Hey everyone,
I manage IT for a small business with around 20 employees, and we're in a heavily regulated sector. Our goal is to completely block any file uploads from Chrome and Edge to external websites, particularly for files stored on our mapped drives or network shares.
Here's what I've set up so far:
* Network share coverage is enabled in Endpoint DLP.
* I've restricted browser uploads using Service Domains, allowing only our intranet.
* The rule is set to block any file that's 10 KB or larger, regardless of content.
* Just-in-time protection is activated.
* Integration with Defender for Endpoint is confirmed as active.
However, I'm running into issues:
* On Chrome, I can still upload files to certain public sites like Google Translate.
* On Edge, some sites are blocked while others let the uploads go through.
* Uploads from network shares seem inconsistent; occasionally they will be blocked, but then later they might go through without issue.
1. Has anyone successfully created a strict "no uploads anywhere" policy using Purview DLP?
2. Are there any hidden settings I might've overlooked?
3. If Purview can't handle this, what alternatives are you using that are affordable?
2 Answers
It sounds like Endpoint DLP might not be the best fit for a total block on uploads since it’s generally more about facilitating transactions. Have you considered using Intune or Defender's Cloud App to enforce these restrictions completely?
A quick workaround could be to use a file upload blocker extension for the browsers. There's one available on the Chrome Web Store that could help out. But if you really want to dig deeper, you might want to check the WDAC documentation, since I don't think Purview is meant to handle this type of strict policy.
I'm currently using that extension as a stopgap, but I'm a little cautious about relying on third-party tools, especially since this one is from a consultancy that I'm not familiar with.