Forum Discussion
Using DLP to block saving data to local devices
Hi all,
I've been trying to find an answer to this but haven't be able to find anything that says yes or no!
We've been using Purview for a bit now and have a bunch of labels setup and some DLP rules to block certain type of data being emailed, uploaded to cloud etc. But today I was asked if I can block certain label types from being saved to anywhere on the users local storage, for example C drive. So this data can only be stored on a particular on-premise file server. The idea is we don't want certain types of data sitting on users laptops.
Anyone know if this is possible?
Thanks
1 Reply
I don't think what you are looking for is possible. There is no setting or option in either Purview Information Protection or Purview DLP (even at the Endpoint DLP level) for this.
Even if it were possible now, it will likely cause end-users headaches. Here is a a scenario where this could be an issue:
- A user has a file sitting on their desktop that has a basic (allowed label)
- User re-labels a document from a basic label to the restricted label. The file won't save. The pop-up notification that comes up is the generic/ non-editable pop-up.
Best option is to use Microsoft OneDrive and have the users 'Desktop' and 'My Documents' synced so that you can track the data and it gives the users the security that their files save securely on the cloud.
