Forum Discussion

Binto's avatar
Binto
Copper Contributor
Jan 07, 2025

To Block Entire File Upload or File transfer

I Planning to setup up DLP policy . All of our systems are joined under the Entra ID and on boarded on purview.

I need to restrict the file uploading/transfer (Completely ) through any kind of platform except Outlook, One drive and share point with in the organization. 

If someone outside my organization share a google drive attachment via email our systems required the access to download those files but uploading back to that link should be blocked. 

How can i achieve this using Microsoft DLP.

 

  • WelkasWorld's avatar
    WelkasWorld
    Brass Contributor

    Hi Binto 
    It is possible via endpoint DLP.
    Apart from making sure that devices are onboarded to Purview, make sure that you have the Microsoft Purview extension deployed to any other supported browser, other than the native MS Edge.

    Then your first step is configuring the endpoint DLP settings and your allowed Service domains (it will be easier for you to go into a whitelist and block everything else, rather than a block list)
    => (purview.microsoft.com > Settings > Data Loss Prevention > Endpoint DLP settings > expand the Browser and domain restrictions to sensitive data
    Check that it says "Allow" beside Service domains and add some cloud service domains under this section:
    in your case this could potentially look like the below:
    -yourdomain-my.sharepoint.com
    -yourdomain.sharepoint.com
    -outlook.com


    Once your service domains are configured within the endpoint DLP, you can then go and create your DLP policy. Once you add your condition(s), you will then be using the "Audit or restrict activities on devices"> Service domains and browser activities> 'Upload to a restricted cloud service domain or access from an unallowed browsers' condition in a block mode. 

    See example of what the policy may look like for you. 

    Hope this helps.

    Any additional questions, give us a shout :)

Resources