icon-unified.svg
Experience Center

Configuring the Data at Rest Scanning DLP Policy Exceptions

Optionally, you can configure SaaS Security Data Loss Prevention (DLP) policy exceptions for sanctioned SaaS applications.

For example, you can create an exception for your organization’s CEO if you don’t want to inspect the emails your CEO sends. If your organization has a security research group maintaining a malicious files repository that must be exempt from inspection, you can also create an exception for the group.

To configure SaaS Security Data at Rest Scanning DLP policy exceptions:

  1. Go to Policies > Data Protection > Policy > Out-of-band CASB.
  2. In the Data Loss Prevention tab, choose one of the following SaaS application types from the drop-down menu:

    • To create exceptions for collaboration applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Senders: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close

    • To create exceptions for CRM applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Owners: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close

    • To create exceptions for email applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Senders: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close

    • To create exceptions for file sharing applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Owners: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close

    • To create exceptions for ITSM applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Owners: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close

    • To create exceptions for source code repository applications:

      1. Click the Exceptions tab.
      2. Under Do Not Inspect Content From Any of the Following:
        • Editors: Select the users you want to exempt from inspection. You can search for users or click the Add icon to add a new user.
        • Groups: Select the groups you want to exempt from inspection. You can search for groups or click the Add icon to add a new group.
        • Departments: Select the departments you want to exempt from inspection. You can search for departments or click the Add icon to add a new department.
      3. Click Save and activate the change.
      Close
Related Articles
Understanding the Data at Rest Scanning PolicyAbout Data at Rest Scanning DLPConfiguring the Data at Rest Scanning DLP PolicyConfiguring the Data at Rest Scanning DLP Policy ExceptionsAbout Data at Rest Scanning Malware DetectionConfiguring the Data at Rest Scanning Malware Detection PolicyConfiguring the Data at Rest Scanning Malware detection Policy ExceptionsAbout SaaS Security Scan ConfigurationUnderstanding SaaS Security Scan SchedulesConfiguring SaaS Security Scan SchedulesConfiguring the Data at Rest Scanning Exceptions