Microsoft 365 Compliance Exceptions

ALERT LEGACY ARTICLE: The content in this article is no longer updated and is available for reference purposes only. Features and workflows described may be deprecated, significantly changed, or no longer supported.

Environment

Datto EDR

Description

Adding Exceptions

1. Configure your M365 Compliance scan as normal, and complete your first scan.
(Main Navigation Bar https://github.com/Datto EDR/extensions Discover → Compliance)

2. Navigate to the results of the M365 Compliance Scan.: Main Navigation Bar → Secure→ Compliance

3. Select which control you would like to add an exception to by clicking on the ellipses to the right of the control.

4. Select Exception.

5. Add notes to the note section to document the exception

Modify Exceptions

1. Navigate to the results of the M365 Compliance Scan.: Main Navigation Bar → Secure →Compliance.

2. Select the control you would like to modify an exception for by clicking on the ellipses to the right of the control.

3. Select Exception.

4. Add notes to the note section to document the modified exception

Deleting Exceptions

1. Navigate to the compliance exception list: Main Navigation Bar → Discover→ Compliance→Exception.

2. Locate the specific exception for the correct M365 domain.

3. Click on the ellipses to the right.

4. Select Delete.

Alerting Changes

An exception negates alerts being generated from that compliance check. Just like it modifies the overall score, it will no longer be counted for changes to the score which would generate an alert.

User Interface Changes

In the results of compliance scans, compliance checks with an exception will be marked with a blue "INFO" icon .

Cyber Security Notes

An exception does not stop the compliance check from occurring, it changes the actions taken on the result. What this means is that due diligence should still be paid if secondary controls are not in place and an exception is put in place that does not apply to a check as a whole.

For example, if an exception is added related to an MFA check in where 24 of 25 users have MFA enabled, with notes stating that the 25th user can not use MFA for whatever reason, if the ratio of 24/25 changes to 23/25, an alert is not generated, but the result will still show 23/25.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.