Forum Discussion
Purview -> DLP -> Settings -> Endpoint DLP Settings
- We can block uploading data to a external website - Yes i can block specific websites via Defender portal > Settings > Endpoints > Rules\Indicators > URLs\Domains\IP's\etc.
But this does not give me the whitelist or block. I have to explicitly set the site, leaving any sites that are not blocked as allowed. Not very helpful to blanket block all then have a allowed list of sites. If there is something I am missing please let me know.
2. WCF - not great. General headings (Gambling\Social Media\etc) without knowing what sites it deems to block is not very helpful and will cause problems down the line, as it has in testing.
Ultimately I am getting that to move from WIP which is deprecated in latest Win11 release, which allows everything that i want. Is only supported for all features in E5. Which is 2x the cost of Business Premium and needs the additional license for Teams as that is not included.
- We can block uploading data to a external website - Yes i can block specific websites via Defender portal > Settings > Endpoints > Rules\Indicators > URLs\Domains\IP's\etc. ( This blocking is not based on content you upload. If your user uploads content like credit card number, purview DLP can block just that. All other data can be uploaded. 2. You can still block websites from purview DLP, talking from compliance perspective, Purview MIP and DLP is way to go. Below are some use cases, sensitive data redacted purposefully.
Purview DLP is not working - it will not block sites based off of DLP or MIP (microsoft information protection?)
Information Protection - I have created sensitivity labels and published. Reaching the data - I can see the label on the data.
Tied the Sensitivity labels as the condition to DLP policy. I have set DLP up in "Browser and Domain Restrictions to sensitive data" with list of Allow sites, which is supposed to only allow those sites and block all others. This should be pushed to all DLP policies as it is in the DLP settings.
Nothing is getting blocked when i upload the data to google drive for instance. What am I missing?In defender portal I can see on the device that it is not getting the DLP policy.
Contacting support\sales of Microsoft they tell me I need additional licensing, that is why it is greyed out and why the DLP settings are not going to device. They instructed me to purchase the Defender for Endpoint license, which they told me would fix this issues. Needless to say it did not fix the issue.
Please share if you are referring to another way to block data from being uploaded to sites and apps via Purview. Or if you know why it is not sync'ing or how to sync. Anything to help. Frustrating as support and sales do not seem to know what is what.
Can you share full screenshot of the endpoint DLP section learnazure_ad, Microsoft Purview compliance portal, navigate to Data loss prevention > Overview > Data loss prevention settings > Endpoint settings. Also Sign in to the purview > Settings (gear icon in the upper right hand corner) > Device onboarding > Devices., or in your bottom at compliance center go to settings, endpoint DLP, Device onboarding. I also suggest creating Endpoint DLP rule under Data Loss Prevention > Create Rule > Select Endpoint as the option --> If fails share me details on that. I think you receive this DLP Policy sync not updated due to that. However, you need Compliance licenses. Share the Details then let's try to resolve this matter.😊
When you say DLP create rule in policy? I have a policy created and end point selected, and the sensitivity label as the rule\condition (mentioned earlier). Nothing is being enforced.
DLP settings in Purview
only edge is allowed browser
^ 24 sites allowed, all others should be blocked.
Devices in Purview (greyed out)
Onboarding in Purview (greyed out)
DLP policy to Device and the rule. Not working.