Forum Discussion
DLP policy using File Type as condition to block copy to removable usb device
Hello all,
Kindly advice what are the exact steps to create the policy to block/audit users while copying and pasting data removable device using file type as condition. Currently I have created the policy it is not triggering the alerts.
Regards
- miller34mikeMicrosoft
Here are the steps I would recommend, and have used them myself in the past to create this policy, which worked successfully:
- Login here:
- Create a new policy > set the category and template both to custom
- Set the locations to Devices only
- Set user or group specific inclusions as needed
- Create a new custom rule > set the condition to File Type is and choose from the options provided.
- Configure the Actions to "Audit or restrict activities on devices"
- Specifically set the "Copy to a removeable USB device" setting to Block or Block with override
- Disable the others or leave them enabled if you wish, this will not impact the USB control though
- Set any other options such as policy tips or alert settings within the rule as desired
- Save the policy but make sure it is set to "On"
- Allow at least 1 hour for the policy to replicate, but note that it can take up to 24 hours
- Make sure the device you're using is fully onboarded to Microsoft purview and you're logging in to the device with an identity included in the scope of the policy (set on the locations tab)
- Check onboarded devices here: Device onboarding - Microsoft Purview
- ItsKJ11Copper ContributorGreat instructions, can’t wait to give it a try.
- marvnl15Copper ContributorI also want to know this. Writing a command so I can get up to date on this topic / discussion. I go to https://compliance.microsoft.com/datalossprevention/policies but I don't see the option to create a policy for it. I only see the option to create exclusion for specific USB sticks.
- Afsar_ShariffBrass Contributor
marvnl15 once you select the condition you may need to select the action as "Audit or Restrict activities on devices" to see "Copy to USB removable device" option.
- marvnl15Copper Contributor
Afsar_Shariffthanks, but the thing is, I don't see what you mean on where it is you want me to check.
To break it down. This is what I see:
Policies - Microsoft Purview
When I click on Policies I see these selections and they point to the Location templates like 'General Data Protection Regulation (GDPR) Enhanced' and 'U.S. Patriot Act Enhanced' and so many moreAlso, if I want to use the search bar, unfortunately, it does not show anything.
And here you can edit or make exclusions, but not create the policy to restrict download resources or copy to USB:
And if I click on 'get started' maybe to see if I get it more, but then I get this info as seem unrelated:
I just don't get it. Sorry. Maybe it is a license thing? We have tons of Microsoft E3 and E5 licenses in our tenant. or do we need more?