A unified data governance solution that helps manage, protect, and discover data across your organization
Hey @Magnus Trangard ,
You can’t whitelist Outlook on the Web by app name – Endpoint DLP controls uploads based on the target domain in the browser. To allow your users to keep sending mail via OWA while still blocking uploads to consumer clouds, update your Endpoint DLP settings like this:
- In the Microsoft Purview compliance portal go to Data Loss Prevention > Endpoint DLP Settings > Browser and domain restrictions to sensitive data.
- Under Service domains choose one of two approaches: • Block mode – list only the domains you want to block (e.g. google.com, dropbox.com). Any domain not on that list (including your OWA endpoint) is automatically allowed. • Allow mode – list only your approved domains (e.g. outlook.office.com or your tenant-specific OWA URL). All other cloud service domains will be blocked.
- Click Add cloud service domain, enter the FQDN for your org’s Outlook on the Web endpoint, and Save.
- Publish or republish your DLP policy.
Within a few minutes endpoint agents (Edge for Business or Chrome/Firefox with the Purview extension) will pick up the change, and uploads to your OWA URL will no longer be blocked by the “Upload to a restricted cloud service domain” rule.
References:
https://learn.microsoft.com/purview/dlp-configure-endpoint-settings#browser-and-domain-restrictions-to-sensitive-data
https://learn.microsoft.com/purview/endpoint-dlp-create-policy-unauthorized-cloud-apps-services