Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Blocking uploads to personal Outlook

Copper Contributor

Hi,

 

Using MDCA or MDE is it possible to block file uploads to personal webmail services such as Outlook.com/Gmail etc.

 

I should add we have not deployed labelling yet, so that isn't an option.  It seems that would make this ask much easier!

 

Thanks

2 Replies

Hi @typod 

 

thank you for posting for question here. I understand you’re looking to block uploads of company data to personal email domains such as outlook and gmail. 

First, yes, sensitivity labels can greatly help with your overall data security solution and with this as well but you can still get a good start on blocking these uploads. 

To do this, you’ll want to leverage Microsoft Purviews Endpoint DLP solution. You’ll want to edit the Endpoint DLP settings page in Purview to add both the service domains and the applications of these services and then create a Device-based DLP policy in Purview. 

Since you mentioned not having labels yet, you can still use sensitive info types, such as credit card numbers or social security numbers, as a condition but you can also block the uploads based on the file type and file extension. 

Linked below is a blog I recently wrote covering Endpoint DLP entirely and should help you with configuring this as needed. 

https://cloudy-sec.com/2023/04/22/microsoft-purview-dlp-part-2-endpoint-dlp/

@miller34mike Thanks for responding.  I will take a look.