Hello,
Is it possible to configure DLP so that only users in specific OUs (Microsoft Active Directory) are targeted? In particular, I am looking at endpoint policies. Can specific policies exclude or include specific OUs. Also, is it possible to configure DLP so that specific OUs are excluded or included for all policies?
Thanks in advance,
Bob
When I referred to OUs, I am talking about OUs in Microsoft Active Directory.
yes you can do apply specific "goups" under the groups tab in the policy you are looking to apply. you can also further exempt groups also...
sorry click on manage then user groups and build the groups from AD you wish to apply or exempt them from...
How about excluding an OU instead of group?
correct the group comes from a OU in AD....if AD is integrated into the system.
My issue is that I want to exclude certain countries. We do not have groups that identify what country someone is, but we do put our users in OU's specific to the country. From what I can see in the groups part of the policy, it is based on group membership, not where someone's account is in AD (what OU).
correct, if it is not in AD its kinda hard...
the next question is can you do it by a email group do you have anything like that in in...
remeber DLP only reads AD info it nevers writes to AD..
sorry you can manually build one, you would need to pull out every user indivually and name it... its just time consuming
I think I have figured this out. I had to create a User Group. That group is defined by OU. Then I can leverage that User Group in the Group tab by either clicking Add Rule or Add Exception.
correct... if the ou doesnt exist you need to build it manually...
marked this resolved if it works for you please...
Done. Thanks for the quick responses.