Example: Block files uploaded to a specific site:
The Scan-filter (Application Detection Configuration) sets the scope of what is sent to DLP for inspection. Use the folder path to set the specific sites of concern "/sites/CustomerFiles/".
Take care to hit enter when specifying the location so the path is added like below.
Alternatively, add the site directly to the policy. The affect of adding the site to the policy instead of the scan-filter is files from all sites are sent to DLP and then inspected by DLP. By setting the site in the Scan-filter only files for the sites in question are sent to DLP for inspection.
The Benefit of specifying a site in the policy is the flexibility with multiple policies. Setting requirement or exceptions in the Scan Filter it affects ALL policies for that apply to the policy group assigned.
Add a Contextual match for (Cloud Applications and API Detection) with a string value of common.sharepoint and a match of the full site URL.
Alternatively instead of an exact match use use a regex .*CustomerFiles.*
common.sharepoint can be seen in the DLP enforce incident message by selecting the Open Original Message