Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

Bulk Import Endpoint DLP Global Settings

pri2agarwalz's avatar
pri2agarwalz
Icon for Microsoft rankMicrosoft
Nov 07, 2024

In this blog, we will demonstrate how to efficiently bulk import these settings and maintain an ongoing list. 

Updating the eDLP settings can be a tedious task when managing an extensive list of Service Domains, File Path Exclusions, Unallowed apps and browsers, Unallowed Bluetooth Apps, and Network Path Exclusions. In this blog, we will demonstrate how to efficiently bulk import these settings and maintain an ongoing list. 

Pre-requisites

  • Visual Studio Code with Extension to convert csv to json. We are using the below extension in our example. 

Step 1:

Create a csv file with the required parameters and values. 

Here is a sample table with all the parameters for eDLP Global Settings: 

Setting

Value

Executable

CloudAppMode

Block

  

CloudAppRestrictionList

yahoo.com

  

CloudAppRestrictionList

hotmail.com

  

PathExclusion

/Users/*/Desktop/Folder1

  

PathExclusion

/Users/*/Desktop/Folder2

  

MacPathExclusion

/Users/*/Downloads/Folder1

  

MacPathExclusion

/Users/*/Downloads/Folder2

  

UnallowedApp

testapp1

testapp1.exe

UnallowedApp

testapp2

testapp2.exe

UnallowedBrowser

Avast Secure Browser

avastbrowser.exe

UnallowedBrowser

Firefox

firefox.exe

UnallowedBluetoothApp

bluetoothapp1

bluetoothapp1.exe

UnallowedBluetoothApp

bluetoothapp2

bluetoothapp1.exe

UnallowedCloudSyncApp

Notepad++

notepad++.exe

EvidenceStoreSettings

{
  "FileEvidenceIsEnabled": true,
  "NumberOfDaysToRetain": 30,
  "StorageAccounts": [
    {
      "Name": "Test",
      "BlobUri": "https://test.blob.windows.core.net/"
    }
  ],
  "Store": "CustomerManaged"
}

  

VPNSettings

{
  "serverAddress":
  [
    "test.vpnus.contoso.com",
    "test.vpnin.contoso.com"
  ]
}

  

serverDlpEnabled

TRUE

  

CustomBusinessJustificationNotification

1

  

MacDefaultPathExclusionsEnabled

TRUE

  

AdvancedClassificationEnabled

TRUE

  

BandwidthLimitEnabled

TRUE

  

DailyBandwidthLimitInMB

1000

  

IncludePredefinedUnallowedBluetoothApps

TRUE

  

NetworkPathEnforcementEnabled

TRUE

  

NetworkPathExclusion

\\TestShare\MyFolder

  

NetworkPathExclusion

\\TestShare\MyFolder1

  

 

You can make the necessary changes and add additional rows to add more values per setting as needed. Copy the table to a csv file, make the necessary changes, and save it.

Step 2:

Convert csv to json.

  • Open the csv file in Visual Studio Code
  • Press Ctrl + Shift + P
  • Select convert csv to json in the pop that appears.
  • A new file will be created in VS Code in JSON format

Step 3:

Remove the unwanted values.

Remove the unwanted values such as below using the Find and Replace All (Replace with blank) option in VS Code and save the file in json Format.

We have saved it as eDLPGlobalSettings.json in our case.

,

    "Executable": "\n"

 

,

    "Executable\r": "\r\n"

 

,

    "Executable\r": "\r"

 

\r

 

 

Step 4:

Validate if the value TRUE is in lower-case in the json file, if not please replace it using txt editor to lower-case and save the file.

Step 5:

Run the below command to update the eDLP Global Settings.

Sst-PolicyConfig -EndpointDlpGlobalSettings  (Get-Content -Raw ("C:\temp\eDLPGlobalSettings.json") | ConvertFrom-Json -AsHashtable)

 

Note: Set-PolicyConfig will always override the existing data hence the recommendation is to have a running csv that can be edited, converted, and imported every time.

PS: Please ensure to test it in a test environment before executing it in prod and always take a backup of the current settings before importing the new one. 

Updated Nov 06, 2024
Version 1.0
compliance management
data loss prevention
information protection and governance
microsoft 365 compliance center
microsoft information governance
microsoft information protection
microsoft purview
No CommentsBe the first to comment