Forum Discussion
Blocking Downloads in Purview
Hi guys, hoping someone can help out with this : is there a away to block the download of sensitive documents in Purview? ; e:g, you've created a Highly Confidential sensitivity label and as part of the configuration you'd like to enforce a No Download rule for any document with that label applied .I'm struggling to find a simple way of doing this.
regards
Ant
7 Replies
thank you !!
Hi Ant_PFR_1973, if you are looking for blocking download scenario for external users, check out the Microsoft Defender for Cloud Apps (MDCA) solution which integrates with Information Protection. The use case is described in this article Commonly used information protection policies - Microsoft Defender for Cloud Apps | Microsoft Learn.
The use case "Block downloads for external users in real time" is a combination of Conditional Access policy which uses a session a session control to kick in MDCA and then combine external user and labels (this is not part of the learn article, but you can configure it as additional condition.
Thak you Bram !!
Thank you Vasil !!...the label is applied at the item level
Ant
Is the label applied on individual items or on the site/library level? For the former, use a DLP policy that checks for the presence of the label and blocks (external) access: https://learn.microsoft.com/en-us/purview/dlp-sensitivity-label-as-condition
While technically not the same thing as "block download", it is the best you can do for per-item labels.
For the latter, you can configure this restriction on the label itself. See for example: https://office365itpros.com/2024/12/12/block-download-policy-labels/
Thanks Vasil !.the label is being applied at the item level ...however there may be instances where we apply at the site/library level also
regards
Ant
Hi Ant_PFR_1973, Greetings, you can indeed block SharePoint/Onedrive downloads from policy level. If your prime goal to protect your data, then, you can use Purview Encryption Controls available under Sensitivity Label configurations. Here is the Guide for Sharepoint Blocks. https://learn.microsoft.com/en-us/sharepoint/block-download-from-sites. From Sensitivity point of view, you can block downloads based on Contents with Purview. Defender for Cloud apps help you to create scenario wise blocks with Downloads. You simply have to create a rule to block downloads based on SIT or other data types used.
