Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

DLP Rule for Exchange using ExceptIfRecipientDomainIs not working any more

Brass Contributor



we had setup a DLP Rule for Exchange workloads that only allows sending to specific external recipients in a list we provide via populating the ExceptIfRecipientDomainIs attribute.


This has been working fine until a few days back, when suddenly the rule was failing to apply on end users (domain is listed in the Rule's ExceptIfRecipientDomainIs) and email gets blocked.


I then realized that the attribute is not populated anymore via Powershell and comes back empty!


(Get-DlpComplianceRule -Identity "DLPRULE").ExceptIfRecipientDomainIs

 At the same time, the Rule on the portal shows up properly with the domains in question.




I then noticed that those domains now only appear under the AdvancedRule attribute only.


(Get-DlpComplianceRule -Identity "DLPRULE") | select -expand advancedrule


So it seems there has been some change in DLP rules by the compliance team at Microsoft?



2 Replies

I have opened a Premier support ticket with Microsoft and it is true, that this is not working anymore. 

Waiting on the escalation team.


I also posted here.


@AlexandrosAP Did you ever find a resolution to this? I am encountering the same behavior (modifying ExceptIfRecipientDomainIs via PowerShell does nothing and the existing domains in Purview are listed in AdvancedRule) and was wondering if you found a solution.