Forum Discussion
kstifle
Mar 21, 2024Copper Contributor
Microsoft Purview DLP Endpoint Block with Override is not working with text files
I only have one policy on the Device location to detect medical data. To test this policy, I have created five files with identical test data (docx, xlsx, pdf, txt, and CSV). I get mixed results when I attempt to copy the files to a cloud location outside my organization.
- docx = blocked with the ability to override
- xlsx = blocked with the ability to override
- pdf = blocked with the ability to override
- txt = initial alert stating the content is being evaluated. Then, after waiting for the evaluation to complete, the file can be copied, and no alerts are displayed.
- csv = initial alert stating the content is being evaluated. Then, after waiting for the evaluation to complete, the file can be copied, and no alerts are displayed.
I have referenced this page to ensure that the sensitivity type is supported.
Data Loss Prevention policy tips reference | Microsoft Learn
I have tested the policy with and without a file extension condition. Same result.
Test Workstation:
Windows 11 Enterprise 23H2
Microsoft 365 E5 License
- anish833Copper ContributorGetting the same issue, were you able to fix it, I was thinking maybe create a condition group where it says if the "Content contains SIT or (File extension .txt,.csv AND content contains SIT)"
- kstifleCopper ContributorI tried many different settings, including your suggestion, but nothing resolved the issue. I opened a ticket with Microsoft months ago and am still waiting for a solution. The ticket has been escalated to the senior team, and despite daily badgering, I have yet to receive an acknowledgment that they are even looking at the issue. This is either a major issue they are having difficulties resolving, or their support has reached an all-time low.