Defender Browser/Domain blocks

Brass Contributor
Hello,
We have an issue with Defender for Endpoint, with most users, When we add browsers/domains in DLP settings "Browser and domain restrictions to sensitive data" usually an unallowed browser would not open in a blocked browser by default and would redirect to edge. 
For some users, This does not work, We have checked the affected devices and they have configuration status, policy sync status of successful, user status is Valid user.
On the device itself the tasks/services are running and have been restarted already.
 
AhmedSHMK_0-1725345576736.png

 

AhmedSHMK_1-1725345576737.png

 

AhmedSHMK_2-1725345576738.png

 

 
AhmedSHMK_3-1725345576738.png

 

 
Setting e.g.
AhmedSHMK_4-1725345576739.png

 

 
AhmedSHMK_5-1725345576739.png

 

 
7 Replies

Hi there,
Please check in your admin center for the message -> MC793918 (17/05/2024)
Microsoft separated the MDE agent from Purview DLP.
MpDlpService.exe” for Microsoft Purview DLP and “MsMpEng.exe” exclusively for Microsoft Defender for Endpoint.
That might be the cause of your issue.

Also, ensure that you deployed the purview browser extension for that browsers.

@andrerocha1450 

Thanks for your reply, I am aware about the update but as mentioned I can see both services.

AhmedSHMK_0-1725361781567.pngAhmedSHMK_2-1725361827487.png

 

Browser extension is certainly installed

 

AhmedSHMK_1-1725361805426.png

 

@AhmedSHMK

did you also enabled a dlp policy with this?

andrerocha1450_0-1725370314617.png

 

 

@andrerocha1450 

I create a policy with a rule detecting a label applied to content, And taking the below actions:

AhmedSHMK_0-1725517159637.png

AhmedSHMK_1-1725517219909.png

Apply restrictions(All Applied):

AhmedSHMK_2-1725517254394.png

 

Restrict app activities:(All Applied)

AhmedSHMK_3-1725517283831.png

 

===================

There is a second rule in the policy that takes the below action:

 

AhmedSHMK_4-1725517355982.png

 

 

==================

None of the rules have stop processing more policies/rules enabled.

 

==================

I noticed however that policy sync/configuration status for the device is not configured. Windows version matches the pre-requisite though not sure why.

try and do the following:
login to compliance.microsoft.com
Select "Settings" from the menu on the left
Select "Device onboarding"
Find and select any out of sync device

if that doesn't work, try forcing a sync from security.microsoft.com portal
Select "Devices" -> Find the Device in your device inventory -> Click on the 3 dots and select policy sync

@andrerocha1450 Please note there is no longer an option to sync the device from security or compliance.

 

AhmedSHMK_0-1725866909004.png

 

@AhmedSHMK

I managed to reproduce the block in a test environment and observed the below:

 

Action: access any website in the sensitive domains list from a browser with purview extension installed.

Message: "this site contains sensitive information, so for security and compliance your organization requires you to use Microsoft Edge if you access it."

Action: Extension Redirects website to Edge window.

 

However there isn't any clear documentation of how to achieve the above (add to sens. sites? ) Keep in mind the policies must be configured with a condition but none of the conditions match "block access via browsers other than edge, etc...." 

It is also not clear why in some occasions this does not work, Does it take some time, Any certain URL format? etc....