Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

DLP Rule for Exchange using ExceptIfRecipientDomainIs not working any more

Brass Contributor

Hello,

 

we had setup a DLP Rule for Exchange workloads that only allows sending to specific external recipients in a list we provide via populating the ExceptIfRecipientDomainIs attribute.

 

This has been working fine until a few days back, when suddenly the rule was failing to apply on end users (domain is listed in the Rule's ExceptIfRecipientDomainIs) and email gets blocked.

 

I then realized that the attribute is not populated anymore via Powershell and comes back empty!

 

(Get-DlpComplianceRule -Identity "DLPRULE").ExceptIfRecipientDomainIs

 At the same time, the Rule on the compliance.microsoft.com portal shows up properly with the domains in question.

 

AlexandrosAP_0-1685440055444.png

 

I then noticed that those domains now only appear under the AdvancedRule attribute only.

 

(Get-DlpComplianceRule -Identity "DLPRULE") | select -expand advancedrule

 

So it seems there has been some change in DLP rules by the compliance team at Microsoft?

 

 

2 Replies

I have opened a Premier support ticket with Microsoft and it is true, that this is not working anymore. 

Waiting on the escalation team.

 

I also posted here.

 

@AlexandrosAP Did you ever find a resolution to this? I am encountering the same behavior (modifying ExceptIfRecipientDomainIs via PowerShell does nothing and the existing domains in Purview are listed in AdvancedRule) and was wondering if you found a solution.