Forum Discussion
Solved
DLP policy to block access to external organization however allow access for some external domains
Hi, we have successfully setup a DLP policy to block sensitive information from going outside using "Block access to external organization", however we want to allow a few domains to receive those f...
Hi, FahadAhmed,
Thank you for posting your question here.
With Exchange-based DLP policies, you can configure an exception for your trusted domains into the conditions of your policy.
In the below image, I set the conditions to be an example of how you can configure this. Please note, to get the "NOT" option, you need to select "Add group" in the conditions builder.
miller34mike
Microsoft
MicrosoftHi, FahadAhmed,
Thank you for posting your question here.
With Exchange-based DLP policies, you can configure an exception for your trusted domains into the conditions of your policy.
In the below image, I set the conditions to be an example of how you can configure this. Please note, to get the "NOT" option, you need to select "Add group" in the conditions builder.
And what if we need an exception for use in DLP for Teams chat, SharePoint and OneDrive blocking externals?
- miller34mike
Hello! Great question.
Teams DLP, when selected by itself, DOES allow for building an exception based on the external recipient. However, for OneDrive and SharePoint, you do not get this option. For this, I recommend considering a B2B approach for you trusted, external partners. B2B will allow better granular controls on SharePoint for allowing access to your B2B-enabled partners.
Azure AD B2B collaboration overview - Microsoft Entra | Microsoft Learn
miller34mike Hello Mike! How would you recommend blocking all other domains but our own, with the Endpoint selection enabled? Such as web app upload through Chrome or Firefox? I notice the recipient domain is also not available when Endpoint is enabled.
- When i say endpoint, I mean "devices"
