Forum Discussion
Whitelisting domain in DLP policy
- Sep 21, 2018
The article shows you how to configure conditions/exceptions, it doesn't list them all...
We've found a lot of "by design" within O365 recently of how default settings are configured but there isn't a way to set your own defaults.
We're up against the same situation for DLP rules applied to Sharepoint, Teams, and OneDrive. We have business partners who have contractual agreements, BAAs, NDAs, etc. and such that we have legitimate business justification for sharing potentially sensitive info. It would be nice to whitelist those domains once they are vetted as OK with all the proper documentation in place so our users don't have to provide a business justification on every share. Then we could block file shares for all non-approved recipients.
As we need to do now on allowing overrides, it requires so much more overhead to check all the logs/reports and read the justifications on recipients that really should be allowed.
crichmond It's a business problem that I hope will be solved in coming updates. Lots of companies have either a parent/child relationship with another company, or a "trusted partner" relationship like you're describing.
We tested using the overrides, but weren't really happy with how that works either. It's not a great user experience. Hopefully they'll enable whitelisting!