In this blog, we will demonstrate how to efficiently bulk import these settings and maintain an ongoing list.Â
Updating the eDLP settings can be a tedious task when managing an extensive list of Service Domains, File Path Exclusions, Unallowed apps and browsers, Unallowed Bluetooth Apps, and Network Path Exclusions. In this blog, we will demonstrate how to efficiently bulk import these settings and maintain an ongoing list.
Pre-requisites
- Visual Studio Code with Extension to convert csv to json. We are using the below extension in our example.
Step 1:
Create a csv file with the required parameters and values.
Here is a sample table with all the parameters for eDLP Global Settings:
Setting |
Value |
Executable |
CloudAppMode |
Block |
|
CloudAppRestrictionList |
yahoo.com |
|
CloudAppRestrictionList |
hotmail.com |
|
PathExclusion |
/Users/*/Desktop/Folder1 |
|
PathExclusion |
/Users/*/Desktop/Folder2 |
|
MacPathExclusion |
/Users/*/Downloads/Folder1 |
|
MacPathExclusion |
/Users/*/Downloads/Folder2 |
|
UnallowedApp |
testapp1 |
testapp1.exe |
UnallowedApp |
testapp2 |
testapp2.exe |
UnallowedBrowser |
Avast Secure Browser |
avastbrowser.exe |
UnallowedBrowser |
Firefox |
firefox.exe |
UnallowedBluetoothApp |
bluetoothapp1 |
bluetoothapp1.exe |
UnallowedBluetoothApp |
bluetoothapp2 |
bluetoothapp1.exe |
UnallowedCloudSyncApp |
Notepad++ |
notepad++.exe |
EvidenceStoreSettings |
{ |
|
VPNSettings |
{ |
|
serverDlpEnabled |
TRUE |
|
CustomBusinessJustificationNotification |
1 |
|
MacDefaultPathExclusionsEnabled |
TRUE |
|
AdvancedClassificationEnabled |
TRUE |
|
BandwidthLimitEnabled |
TRUE |
|
DailyBandwidthLimitInMB |
1000 |
|
IncludePredefinedUnallowedBluetoothApps |
TRUE |
|
NetworkPathEnforcementEnabled |
TRUE |
|
NetworkPathExclusion |
\\TestShare\MyFolder |
|
NetworkPathExclusion |
\\TestShare\MyFolder1 |
You can make the necessary changes and add additional rows to add more values per setting as needed. Copy the table to a csv file, make the necessary changes, and save it.
Step 2:
Convert csv to json.
- Open the csv file in Visual Studio Code
- Press Ctrl + Shift + P
- Select convert csv to json in the pop that appears.
- A new file will be created in VS Code in JSON format
Step 3:
Remove the unwanted values.
Remove the unwanted values such as below using the Find and Replace All (Replace with blank) option in VS Code and save the file in json Format.
We have saved it as eDLPGlobalSettings.json in our case.
,
"Executable": "\n"
,
"Executable\r": "\r\n"
,
"Executable\r": "\r"
\r
Step 4:
Validate if the value TRUE is in lower-case in the json file, if not please replace it using txt editor to lower-case and save the file.
Step 5:
Run the below command to update the eDLP Global Settings.
Sst-PolicyConfig -EndpointDlpGlobalSettings (Get-Content -Raw ("C:\temp\eDLPGlobalSettings.json") | ConvertFrom-Json -AsHashtable)
Note: Set-PolicyConfig will always override the existing data hence the recommendation is to have a running csv that can be edited, converted, and imported every time.
PS: Please ensure to test it in a test environment before executing it in prod and always take a backup of the current settings before importing the new one.