Forum Discussion
Service Domain restrictions
I’m currently implementing an Endpoint DLP policy to enforce service domain restrictions. The goal is to prevent users from uploading documents to non-corporate domains and only allow uploads to a sp...
- Yes, Microsoft 365 dynamic groups are supported for Endpoint DLP scoping. Just be aware that membership changes are not real-time, so policy application can lag.
- You can’t truly target “all file types.” Endpoint DLP works on supported file types only.
- This is expected behavior. Endpoint DLP blocks file transfer operations (upload, drag-and-drop) but does not block clipboard-based paste into web apps. Once content is pasted, it’s treated as user input, not a file transfer. This is a known limitation.
- Yes, expected. Endpoint DLP evaluates files when they are created, saved, or modified. Existing files may not be fully enforced until they are touched.