Forum Discussion
Blocking file uploads to all sites, unless safelisted
Perfect! The final check to perform is under settings within the compliance portal at the link below, confirm that device onboarding has been enabled and that the same device from MDE shows up under Purview (it may take up-to an hour to complete the onboarding). Enabling Device onboarding within the compliance portal will automatically ingest all MDE-onboarded devices into purview, which is the final step to make sure that Endpoint DLP policies can be pushed to the device.
miller34mike, thanks for this. Checked and they are there.
- Brandon_TuckFeb 08, 2024Copper Contributorwhich websites did the file blocking work? i tried dropbox and it did not work
- parveensprefFeb 08, 2024Copper Contributor
Brandon_Tuck Its not resolved like still files are getting uploaded on few site i.e chatgpt and other
- Brandon_TuckFeb 07, 2024Copper Contributor
How did you solve this issue? I'm having the exact same problem, exact same policy made and for some reason blocking the file upload isn't working.
Thanks!
- miller34mikeJun 07, 2023Microsoft
Happy to hear it is working for you! Glad I could help. Just finished building the policy too, will still give it a test. Thanks for running through all of this with me!
Btw, if you block Chrome or Firefox from handling sensitive data (endpoint DLP settings) the Microsoft Purview Extension will override that block BUT specific blocks like this should still work.
- The737Jun 07, 2023Brass Contributor
miller34mike, it WORKED. It finally WORKED. Thanks a mill for your help.
- The737Jun 07, 2023Brass ContributorThanks. Looking forward to your response.
- miller34mikeJun 07, 2023Microsoft
I'm going to duplicate your policy and blocked domains to see what my test results in.
The MDE status is because you're managing it with Intune versus using Microsoft Defender for Endpoint Security Configuration Management.
- The737Jun 07, 2023Brass Contributor
miller34mike , nope, the upload isn't even visible in the Activity Explorer. In terms of the extensions, I entered them with the "." yet it got removed.
Interesting thing though... if I go on the onboarded devices page and look at the overview of the machine, the MDE Enrolment status is N/A. This gives me something to dig into.... - miller34mikeJun 07, 2023Microsoft
do you see the cloud upload activities within Activity Explorer?
also, I do usually recommend including the “.” In the extension, like .docx
on the onboarded devices page, you should be able to select a device and see what policies are active on it. Can you confirm this policy appears for the test device?
- The737Jun 07, 2023Brass Contributor
miller34mike, only the file extensions are set.