Block upload of files to public locations likes gmail, dropbox etc using Microsoft Cloud App Securit


I have created AIP labels. I have applied them via Microsoft Cloud App Security File policy based on DLP rules. Working fine now.

The objective is to stop those file upload to personal storage/email like gmail or dropbox. I looked upon the MCAS session policy which has session control type of control file upload (with DLP). I created one leaving App filter empty, added file filter to match classification labels with inspection method. Now it blocks file upload even to SharePoint Online.

The conditional rule is on SPO and ExO with session control using custom policy for conditional access app control.

How do I just block files to move out of environment rather blocking upload to SPO or other locations?

2 Replies

@Ashish Trivedi 


Thanks for your question.

This scenario is currently not supported by Cloud App Security but could be partially achieved using Windows Information Protection and Microsoft Defender ATP .


Please review the following documentation:



@Ashish Trivedi Hello, may I ask how you ended up configuring your products to meet your needs? Did you use ATP/MIP as suggested? Thanks in advance.


*edit* For information we have disabled all 'third-party storage providers' just about everywhere. I'm curious though as I would like to manage the data and not necessarily disable all features.