Share via

Data Loss Prevention - Bulk Domain Exceptions

Anonymous
2022-01-04T21:08:47+00:00

I have multiple Data Loss Prevention policies configured in the Security & Compliance center. However, I have about 200 domains that I would like to be excluded from these policies. I know I can add exceptions to the policy by using "Except if recipient domain is..." but it only allows me to enter 1 domain at a time which take far too long especially considering that I would need to do it for each policy.

Is there a method of adding all these exception domains at once? If not, is there a different method I can use to exclude this list of domains from ALL my data loss prevention policies?

Microsoft 365 and Office | Install, redeem, activate | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2022-01-05T04:18:08+00:00

Hello Asda3498,

Thanks for your post in this community.

Based on your requirement, we have checked from our end and found that with PowerShell cmdlet, we can specify multiple domains with separated by commas in “ExceptIfRecipientDomainIs” parameter. Kindly note you need to run this cmdlet for your all DLP policies individually. For this, first you need to collect identity details for your DLP compliance rule and once it collected you can add multiple domains in exception list. (Note: we recommend to first add two or three domains in your DLP exception list and once it’s success, you can go for all)

A. First all you need to connect to security and compliance PowerShell, for this process kindly check Connect to Security & Compliance Center PowerShell using the EXO V2 module | Microsoft Docs

Once it’s successfully connected, kindly run the below cmdlet:

B. Run the below cmdlet to get details about your all DLP policy and collect identity information.

  • Get-DlpComplianceRule | fl

C. Once all identity details collected, use it in the below cmdlet and add your domains which you would like to add in your exception list. You need to specify multiple domains with separated by commas (in the below example, we have mention “xyz.com”, “aaa.com”)

  • Set-DlpComplianceRule -Identity "xxxxx" -ExceptIfRecipientDomainIs "xyz.com", "aaa.com"

For your reference, here sharing our official documents for such PowerShell command Get-DlpComplianceRule (ExchangePowerShell) | Microsoft Docs and Set-DlpComplianceRule (ExchangePowerShell) | Microsoft Docs.

Thank you so much for your precious time. Stay safe and healthy.

Regards,

Ankita Vaidya

Was this answer helpful?

1 person found this answer helpful.
0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-01-08T10:39:15+00:00

    Hello Asda3498,

    Good day to you and hope you are doing well.

    I'm writing to follow up on this thread. If you have any further question or need assistance, please do not hesitate to contact us. Thank you.

    Regards,

    Ankita Vaidya

    Was this answer helpful?

    0 comments