Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Skyhigh CASB for Email DLP (Passive Mode)

Perform these steps before you enable journaling in Microsoft Exchange Online.

IMPORTANT: Skyhigh CASB only accepts emails from EoL IP addresses for security reasons. If journal emails go out a third-party gateway, a connector must be configured. For assistance, contact Skyhigh CASB Support

  1. Go to Settings > Service Management.
  2. Click Add Service Instance to add an instance, or from the Services list, select the instance you want to configure. 
  3. Under API click Enable
  4. Review the prerequisites. Once you have all the information, select I have reviewed all prerequisites. Click Next.
  5. In the next screen, click Provide API Credentials
  6. Enter your O365 admin credentials. In the next screen, you will see the list of permissions you will grant to Skyhigh CASB. Review them, then click Accept.
    Your credentials are authenticated, then you will be passed back to Skyhigh CASB.
  7. Next, provide parameters to Skyhigh CASB. Click Next.
  8. In the Add Domains page, type a comma-separated list of all email domains you want to include. Click Next when you're done.
  9. When the DLP Setup screen displays, log in to Exchange Online, and set the recipient of journal reports to the Journal Mailbox displayed at the top of the page. 
  10. Return to Skyhigh CASB. The DLP Setup screen should still be open. Select the checkbox next to I have set up journaling in Exchange Online to verify that journaling is enabled in Exchange Online. If you select this option before actually enabling journaling, errors occur in Exchange.
    Email DLP DLP Setup 3.6.2.png
  11. Under Quarantine Options, you can set up a mailbox where quarantined emails are forwarded. Select Quarantine Emails and then type the mailbox where you would like to receive quarantined emails. If you don't specify an email, quarantined emails are stored in the user account associated with the Admin credentials you entered when first integrating Exchange Online. Click Next.
  12. The Summary page confirms that the setup is correct. Skyhigh CASB DLP policies are now in effect on email domains.


  • Was this article helpful?