Discover PII Data in Microsoft Exchange Online With Egnyte

Your organization runs on information, and much of that information is sensitive. You need consistent governance policies to protect users and data, but just protecting files is not enough. 

You also need to be able to scan your documents quickly and easily to find personally identifiable information (PII). More than three-quarters of companies have files housed in email repositories, and these often contain customer PII, health records, and other sensitive information. That information may be in attachments, or in the body of the email itself, so you need to have visibility into both. 

Egnyte can apply the same consistent classification capabilities on your Exchange Online email as it does with other documents and files types, giving you the full picture of your sensitive content. 

Why You Should Use Egnyte to Scan Emails for PII

Egnyte can be used as a stand-alone email scanning solution to discover and classify PII or it can complement other solutions by applying consistent governance policies over files and emails. 

Classification provides visibility into your compliance with various statutes, from healthcare PII and privacy regulations to financial regulations. You can also respond to Data Subject Access Requests much easier when discovery and classification is extended across email and document repositories, providing consistent results.

Finally, rather than simple string searches, Egnyte locates sensitive terms based on surrounding context. For example, it can deduce whether a string of digits is a harmless partial number or a complete Social Security number that should be protected.

How to use Egnyte to Scan Exchange Online

Egnyte is easy to use and can be set up to support Exchange Online in minutes. Follow these simple steps to start scanning your online email server for PII.

Set Policies

To begin, establish the governance policies you want Egnyte to scan against. If you already use Egnyte to look for sensitive content in other repositories, you can skip this step because those existing policies will carry over to Exchange Online.

If you’re new to Egnyte, go to the Content Configurations tab in Settings and change the switch at the top to Identify sensitive content. From there, select your region and any applicable compliance policies. 




Egnyte has built-in support for dozens of privacy laws that protect personal information, such as GDPR, and industry-specific regulations for health care, finance, U.S. Department of Defense contracts, and more. You can also set up custom policies. For example, you could add a set of keywords to flag, or search for specific kinds of PII  in document types such as loans and credit card applications.

Authorize Egnyte in Exchange Online 

Once your policies are in place, go into the Exchange Online admin center. Add the Application Impersonation role to the appropriate admin user in order to give Egnyte access permission. This authorizes the system to access the Exchange Online server to begin content classification.


Connect Exchange Online to Egnyte

Next, connect your Exchange Online instance to Egnyte. As an Egnyte Administrator, you can add Exchange Online as a “source” in the Settings menu. Sources are what Egnyte calls the various storage repositories supported on the platform, such as Google Drive, Amazon S3, and Box Storage. 

Select Microsoft from the source options, then select Exchange Online from the list of supported Microsoft applications. From there, you can enter your credentials and give the system permission to access individual mailboxes in Exchange Online. 


It’s that simple. Egnyte will immediately begin scanning the body and attachments of all emails in all folders for all your Exchange Online users. As a default setting, allow Egnyte to run all chosen policies against this Exchange Online so you are consistent across your sources. 

Start Discover PII in Emails

Egnyte will highlight sensitive content found in any mailbox in Exchange Online in the Sensitive Content tab of the Egnyte UI.  


Now you can see all emails flagged with sensitive content and what type of PII was discovered in that message thread. Threads incorporate all the messages, replies, and forwards that stem from a single email. This helps admins get a birds-eye-view of all the related messages and recipients who may be able to view this sensitive content. 

You will also receive recommendations to mitigate any issues related to PII. For example, you might receive a suggestion to delete the data or move it to a more secure folder. 

When you open a thread, you will see one or more emails that contain sensitive content. An email is considered sensitive if it contains information that is subject to any privacy or regulatory policies you have selected in Egnyte. From there, you can dig deeper to see whether PII was found inside the body of the email or within the attachment for more granular analysis about how the data is being shared.

Shield Sensitive Data

For an additional layer of protection for your customers and users, you can hide PII during analysis.



Just turn on Privacy Mode and all sensitive content matches will be redacted. Text surrounding matches in spreadsheets will also be hidden.

It’s that simple. Once you’re set up, you can quickly and easily locate sensitive data, find files, and simplify your compliance and audit responses. 


Get started with Egnyte today

Explore the best secure platform for business-critical content across clouds, apps, and devices.

Share this article
Author
David Buster

Senior Manager, Security and Governance; Product Marketing

View All Posts
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Product and Company Updates
Customer and Partner Updates
Life at Egnyte
Industry Insights