Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Blocking file uploads to specific URLs

Brass Contributor

Hi. I am trying to prevent uploading of files (regardless if they're protected or not) to specific websites, like wetransfer.com. Can this be done in Defender for Endpoint or Defender for Cloud Apps? I added the domains in the Service Domains section in block mode in the Endpoint DLP settings, but I can still upload files to those restricted websites. Any help would be appreciated. 

1 Reply

Hi @The737 

 

Your options from an MDE/MDCA perspective would be to either mark it as unsanctioned in MDCA or manually add the website as an Indicator of Compromise within the MDE settings (marking as unsanctioned in MDCA does this for you and includes subdomains) which will allow you to prevent the site from being accessed on your managed endpoints all together.

 

On the endpoint DLP side, which I know you already added it as unallowed service domain but did you scope an Endpoint DLP policy to include blocking service domain uploads after you added it? You could have an Endpoint DLP policy that blocks uploads to that specific domain (would want to create a service domain group) based on file type and/or file extension, which can be matched regardless of the file having a sensitivity label or containing sensitive information types/trainable classifiers.