To inspect outbound SMTP email traffic from a sanctioned application like Microsoft Exchange Online for data loss, the correct Real-time Protection policy type is "Email Outbound". This policy is specifically designed to intercept and apply controls, such as Data Loss Prevention (DLP) scanning for Personal Health Information (PHI), to emails being sent from the configured cloud service to external recipients. The policy allows administrators to define conditions based on the email source, destination, and content, and then apply a DLP profile to enforce the desired action.

A. Web Access policy: This policy type is used for inspecting and controlling user activities over HTTP/HTTPS web traffic, not for SMTP email traffic.

C. CTEP policy: Cloud Threat and Error Protection (CTEP) is a Cloud Security Posture Management (CSPM) feature that identifies cloud service misconfigurations, not for real-time inspection of data within emails.

D. DLP policy: While the goal is to use DLP, "DLP policy" refers to the creation of DLP rules and profiles. These profiles are then applied to a real-time enforcement policy, such as an "Email Outbound" policy, to be effective.

1. Netskope Official Documentation

"Real-time Protection Policies": The documentation outlines the different types of Real-time Protection policies. It specifies that "Email Outbound" policies are used to "monitor and control outbound emails sent from sanctioned enterprise SaaS apps." This directly matches the scenario of scanning emails from Exchange Online. (Accessed via Netskope's official documentation portal

docs.netskope.com

under the "Policies > Real-time Protection" section).

2. Netskope Official Documentation

"Create a Real-time Protection Policy": This guide details the steps for policy creation. When creating a new policy for data in motion

the first step is to select the traffic type. For SMTP

the designated type is "Email Outbound". The guide then explains how to add a DLP profile to this policy under the "Action" settings. (Accessed via docs.netskope.com

specific instructions are found in the "Create a Real-time Protection Policy" workflow).

3. Netskope Official Documentation

"SaaS API Data Protection Prerequisites": While discussing API protection

this document helps differentiate traffic types. It clarifies that real-time inspection of email traffic (SMTP) requires a Real-time Protection policy

specifically "Email Outbound

" distinct from API-based introspection of data-at-rest. (Accessed via docs.netskope.com

under the "SaaS Security Posture Management > SaaS API Data Protection" section).