Forum Discussion
Blocking file uploads to all sites, unless safelisted
Hi The737
This is due to selecting both Devices and MDCA. When you scope to multiple locations, you only get the options that are available in both locations.
To set and Endpoint policy to block service domain uploads you will need to set the policy to Devices only and then within the rule, you will see service domain uploads.
To see this option, select actions > Audit or restrict activities on devices and it will be the first checkbox that you can select.
MDCA from a DLP perspective would not help you in this scenario.
To set your allowed list of service domains, which means everything else gets blocked, go to compliance.microsoft.com > Data loss prevention > Endpoint DLP settings and find the drop-down for Browser and domain restrictions to sensitive data. Make sure the drop-down for block/allow is set to allow and then set your appropriate sites.
sorry to hear you’re having issues with this DLP policy.
Have you completed the prerequisites for the device that you’re testing this policy with? There a few different onboarding steps that need to be completed. You can confirm these are done using the blog linked below.
If the prerequisites are met and you’re still having issues then we will do a couple of different tests to narrow down the issue.
https://cloudy-sec.com/2023/04/22/microsoft-purview-dlp-part-2-endpoint-dlp/
- I am also having this issue. I completed all the prerequisites, would you mind taking a look at the policy I made?
yes i have complete all settings. but policies are working partially. and taking too long to sync on system.
Like its blocking for one side but not for the other one. same with copy paste. it is blocking on one machine but not on another machine
