You try to upload a file to OneDrive and the upload fails with no clear error message. The file simply stays stuck or shows a generic sync error. This often happens because a Data Loss Prevention policy in your Microsoft 365 tenant silently blocks the file based on its content, such as credit card numbers, personal identification numbers, or other sensitive data. This article explains how to identify which DLP rule is blocking the upload and how to fix the issue for end users and administrators.
Key Takeaways: DLP Policy Blocks Upload in OneDrive
- Microsoft 365 Defender portal > Data Loss Prevention > Policies: Locate the active policy that blocks the file type or sensitive content.
- OneDrive sync client > Settings > Account > View sync problems: Check the detailed error log for the specific DLP rule name.
- Policy tip configuration in Microsoft 365 compliance center: Enable end-user notifications so users see why the upload is blocked.
Why DLP Policies Block Uploads Without Explanation
Data Loss Prevention policies in Microsoft 365 scan files for sensitive information types like credit card numbers, Social Security numbers, or custom regex patterns. When a policy is configured to block uploads, OneDrive stops the file transfer silently. The user sees a generic sync error with no explanation because the policy tip notification is not enabled or the policy is set to block silently. Administrators can view the blocked file in the audit log, but end users have no direct feedback unless policy tips are turned on.
The root cause is that the DLP policy action is set to “Block” without the option “Notify users” enabled. When a policy blocks an upload, OneDrive does not generate a user-facing error message by default. The file remains in the upload queue with a status like “Sync pending” or “Changes not uploaded.” Only the administrator sees the DLP violation in the Microsoft 365 compliance center.
Steps to Identify and Resolve Silent DLP Blocking
Follow these steps to find which DLP policy is blocking the upload and to fix the issue for users.
Step 1: Check the OneDrive Sync Error Log
- Open OneDrive settings
Right-click the OneDrive cloud icon in the system tray and select Settings. - Go to the Account tab
Click Account at the top of the settings window. - View sync problems
Click View sync problems. A list of recent errors appears. Look for an entry that says “Blocked by policy” or “Upload blocked.” - Note the error details
Click the error entry to see the full message. It may include the policy name, such as “DLP Policy: Financial Data.”
Step 2: Locate the DLP Policy in the Compliance Center
- Sign in to the Microsoft 365 Defender portal
Go to https://security.microsoft.com and sign in as a global administrator or compliance administrator. - Navigate to Data Loss Prevention
In the left navigation, select Data Loss Prevention then Policies. - Find the blocking policy
Look for the policy name that matches the error from Step 1. If no name is shown, check policies with the status On that apply to OneDrive locations. - Review the policy actions
Click the policy name to open its details. Under Actions, see if the action is set to Block and whether Notify users is turned off.
Step 3: Enable User Notification for the Policy
- Edit the DLP policy
In the policy details page, click Edit policy. - Go to the Actions section
Scroll to Actions and click Edit actions. - Turn on Notify users
Check the box Notify users with a policy tip. Then select the notification template. Choose Send notification to the user who sent, shared, or modified the content. - Save the policy
Click Save and then Done. Wait up to one hour for the change to propagate.
Step 4: Retry the Upload
- Clear the blocked file
In the OneDrive sync error list, click Clear to remove the blocked file entry. - Upload the file again
Drag the same file into the OneDrive folder. If the policy now has notifications enabled, you will see a pop-up message explaining why the file was blocked.
If the Upload Still Fails Without Explanation
Even after enabling notifications, some users may still see no explanation. Check these additional factors.
The Policy Is Set to Block Without Override
If the DLP policy action is set to Block with no Override option, the upload is blocked entirely. The user cannot bypass the block even with a business justification. In this case, the user must contact the administrator to request an exception or to remove the sensitive data from the file.
The File Contains a Custom Sensitive Info Type
Administrators can create custom sensitive information types using regex or keyword lists. If the block is based on a custom type, the generic error message may not show the specific rule. The administrator must check the Activity explorer in the compliance center to see which rule matched.
The Policy Applies to a Subfolder or Specific Group
Some DLP policies target specific SharePoint sites or OneDrive accounts. If the user is not in the targeted group, the policy may not apply. Check the policy scope under Locations to confirm it covers the user’s OneDrive.
DLP Block Silent vs DLP Block With Notification: Key Differences
| Item | Block Silent | Block With Notification |
|---|---|---|
| User sees error | Generic sync error, no explanation | Specific policy tip explaining the block |
| Administrator audit log | Shows DLP rule match with no user notification | Shows DLP rule match and notification sent |
| User override option | Not available | Can be enabled to allow override with justification |
| File upload outcome | Blocked silently, file stays in sync queue | Blocked with visible message, user can take action |
You can now identify which DLP policy is silently blocking uploads in OneDrive and enable user notifications so your team sees clear explanations. Next, review your DLP policies in the Microsoft 365 Defender portal and consider enabling the override option for low-risk sensitive types. A practical next step is to create a test file containing sample credit card numbers to verify that notifications appear correctly before deploying to all users.