Forum Discussion
Content Explorer in Insider Risk: Upload files to cloud
I can see file content in IRM content explorer as long they are within M365: however, when file has been uploaded to Google Drive and/or Dropbox I can the activity such as file name, destination domain but not the content.
Is this even supported?
2 Replies
What happen if you try creating a DLP policy that do same ?
When user will violate , irrespective of domain evidence should be able to collect.
Create the DLP policy with "allow some but block rest of all" logic.
We do have a DLP policy to block uploads to any external site like Google Drive\DropBox - which currently applied only on 'leavers'. However, if someone uploads the file and then submits the resignation then it will bypass the DLP rule. I believe something like below may work.
https://learn.microsoft.com/en-us/purview/dlp-copy-matched-items-get-started?tabs=purview-portal%2Cpurview
