Forum Discussion

kstifle's avatar
kstifle
Copper Contributor
Mar 21, 2024

Microsoft Purview DLP Endpoint Block with Override is not working with text files

I only have one policy on the Device location to detect medical data. To test this policy, I have created five files with identical test data (docx, xlsx, pdf, txt, and CSV). I get mixed results when I attempt to copy the files to a cloud location outside my organization. 

  • docx = blocked with the ability to override
  • xlsx = blocked with the ability to override
  • pdf = blocked with the ability to override
  • txt = initial alert stating the content is being evaluated. Then, after waiting for the evaluation to complete, the file can be copied, and no alerts are displayed. 
  • csv = initial alert stating the content is being evaluated. Then, after waiting for the evaluation to complete, the file can be copied, and no alerts are displayed.

I have referenced this page to ensure that the sensitivity type is supported. 

Data Loss Prevention policy tips reference | Microsoft Learn

 

I have tested the policy with and without a file extension condition. Same result. 

 

Test Workstation:

Windows 11 Enterprise 23H2

Microsoft 365 E5 License

 

 

 

 

  • anish833's avatar
    anish833
    Copper Contributor
    Getting the same issue, were you able to fix it, I was thinking maybe create a condition group where it says if the "Content contains SIT or (File extension .txt,.csv AND content contains SIT)"
    • kstifle's avatar
      kstifle
      Copper Contributor
      I tried many different settings, including your suggestion, but nothing resolved the issue. I opened a ticket with Microsoft months ago and am still waiting for a solution. The ticket has been escalated to the senior team, and despite daily badgering, I have yet to receive an acknowledgment that they are even looking at the issue. This is either a major issue they are having difficulties resolving, or their support has reached an all-time low.

Resources