Forum Discussion

Pekka Karppinen's avatar
Pekka Karppinen
Copper Contributor
Sep 20, 2018
Solved

Whitelisting domain in DLP policy

Does anyone know, if there is any way to whitelist a domain in DLP policy? The problem is that we are sharing documents from SPO site to a trusted partner domain and don't want to get the DLP warnin...
data loss prevention
microsoft 365
  • VasilMichev's avatar
    VasilMichev
    Sep 21, 2018

    The article shows you how to configure conditions/exceptions, it doesn't list them all...

Pekka Karppinen's avatar
Pekka Karppinen
Copper Contributor
Sep 21, 2018

I didn't find any mention about recipient domain exception in the article? Only thing I could find about exceptions is Exchange Online Transport rules, but my problem is with Sharepoint content so when sharing from Sharepoint is there way to whitelist domain that you share documents from Sharepoint?

VasilMichev's avatar
VasilMichev
MVP
Sep 21, 2018

The article shows you how to configure conditions/exceptions, it doesn't list them all...

  • Pslager's avatar
    Pslager
    Copper Contributor
    Jul 07, 2021

    VasilMichev no you are incorrect there is no setting for this.  

    • Shikhar Raj's avatar
      Shikhar Raj
      Icon for Microsoft rankMicrosoft
      Dec 09, 2021

      Please try creating a separate DLP Policy just for exchange Online and then you can have all the different exclusions you will need.

      • Jean-Christophe_VD1070's avatar
        Jean-Christophe_VD1070
        Copper Contributor
        Sep 01, 2022
        Are there new updates on this topic ? In large companies, the option to manage whitelists by exceptions can lead to management nightmares. Large companies work with hundreds or thousands of external partners. Ideal situation would be to be able to automate feeding of whitelisted domains with external consolidated list and just have a role in the organization completing a mapping between some sensitive info type and the associated vendors. Management of such thing in each rule /policy individually is not a sustainable model in large organsiations.
  • Adrienne Almeida's avatar
    Adrienne Almeida
    Copper Contributor
    Jul 18, 2019

    VasilMichev I'm curious to see if anyone has answered this successfully yet. Currently, you can't add a domain exception ("recipient domain is..." for SharePoint or OneDrive. It only works for exchange. We have a very similar business case where we need our parent company to be excluded from certain DLP policies that protect us from sharing "internal only" content with external users. 

    • Expiscornovus's avatar
      Expiscornovus
      Iron Contributor
      Jul 22, 2019

      Adrienne Almeida, I am also interested if there is a solution/workaround for the domain exception across different products and not only Exchange.

      • Adrienne Almeida's avatar
        Adrienne Almeida
        Copper Contributor
        Jul 22, 2019

        Expiscornovus  We haven't found one yet, other than allowing users to override policies. I spoke with MS support, and this is by design. 

         

        Right now, we're planning to give users the option to override the policy to share with our parent company, and apply some custom auditing (through scripting) to make sure folks are following the rules. 

Resources