You can create a SharePoint site specifically for Controlled Unclassified Information (CUI) Data, and block the upload of files that are not encrypted.
Prevent your team from uploading specific file types when they sync their OneDrive files
Vault folders can only contain encrypted content. To ensure that users don’t accidentally add unencrypted content to the SharePoint site you’re using to store CUI, you can block users from adding filetypes that are unencrypted. To do so:
- Log into the Microsoft 365 admin center.
- Under Admin centers, click on SharePoint.
- Click on Settings and Sync.
- Check the Block upload of specific file types check box.
- Enter the file name extensions you want to block. You can block file types like:
- .docx
- .xlsx
- .pptx
- .csv
- .txt
- .jpg
- .mp3
- .mpeg
- .png
- .zip
- Include in this list any other file types used in your organization.
- Click Save.