Forum Discussion
Blocking file uploads to all sites, unless safelisted
We're trying to verify if we can block file uploads through the browser to all sites, unless these sites are part of an approved list or the user has an exception. We currently have a similar solutio...
Hi DanSec
Since you're wanting to set a "safe list" which will block uploads to anything not on this list, you'll likely want to leverage the service domains feature under Endpoint DLP settings in the Microsoft Purview portal.
You can set the service domains to be an "Allow" list to achieve this and will need an Endpoint DLP policy configure once you've set the list. The policy itself can have your specific user exclusions set (Endpoint DLP is still identity based).
While DLP is typically based on sensitive information, you can set the policy to block uploads based on file types and/or file extensions. As you mentioned, you can also scope it to block based on a specific sensitivity label applied to the file.