Microsoft Purview DLP Paste Blocking Differences Across Browsers in Microsoft 365 Business Premium

The behavior you're observing with Microsoft Purview DLP policies regarding copy-paste and file uploads across different browsers is influenced by how these browsers interact with the DLP settings.

1. Paste Blocking: The Paste to browser action is supported in Microsoft Edge and Google Chrome (with the Microsoft Purview extension). However, for Mozilla Firefox and Brave, while file uploads are blocked, the paste action may not be enforced as effectively. This is likely due to the fact that the paste action in these browsers does not follow the same behavior defined in the Service Domain list unless the appropriate extensions are installed and configured. The Paste to browser action does not work with the Service domains endpoint DLP setting, which could explain why you're seeing inconsistencies.
2. File Upload Blocking: File uploads are detected and blocked in Firefox and Brave when users attempt to upload items to restricted service domains. This functionality is supported as long as the Microsoft Purview extension is installed in the browsers that support it.

To ensure consistent DLP enforcement across all browsers, consider the following best practices:

• Install Microsoft Purview Extensions: Ensure that the Microsoft Purview extension is installed in Firefox and any other browsers you wish to enforce DLP policies on.
• Regularly Update Browsers and Extensions: Keep all browsers and extensions updated to the latest versions to ensure compatibility with DLP features.
• Review DLP Policy Configurations: Double-check your DLP policy settings to ensure they are correctly configured for all browsers, including any exceptions or specific rules that may apply to different browsers.
• Test DLP Policies: Conduct regular testing of your DLP policies across all supported browsers to identify any discrepancies in behavior and address them promptly.

By following these practices, you can enhance the effectiveness of your DLP policies across different browsers.

Update posted in the question

Hi @Atharva Deshpande **

**Thank you for contacting to Microsoft QA, below are few step-by-step mitigation details that may help you to resolve the issue.

It seems you’re noticing some inconsistencies with Microsoft Purview DLP policies when using different browsers, especially around copy-paste functionality. Let’s break it down and make sense of what’s happening:

Why File Uploads Are Blocked but Copy-Paste Isn’t

• File Operations vs. Copy-Paste: DLP policies are designed to monitor file-level actions like uploads and printing. Copying and pasting text is treated differently because it doesn’t always count as a file operation. Restrictions usually kick in based on content classification, which may not apply to simple text copied from apps like Word or a browser.
• Browser Differences: Browsers like Edge and Chrome (both Chromium-based) work more smoothly with Microsoft Purview DLP because they support the necessary APIs for clipboard monitoring. Firefox and Brave don’t fully support these APIs, which is why copy-paste enforcement can feel inconsistent.

How to Make DLP Enforcement More Consistent

• Check Sensitive Info Types: Ensure your DLP policy is set up to detect the right sensitive data types (e.g., PII, credit card numbers). Generic text often won’t trigger any blocks.
• Test in Microsoft Edge: Edge offers the best integration for clipboard monitoring and DLP actions, so it’s ideal for testing.
• Consider App Control: If you need stricter copy-paste prevention, combine DLP with AppLocker or Microsoft Defender for Endpoint policies for a more robust approach.
• Look into Protected Clipboard: This feature (currently in preview) in Microsoft Edge for Business gives organizations better control over copy-paste actions, helping prevent data from being pasted into unmanaged apps or outside approved boundaries.