Forum Discussion

Afsar_Shariff's avatar
Afsar_Shariff
Brass Contributor
Apr 25, 2023

DLP policy using File Type as condition to block copy to removable usb device

Hello all,

 

Kindly advice what are the exact steps to create the policy to block/audit users while copying and pasting data removable device using file type as condition. Currently I have created the policy it is not triggering the alerts.

 

Regards

 

  • Afsar_Shariff 

     

    Here are the steps I would recommend, and have used them myself in the past to create this policy, which worked successfully:

     

    1. Login here: 
      1. Policies - Microsoft Purview
    2. Create a new policy > set the category and template both to custom
    3. Set the locations to Devices only
      1. Set user or group specific inclusions as needed
    4. Create a new custom rule > set the condition to File Type is and choose from the options provided.
      1.  

    5. Configure the Actions to "Audit or restrict activities on devices"
      1. Specifically set the "Copy to a removeable USB device" setting to Block or Block with override
      2. Disable the others or leave them enabled if you wish, this will not impact the USB control though
    6. Set any other options such as policy tips or alert settings within the rule as desired
    7. Save the policy but make sure it is set to "On"
    8. Allow at least 1 hour for the policy to replicate, but note that it can take up to 24 hours
    9. Make sure the device you're using is fully onboarded to Microsoft purview and you're logging in to the device with an identity included in the scope of the policy (set on the locations tab)
      1. Check onboarded devices here: Device onboarding - Microsoft Purview 

     

     

    • ItsKJ11's avatar
      ItsKJ11
      Copper Contributor
      Great instructions, can’t wait to give it a try.
    • Afsar_Shariff's avatar
      Afsar_Shariff
      Brass Contributor

      marvnl15 once you select the condition you may need to select the action as "Audit or Restrict activities on devices" to see "Copy to USB removable device" option.

      • marvnl15's avatar
        marvnl15
        Copper Contributor

        Afsar_Shariffthanks, but the thing is, I don't see what you mean on where it is you want me to check.
        To break it down. This is what I see:
        Policies - Microsoft Purview


        When I click on Policies I see these selections and they point to the Location templates like 'General Data Protection Regulation (GDPR) Enhanced' and 'U.S. Patriot Act Enhanced' and so many more

         

        Also, if I want to use the search bar, unfortunately, it does not show anything.



        And here you can edit or make exclusions, but not create the policy to restrict download resources or copy to USB:

         

        And if I click on 'get started' maybe to see if I get it more, but then I get this info as seem unrelated:

         

        I just don't get it. Sorry.  Maybe it is a license thing? We have tons of Microsoft E3 and E5 licenses in our tenant. or do we need more?

         

Resources