Configuring DLP to Trigger only on Specific O365 SharePoint Sites
search cancel

Configuring DLP to Trigger only on Specific O365 SharePoint Sites


Article ID: 228362


Updated On:


CASB Securlet SAAS With DLP-CDS Data Loss Prevention Data Loss Prevention Enforce Data Loss Prevention Cloud Detection Service for REST


Example: Block files uploaded to a specific site:


The Scan-filter (Application Detection Configuration) sets the scope of what is sent to DLP for inspection. Use the folder path to set the specific sites of concern "/sites/CustomerFiles/".

Take care to hit enter when specifying the location so the path is added like below.


Alternatively, add the site directly to the policy.  The affect of adding the site to the policy instead of the scan-filter is files from all sites are sent to DLP and then inspected by DLP. By setting the site in the Scan-filter only files for the sites in question are sent to DLP for inspection.

The Benefit of specifying a site in the policy is the flexibility with multiple policies. Setting requirement or exceptions in the Scan Filter it affects ALL policies for that apply to the policy group assigned.

Add a Contextual match for (Cloud Applications and API Detection) with a string value of common.sharepoint  and a match of the full site URL.

Alternatively instead of an exact match use use a regex  .*CustomerFiles.*

Additional Information

common.sharepoint  can be seen in the DLP enforce incident message by selecting the Open Original Message