Forum Discussion
"Purview DLP policy is not working as expected."
I am creating a DLP policy with the following configurations:
A new policy applied to devices was generated.
--SCOPE
Devices
--USERS
DLP_TEST
--A rule is created: DLP_TEST_APPSBLOCK
--THE FOLLOWING CONDITIONS ARE ADDED
Document could not be scanned
Document did not complete analysis
File type is:
- Word Processing
- Spreadsheet
- Presentation
- Archive
File extension is:
- py
- txt
- HTML
--THE FOLLOWING ACTIONS ARE ADDED
Application groups: DLP_TEST_APPS
Copy to clipboard: Block
Print: Block
Copy to USB: Block
Copy to shared network resource: Block
--APPLICATIONS NOT IN THE SHARED APPLICATION GROUPS
Configuration: Block with override
--NOTIFICATIONS
Use notifications to inform users and properly teach them about sensitive information: Enabled
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
In restricted applications, even though I have blocked everything, it still allows me to attach documents from WhatsApp. Although it prevents copying or dragging, I can always upload documents, which should not happen.
This is just a test, but I would like to know what is happening and how I can solve it
1 Reply
Prathista IlangoMicrosoft
Hello Melvin_Maldoando03,
What is configured under "File activities for all Apps"?
Trying to reproduce this, could you please help me with screenshots of the rule settings (if possible, all settings), to help configure at my end and test? Also, list of apps in DLP_TEST_APPS group and service domains would also be useful.
Have a quick look at this, it may be helpful: https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings#restricted-app-activities-and-file-activities-for-all-apps
Regards,Prathista