Forum Discussion

Afsar_Shariff's avatar
Afsar_Shariff
Brass Contributor
Jun 14, 2023

Does DLP policy rule allows to group the recipient domains?

Hello Everyone,

 

In Microsoft DLP, we have condition called  "Recipient domain is". It allows us to add individual domain. However, is it possible to group the domains so that it will be easier to manage this list in multiple DLP rules from one place.

 

Regards

Afsar

 

  • Hi Afsar_Shariff 

     

    If possible, it may be best to keep an excel file of approved domains in this scenario. You could use powershell to ingest the list of domains and create the policy.

     

    To create a DLP policy scoped to Exchange Online with the condition "recipient domain is" and ingest the approved domains from an Excel sheet, you can use PowerShell and the Microsoft 365 Security & Compliance module. Here's an example script:

     

    # Install the required module if not already installed
    Install-Module -Name ExchangeOnlineManagement
    
    # Import the Excel sheet containing the approved domains
    $excelPath = "C:\Path\to\ApprovedDomains.xlsx"
    $approvedDomains = Import-Excel -Path $excelPath | Select-Object -ExpandProperty 'Domain'
    
    # Connect to Microsoft 365 Security & Compliance module
    Connect-IPPSSession
    
    # Create the DLP policy with the specified condition
    $policyName = "Exchange DLP Policy"
    $policyCondition = New-DataLossPreventionRuleCondition -RecipientDomainMemberOf -Domains $approvedDomains
    $policyAction = New-DataLossPreventionRuleAction -NotifyUser -UserNotifyMethod Email -UserNotifyRecipients "email address removed for privacy reasons"
    New-DataLossPreventionRule -Name $policyName -Service Exchange -Condition $policyCondition -Action $policyAction
    
    # Disconnect from the module
    Disconnect-IPPSSession

     

    Make sure to replace the placeholder paths and email address with the appropriate values for your environment. The script uses the `Install-Module` command to install the `ExchangeOnlineManagement` module if it's not already installed. Then it imports the Excel sheet using `Import-Excel`, selecting the 'Domain' column from the sheet.

    Next, it connects to the Microsoft 365 Security & Compliance module using `Connect-IPPSSession`. The script creates a DLP policy with the specified name, condition, and action. In this case, the condition is set to "recipient domain is" using `New-DataLossPreventionRuleCondition` with the approved domains from the Excel sheet. The action is set to notify the user via email using `New-DataLossPreventionRuleAction`. Finally, the script creates the DLP rule using `New-DataLossPreventionRule`.

     

    After the policy is created, the script disconnects from the module using `Disconnect-IPPSSession`.

    Please note that this script assumes you have the necessary permissions to connect to the Microsoft 365 Security & Compliance module and create DLP policies.

  • Hi Afsar_Shariff 

     

    If possible, it may be best to keep an excel file of approved domains in this scenario. You could use powershell to ingest the list of domains and create the policy.

     

    To create a DLP policy scoped to Exchange Online with the condition "recipient domain is" and ingest the approved domains from an Excel sheet, you can use PowerShell and the Microsoft 365 Security & Compliance module. Here's an example script:

     

    # Install the required module if not already installed
    Install-Module -Name ExchangeOnlineManagement
    
    # Import the Excel sheet containing the approved domains
    $excelPath = "C:\Path\to\ApprovedDomains.xlsx"
    $approvedDomains = Import-Excel -Path $excelPath | Select-Object -ExpandProperty 'Domain'
    
    # Connect to Microsoft 365 Security & Compliance module
    Connect-IPPSSession
    
    # Create the DLP policy with the specified condition
    $policyName = "Exchange DLP Policy"
    $policyCondition = New-DataLossPreventionRuleCondition -RecipientDomainMemberOf -Domains $approvedDomains
    $policyAction = New-DataLossPreventionRuleAction -NotifyUser -UserNotifyMethod Email -UserNotifyRecipients "email address removed for privacy reasons"
    New-DataLossPreventionRule -Name $policyName -Service Exchange -Condition $policyCondition -Action $policyAction
    
    # Disconnect from the module
    Disconnect-IPPSSession

     

    Make sure to replace the placeholder paths and email address with the appropriate values for your environment. The script uses the `Install-Module` command to install the `ExchangeOnlineManagement` module if it's not already installed. Then it imports the Excel sheet using `Import-Excel`, selecting the 'Domain' column from the sheet.

    Next, it connects to the Microsoft 365 Security & Compliance module using `Connect-IPPSSession`. The script creates a DLP policy with the specified name, condition, and action. In this case, the condition is set to "recipient domain is" using `New-DataLossPreventionRuleCondition` with the approved domains from the Excel sheet. The action is set to notify the user via email using `New-DataLossPreventionRuleAction`. Finally, the script creates the DLP rule using `New-DataLossPreventionRule`.

     

    After the policy is created, the script disconnects from the module using `Disconnect-IPPSSession`.

    Please note that this script assumes you have the necessary permissions to connect to the Microsoft 365 Security & Compliance module and create DLP policies.

Resources