Whitelisting a Domain in DLP Policy with PowerShell
Mohamed Hussien
Cloud Solutions Architect | Enterprise Mobility & Security | Microsoft 365 | 5x Azure | Infrastructure Lead | System Administrator | Technical Support
Introduction
Data Loss Prevention (DLP) policies are essential for safeguarding sensitive information within an organization. However, there are scenarios where you may need to exempt certain trusted domains from DLP policies to avoid unnecessary warnings. This guide demonstrates how to whitelist a domain in a DLP policy using PowerShell, as this functionality may not be available through the GUI.
Scenario:
You have a DLP policy in place to monitor and prevent sensitive content from being shared outside your organization. However, you want to exempt specific trusted partner domains from triggering DLP warnings when documents are shared with them.
Solution:
To whitelist a domain in a DLP policy, you can use PowerShell commands to modify the DLP policy and add exceptions based on recipient domains. Follow the steps below:
Step 1: Install Required PowerShell Modules
Ensure you have the necessary PowerShell modules installed to interact with Microsoft 365 services. You can install them with the following commands:
Install-Module ExchangeOnlineManagement
Step 2: Connect to Microsoft 365 Services
Connect to the Microsoft 365 services, including Exchange Online and the Office 365 Security & Compliance Center, using PowerShell:
Connect-ExchangeOnline
Connect-IPPSSession
领英推荐
Step 3: List DLP Policies
List all the existing DLP policies to identify the one you want to modify:
Step 4: Modify the DLP Policy
Use the Set-DlpComplianceRule cmdlet to add an exception for specific recipient domains in the DLP policy. Replace "Rule name" with the name of your DLP Rule and "xyz.com, ABC.com" with the domains you want to exempt. The following command illustrates how to do this:
Set-DlpComplianceRule -Identity "Rule Name" -ExceptIfRecipientDomainIs "xyz.com, ABC.com"
Note: Ensure that you provide the full name of the DLP policy in place of "Policy name".
Conclusion: Whitelisting a domain in a DLP policy using PowerShell allows you to exempt trusted partner domains from triggering DLP warnings when sharing documents. This approach provides fine-grained control over your DLP policies, ensuring that sensitive information remains protected while allowing for necessary exceptions.
By following the steps outlined in this guide, you can effectively manage your DLP policies and ensure that they align with your organization's security requirements.
Thanks,
Mohamed Rabea
Sr. Microsoft Consultant
+201023113355
M365 Technical Team Lead | Microsoft MCSE, MCSA, MCP, AWS SAA Cloud Enginer
1 年Hej Mohamed. Great article, very helpfull for me. When I create a custom DLP policy in the M365 portal, the policy does not include the Exceptions option. How can I enable it? When I start creating a policy with the GDPR Enhanced template, it includes exception options. What does it depend on?
Thanks for this article. Just FYI, I got an error on the domains and ended up splitting them up like this, -ExceptIfRecipientDomainIs "abc.com", "xyz.com"
Cloud Solution Architect | Cloud Security | CCSK | MCP | CCNA | ITIL | Azure | Office 365| PRINCE2?Practitioner | ISO/IEC 27001:2022 | Technology Consulting | Golden Visa Holder
1 年this is for endpoint dlp settings or for o365 exchange online dlp