Forum Discussion
Solved
Microsoft Teams tenant specific DLP
We are a defence company and have protective labels on our documents. We have endpoint DLP to ensure that protectively marked documents are not uploaded to services that they shouldnt be. We are...
Can’t see any way of preventing that ”gap” other than configuring permissions in the label/labels.
*edit WillNunez just realized this should be possible by instead using Endpoint DLP policy.
We use labels and resources is on the roadmap. However some labels have a classification which means they cannot be stored in cloud that hasn't been accredited
Endpoint dlp can prevent application and url level uploading. But with teams for example you can't differentiate between tenancies by url. I want to be able to block uploads of classified files at a tenancy level. I've been told casb by other vendors can do this. I'm trying to work out how it can be done with microsoft
Endpoint dlp can prevent application and url level uploading. But with teams for example you can't differentiate between tenancies by url. I want to be able to block uploads of classified files at a tenancy level. I've been told casb by other vendors can do this. I'm trying to work out how it can be done with microsoft
You can use CA with a Conditional Access App Control session policy, connected to Microsoft Defender for Cloud Apps, with the session control type "Control file upload" and action "Block". There are many configuration options in there, such as scoping on sensitivity labels etc., and target "All company" for example.
Not sure you've seen the new setting in Endpoint DLP for devices where you can select a block of upload if a document isn't already labeled. Meaning no file can be uploaded until it's been labeled. Something to consider as well.
Not sure you've seen the new setting in Endpoint DLP for devices where you can select a block of upload if a document isn't already labeled. Meaning no file can be uploaded until it's been labeled. Something to consider as well.