Forum Discussion
Upload to a restricted cloud service domain or access from an unallowed browser
-The action in DLP rules "Upload to a restricted cloud service domain or access from an unallowed browser" does not seem to be working as expected.
-Currently a number of policies are meant to detect certain sensitivity labels as well as certain information types and among the actions taken to restrict data/files being shared, Is the action named above.
-The activity explorer shows the policy match but the enforcement action is always audit instead of block(which is specified in the policy)
-Service domains and domain groups are added with an action of block in DLP settings.
-Unallowed browser also specified.
What could be the issue here? Any Ideas?
- MX_ITCopper ContributorAny chance another policy has a higher priority overriding?
- AhmedSHMKBrass ContributorSeems to work after setting up insider risk management to intercept same info types/labels and including it as a condition in the dlp rule.
- miller34mikeMicrosoft
If you're comfortable doing so, it'd be helpful to see images of the policy and the rules within the policy, as well as the endpoint DLP settings section for restricted domains, in order to help troubleshoot further. You can also send them to me directly if you'd prefer, and then I'll reply here.