Forum Discussion
DLP Policy - DSPM Block sensitive info from AI sites
Having issues with this DLP policy not being triggered to block specific SITs from being pasted into ChatGPT, Google Gemine, etc.
Spent several hours troubleshooting this issue on Windows 11 VM running in Parallels Desktop. Testing was done in Edge.
Troubleshooting\testing done:
- Built Endpoint DLP policy scoped to Devices and confirmed device is onboarded/visible in Activity Explorer.
- Created/edited DLP rule to remove sensitivity label dependency and use SIT-based conditions (Credit Card, ABA, SSN, etc.).
- Set Paste to supported browsers = Block and Upload to restricted cloud service domains = Block in the same rule.
- Configured Sensitive service domain restrictions and tested priority/order (moved policy/rule to top).
- Created Sensitive service domain group for AI sites; corrected entries to hostname + prefix wildcard a format (e.g., chatgpt.com + *.chatgpt.com) after wildcard/URL-format constraints were discovered.
- Validated Target domain = chatgpt.com in Activity Explorer for paste events.
- Tested multiple SIT payloads (credit card numbers with/without context) and confirmed detection occurs.
- Confirmed paste events consistently show: Policy = Default Policy, Rule = JIT Fallback Allow Rule, Other matches = 0, Enforcement = Allow (meaning configured rules are not matching the PastedToBrowser activity).
- Verified Upload enforcement works: “DLP rule matched” events show Block for file upload to ChatGPT/LLM site group—proves domain scoping and endpoint enforcement works for upload.
- Disabled JIT and retested; paste events still fall back to JIT Fallback Allow Rule with JIT triggered = false.
- Verified Defender platform prerequisites: AMServiceVersion (Antimalware Client) = 4.18.26020.6 (meets/exceeds requirements).
1 Reply
Hey Bosanac89,
Your upload blocking works but paste doesn't, and that points to a specific gap in how you've scoped the rule.
Paste to Browser does not follow the global Service Domain list under Endpoint Settings. Microsoft documents this. It only honors Sensitive Service Domain Groups configured directly on the rule itself, under "Service domain and browser activities" > "Paste to supported browsers." If your AI sites group is only set at the global endpoint settings level and not attached inside the rule at that specific action, your custom rule will never match PasteToBrowser events. That's exactly why you keep seeing the JIT Fallback Allow Rule instead of your configured rule.
Second thing to check: Paste to Browser does not support advanced classification. It evaluates clipboard content locally, not through the cloud classification service. Standard pattern-based SITs like Credit Card and SSN should still detect, but if your rule conditions include trainable classifiers or exact data match alongside the SITs, paste events won't match.
Also try switching the paste action to "Block with override" instead of silent "Block." Multiple community threads confirm the override variant enforces more reliably for clipboard operations because it triggers a user-facing prompt. Silent block for paste has inconsistent enforcement.
One more variable since you're testing on a Parallels VM: if you're copying test data from macOS and pasting into Edge inside the Windows guest, the clipboard handoff between host and guest can bypass the Endpoint DLP interception point. Copy your test SIT payloads from Notepad or Word inside the VM to eliminate that.
Give the policy an hour to sync after changes, then retest. You should see your custom rule name in Activity Explorer instead of the fallback.
Please mark as solution if you find this helpful. It helps others in the community find the solution quickly. 🖖
