect sensitive data in outbound emails**, select **Get started**.
+3. Select **Download add-in** to download the Cloudflare add-in.
+4. Configure Microsoft 365 to use the Cloudflare add-in:
+   1. In the [Microsoft 365 Apps admin center](https://config.office.com/), go to **Microsoft 365 Admin Center** > **Settings** > **Integrated Apps**.
+   2. Select **Upload custom apps**. For the application type, choose _Office Add-in_.
+   3. Select **Upload manifest file (.xml) from device**.
+   4. Upload the Cloudflare add-in file.
+   5. Verify and complete the wizard.
+5. Confirm the Cloudflare add-in was configured in Microsoft 365.
+
+After configuring the Cloudflare add-in in Microsoft 365, you can select **Add a policy** to create an [outbound DLP policy](#create-an-outbound-policy).
+
+:::note
+The Cloudflare add-in can take up to 24 hours to propagate after install.
+:::
+
+## Create an outbound policy
+
+An outbound policy allows you to control outbound email flow.
+
+To create an outbound DLP policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Email Security** > **Outbound DLP**.
+2. Select **Add a policy**.
+3. Name your policy.
+4. Build an expression to match specific email traffic. For example, you can create a policy that blocks outbound emails containing identifying numbers:
+
+   | Selector            | Operator | Value                                                     | Logic | Action |
+   | ------------------- | -------- | --------------------------------------------------------- | ----- | ------ |
+   | Recipient email     | not in   | `example.com`                                             | And   | Block  |
+   | Matched DLP profile | in       | _Social Security, Insurance, Tax, and Identifier Numbers_ |       |        |
+
+5. (Optional) Choose whether to use the default block message or a custom message.
+6. Select **Create policy**.
+
+After creating your policy, you can modify or reorder your policies in **Email Security** > **Outbound DLP**.
+
+### Selectors
+
+| Selector            | Description                                                                                                                |
+| ------------------- | -------------------------------------------------------------------------------------------------------------------------- |
+| Recipient email     | The intended recipient of an outbound email.                                                                               |
+| Email sender        | The user in your organization sending an email.                                                                            |
+| Matched DLP profile | The [DLP profile](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/) that content of an email matches upon scan. |
diff --git a/src/content/docs/cloudflare-one/email-security/setup/api-deployment/office365-api.mdx b/src/content/docs/cloudflare-one/email-security/setup/api-deployment/office365-api.mdx
@@ -55,7 +55,7 @@ To connect new domains:
 2. Select **Zero Trust**.
 3. Select **Email security**.
 4. Select **Settings**.
-5. On the **Integrated domains** page, select **+ Connect a domain**.
+5. On the **Integrated domains** page, select **Connect a domain**.
 6. Select the domains you want Email Security to scan.
 7. Select **Save**.
 
