How to apply data loss prevention per-user on OneDrive

When using Locations within a data loss prevention (DLP) rule, especially when targeting OneDrive, the default behavior is to list the main site where all the user information is being stored. However, we don’t have an easy option to define per-user basis.

There is a workaround for this scenario. It is not the prettiest one around, but it could be useful if you have a small number of users who are required to receive a specific data loss prevention policy. The first step is to identify the URL being used by OneDrive for the user that we want to add to the policy. The easy way is to log on the Office 365 portal, and then click on OneDrive from the list of available applications.

When the portal opens, copy the URL, make sure to remove the suffix _layouts/15/onedrive.aspx.

Open the DLP rule that you want to define which user will define which users can receive the information, click on Choose Accounts, and type in the address that we retrieved in the previous step.

The result should be similar to the image below. Add any additional user to the list, and save the rule.

This workaround can be used for a small subset of users due the manual process involved. We can use PowerShell to automate the extraction of the URLs and use it to create/update DLP rules, but still a lot of work has to be done to automate the process.

Featured image: Shutterstock

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Published by
Anderson Patricio

Recent Posts

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

2 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

2 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

2 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

3 days ago

IFA 2019: Smart TVs and even smarter wearables unveiled

What will be in your living room or on your wrist this year? It may very likely be one of…

3 days ago

Consider these SD-WAN technologies for faster, more reliable networking

As virtualization becomes a major part of organizations’ infrastructure, these SD-WAN technologies provide faster and more reliable networking solutions.

3 days ago