CASB/DLP Sharepoint and Onedrive folder exceptions
search cancel

CASB/DLP Sharepoint and Onedrive folder exceptions


Article ID: 258143


Updated On:


Data Loss Prevention CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS


Setup folder exceptions in SharePoint and Onedrive.


DLP application detection "scan_filter" folder overrides do not work.


DLP application detection "scan filter"  folder exception or inclusion does not currently work.  Broadcom is working to fix this in the near future. An ETA is has not been established.


Generic folder exclusions such as an excluded folder, or only scanned folder in the O365 Securlet can be set during the activation of the Office 365 Securlet. (Reactivate the securlet as needed).

During activation, you have the option to do a Full or Selective scan.

Choose selective, and at the end of the activation, it will provide a dialog to choose users, groups, and files or folders to exclude.

*Folders can be excluded by the dlp policy by using contextual attributes. See KB222015 for examples. Policy exclusions are scanned by DLP but the policy will not trigger.

Additional Information

Folder exclusions for OneDrive do not currently work by design.  They are on the list as something to add in the future.