Forum Discussion
Block transfer of labelled data through CLI Apps - Powershell
I have a ticket open with microsoft since mid november, and to date not fixed, still chasing.
So we have labelled data, using a custom label intellectual property. We block and alert using it, from uploads to list of urls, to prompt to override, etc. So the label works.
Next step is to prevent exfil using Cli apps. This is where the issue is.. Not working.
Would you have any idea if this actually works? Has anyone set it up?
- In settings and then Restricted apps and app groups I have setup the following:
- Then I created a policy that is applied to my machine and my user to block the move and upload of data that is labelled as Intellectual Property (Sensivity Label)
- It should block when I am using WinSCP or powershell. It does not.
- I tried with the restricted app group and with access by restricted apps. None works
- My machine is in sync
3 Replies
I moved the file using powershell.. so does not see the powershell move, but sees me creating the file if i copy and paste in the folder.
Hello, this is not fixed, I need to now replicate and check using the activity explorer. Have shared the ticket number also.
Have reached out to support again, and will escalate to account manager tomorrow.
Prathista IlangoMicrosoft
Hello ghostsword,
Have you checked the Activity Explorer after testing the scenario?
If the attempted access via PowerShell wasn’t blocked, reviewing Activity Explorer for any related entries can provide valuable insights into why the policy didn’t trigger. This step often helps identify whether the action was logged and what enforcement mode was applied.Additionally, please share the case number so we can review it internally and assist you further.
