Jul 20 2023 05:15 AM - edited Jul 20 2023 05:19 AM
Hi,
Using MDCA or MDE is it possible to block file uploads to personal webmail services such as Outlook.com/Gmail etc.
I should add we have not deployed labelling yet, so that isn't an option. It seems that would make this ask much easier!
Thanks
Jul 20 2023 07:04 AM
Hi @typod
thank you for posting for question here. I understand you’re looking to block uploads of company data to personal email domains such as outlook and gmail.
First, yes, sensitivity labels can greatly help with your overall data security solution and with this as well but you can still get a good start on blocking these uploads.
To do this, you’ll want to leverage Microsoft Purviews Endpoint DLP solution. You’ll want to edit the Endpoint DLP settings page in Purview to add both the service domains and the applications of these services and then create a Device-based DLP policy in Purview.
Since you mentioned not having labels yet, you can still use sensitive info types, such as credit card numbers or social security numbers, as a condition but you can also block the uploads based on the file type and file extension.
Linked below is a blog I recently wrote covering Endpoint DLP entirely and should help you with configuring this as needed.
https://cloudy-sec.com/2023/04/22/microsoft-purview-dlp-part-2-endpoint-dlp/
Jul 20 2023 09:26 AM
@miller34mike Thanks for responding. I will take a look.