Forum Discussion
DLP policy to block access to external organization however allow access for some external domains
Hi, FahadAhmed,
Thank you for posting your question here.
With Exchange-based DLP policies, you can configure an exception for your trusted domains into the conditions of your policy.
In the below image, I set the conditions to be an example of how you can configure this. Please note, to get the "NOT" option, you need to select "Add group" in the conditions builder.
Hi, FahadAhmed,
Thank you for posting your question here.
With Exchange-based DLP policies, you can configure an exception for your trusted domains into the conditions of your policy.
In the below image, I set the conditions to be an example of how you can configure this. Please note, to get the "NOT" option, you need to select "Add group" in the conditions builder.
Hello! Great question.
Teams DLP, when selected by itself, DOES allow for building an exception based on the external recipient. However, for OneDrive and SharePoint, you do not get this option. For this, I recommend considering a B2B approach for you trusted, external partners. B2B will allow better granular controls on SharePoint for allowing access to your B2B-enabled partners.
Azure AD B2B collaboration overview - Microsoft Entra | Microsoft Learn
miller34mike Hello Mike! How would you recommend blocking all other domains but our own, with the Endpoint selection enabled? Such as web app upload through Chrome or Firefox? I notice the recipient domain is also not available when Endpoint is enabled.
- When i say endpoint, I mean "devices"
