search cancel

Configuring DLP to Trigger only on Specific O365 SharePoint Sites

book

Article ID: 228362

calendar_today

Updated On:

Products

CASB Securlet SAAS With DLP-CDS Data Loss Prevention Data Loss Prevention Enforce Data Loss Prevention Cloud Detection Service for REST

Issue/Introduction

Example: Block files uploaded to a specific site:

https://companyName.sharepoint.com/sites/CustomerFiles/

Resolution

The Scan-filter (Application Detection Configuration) sets the scope of what is sent to DLP for inspection. Use the folder path to set the specific sites of concern "/sites/CustomerFiles/".

Take care to hit enter when specifying the location so the path is added like below.

 

Alternatively, add the site directly to the policy.  The affect of adding the site to the policy instead of the scan-filter is files from all sites are sent to DLP and then inspected by DLP. By setting the site in the Scan-filter only files for the sites in question are sent to DLP for inspection.

The Benefit of specifying a site in the policy is the flexibility with multiple policies. Setting requirement or exceptions in the Scan Filter it affects ALL policies for that apply to the policy group assigned.

Add a Contextual match for (Cloud Applications and API Detection) with a string value of common.sharepoint  and a match of the full site URL.

Alternatively instead of an exact match use use a regex  .*CustomerFiles.*

Additional Information

common.sharepoint  can be seen in the DLP enforce incident message by selecting the Open Original Message

Attachments