How to apply data loss prevention per-user on OneDrive

When using Locations within a data loss prevention (DLP) rule, especially when targeting OneDrive, the default behavior is to list the main site where all the user information is being stored. However, we don’t have an easy option to define per-user basis.

There is a workaround for this scenario. It is not the prettiest one around, but it could be useful if you have a small number of users who are required to receive a specific data loss prevention policy. The first step is to identify the URL being used by OneDrive for the user that we want to add to the policy. The easy way is to log on the Office 365 portal, and then click on OneDrive from the list of available applications.

When the portal opens, copy the URL, make sure to remove the suffix _layouts/15/onedrive.aspx.

Open the DLP rule that you want to define which user will define which users can receive the information, click on Choose Accounts, and type in the address that we retrieved in the previous step.

The result should be similar to the image below. Add any additional user to the list, and save the rule.

This workaround can be used for a small subset of users due the manual process involved. We can use PowerShell to automate the extraction of the URLs and use it to create/update DLP rules, but still a lot of work has to be done to automate the process.

Featured image: Shutterstock

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Published by
Anderson Patricio

Recent Posts

Azure DevOps Wiki: Manage your project documentation and collaboration

Not being able to find project documentation is way too common. Use Azure DevOps’ built-in…

1 day ago

Samsung Unpacked 2020: Galaxy S20, Galaxy Z Flip, and more

Samsung is again the first major company to roll out new smartphones in the new…

1 day ago

PhotoSquared data leak exposes users’ photos, information

PhotoSquared has experienced a data leak, mainly because the popular U.S.-based photo app failed to…

2 days ago

Moving data from an Azure VM to Storage Account with AzCopy

Here’s an elegant and modern way to move data from your Azure virtual machine to…

2 days ago

A lot not to like: Analysis of recent Facebook data breach

The effects of the recent Facebook data breach are still being felt. In this new…

2 days ago

Exchange 2019: Building an environment from scratch

Are you finally ready to take the plunge into Exchange 2019? If you are building…

3 days ago