Forum Discussion
Endpoint DLP - Content is not labeled - Cannot work on files newly created in the local disk
Hello everyone,
I'm creating a condition "Content is not labeled" for my Windows devices (Windows 11, 22H2). I realized that if I create a new (unlabeled) file by right-clicking and choosing a new file (like the image below), the DLP cannot work if I send the new file to the un-allowed application (FileZilla)
However, whenever I tried to download an unlabeled file from other locations (Internet, OneDrive, exporting, etc.), DLP could detect and block this file successfully (see the image below).
As a result, the DLP condition cannot work on files created on the local disk, even if no labels have been applied. Can everyone help me explain that? Thank you so much!
In case you want to understand the context more - Unlabeled file detected - Purview Endpoint DLP.mov
- It isn't a high risk actually, because if you can bypass the DLP policy successfully by creating new (unlabeled) files in the local disk, the file you send is just... blank. If you want to put the content for illegal sharing, you must choose the label first (ensure that you require end users to apply the label). Then, your file will be protected by labels and label + SIT-based DLP policy.
However, I hope to hear Microsoft's and others' opinions, to see whether it's an intentional feature or a flaw @@
