Forum Discussion
Microsoft Purview Data loss prevention - End point settings
Hi Team,
I have an endpoint DLP policy with "Endpoint DLP policy settings" configured for Network share groups.
I have one network share for ex: \\Windows10\c$\temp, and added this to the network share group called "Test"
Now the main DLP policy has a condition with content containing "SITs - Sensitive information types", and in the Actions, I have selected "Audit or restrict activities on devices".
My expectation of this policy is, it should not trigger an alert when a user attempts to upload sensitive content in the network share path which is defined in the "network share group" of endpoint DLP settings.
As you can see in the above screenshots, I have set "Block with override" on "Copy to network share" and under "network group restrictions configured" I have set "Test" network share group to "Allow"
Ideally, if we have allowed a particular network share to upload sensitive data, it should not trigger the alert. Kindly advise if my understanding is correct. Currently, whenever a user uploads sensitive data in an allowed network share group I am getting alerts.
Thanks in anticipation
- miller34mike
Microsoft
Thank you for posting your issue. You have the correct expectation here, yes. Sorry to hear that is not the case, however. Have you confirmed that the device you're testing this on is:
- Windows 10 and later (20H2, 21H1, 21H2) with KB 5018482
- Win 11 21H2, 22H2 with KB 5018483
- Windows 10 RS5 (KB 5006744) and Windows Server 2022
These are the minimum requirements for this specific setting, which you can read more on here.
Configure endpoint DLP settings - Microsoft Purview (compliance) | Microsoft Learn
Afsar_Shariff Were you able to resolve it? we are facing the same issue and not able to get it fixed.
