Forum Discussion
Solved
Whitelisting domain in DLP policy
Does anyone know, if there is any way to whitelist a domain in DLP policy?
The problem is that we are sharing documents from SPO site to a trusted partner domain and don't want to get the DLP warning messages for this, but at the same time don't want to take the whole site out of DLP's reach.
The article shows you how to configure conditions/exceptions, it doesn't list them all...
. While there is no whitelist, there is a possible workaround.. perhaps by design.
Office 365 DLP cannot read (or match) on an AIP encrypted file.
AIP can encrypt files automatically upon save if conditions are met
If you configure AIP to auto encrypt, DLP will not read and the domains are essentially whitelisted.
plus there is the bonus of assigning file specific permissions if needed.
requires p2 license
please like if this works for you, or reply if it doesnt
Have you looked into exceptions for DLP rules, more specifically the "recipient domain is" exception? https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies#tuning-rules-to-make-them-easier-or-harder-to-match
I didn't find any mention about recipient domain exception in the article? Only thing I could find about exceptions is Exchange Online Transport rules, but my problem is with Sharepoint content so when sharing from Sharepoint is there way to whitelist domain that you share documents from Sharepoint?
The article shows you how to configure conditions/exceptions, it doesn't list them all...
