Email Clients Monitoring and Visibility

Email may be used as an easy exfiltration point for important data from your company. For example, employees might send confidential information via email clients, send attachments with important documents or images, or save attachments with sensitive information to their computer and later exfiltrate it. ObserveIT Email Monitoring provides visibility into this important exit point by monitoring emails sent from your email client, files attached to emails and attachments saved from emails.

Supported Versions

The following email clients are supported:

Microsoft Outlook for Windows: From Outlook version 2016 to 2019 (32 and 64 bit), Outlook 2013 - 32 bit only, Outlook O365 (32 and 64 bit)
Microsoft Outlook for Mac: From Outlook version 2016 to 2019 Outlook 365
Apple Mail: From version 10.12

Email Diary

From the Email Diary you can review and filter emails monitored to help you detect and investigate sensitive data exfiltration from your company's email client.

Email Diary information is viewed from the Email Activity View.

Microsoft Outlook for Windows, Microsoft Outlook for Mac and Apple Mail App are supported.

When using Microsoft Outlook API, a short delay may occur before full email monitoring starts. The delay of a few seconds is due to the time required b Microsoft Outlook API to establish communication.

To enable email monitoring, see Email Monitoring Settings.

Email Monitoring Policies

By default, when Email Monitoring is enabled, all emails sent via an email client, any files attached to an email, and any attachments saved from an email are monitored. To use Email Monitoring efficiently, you may choose to monitor specific email activity, such as emails sent to recipients outside your company via your email client or emails sent with attachments only.

Email Monitoring Policies let you define which emails you want to monitor. Email monitoring can be defined by one or more of the following:

Email events: Monitor specific event types - sending emails via an email client, attaching files to your email client, and saving attachments.
Recipient's email domain: Monitor emails by recipient domains you define as trusted/untrusted.
Sender: Monitor emails only if sent by specific users.

Email Alerts

You can define alerts so that you are notified when one or more of the following occurs:

Suspicious emails are sent
Files are exfiltrated by sending them via email
Sensitive attachment files are saved from an email that is received
A file is saved from an email client

You can fine tune these alerts. For details, see Email - Did What .