DLP policy for SharePoint site

%3CLINGO-SUB%20id%3D%22lingo-sub-2064512%22%20slang%3D%22en-US%22%3EDLP%20policy%20for%20SharePoint%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2064512%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20setup%20a%20DLP%20policy%2C%20not%20share%20sensitive%20information%20such%20as%20SSN%2C%20from%20user's%26nbsp%3BOneDrive.%20The%20policy%20location%20is%20set%20to%20OneDrive.%20I%20have%20tested%20the%20policy%2C%20that%20works%20as%20expected.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20later%20I%20found%20that%20user%20can%20sync%20files%20to%26nbsp%3Btheir%20local%20drive.%20Or%20user%20can%20download%20files%20to%20their%20folder.%26nbsp%3BThey%20can%20email%20the%20file%20on%20their%20local%20drive%20to%20external%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20I%20can%20prevent%20this%20issue%20happen%3F%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%2C%3C%2FP%3E%3CP%3EPeter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2064512%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2065242%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20policy%20for%20SharePoint%20site%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2065242%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20as%20SharePoint%20doesnt%20cover%20emailing%20files%20or%20any%20other%20methods%20of%20transferring%20them%2C%20you%20need%20a%20more%20comprehensive%20solution.%20Endpoint%20DLP%20is%20what%20Microsoft%20offers%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fendpoint-dlp-learn-about%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fendpoint-dlp-learn-about%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EAnd%2For%20you%20can%20encrypt%20files%20via%20Azure%20Information%20protection.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

I have setup a DLP policy, not share sensitive information such as SSN, from user's OneDrive. The policy location is set to OneDrive. I have tested the policy, that works as expected.

 

But later I found that user can sync files to their local drive. Or user can download files to their folder. They can email the file on their local drive to external users. 

 

Is there any way I can prevent this issue happen?   

 

Thanks in advance,

Peter

1 Reply

Well, as SharePoint doesnt cover emailing files or any other methods of transferring them, you need a more comprehensive solution. Endpoint DLP is what Microsoft offers: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwi...

And/or you can encrypt files via Azure Information protection.