DLP in ZPA (ZTNA)

I have the below question with respect to ZPA & DLP
Once I use ZPA & provide access to the applications to my end users , how will I be able to achieve security with respect to DLP.
The user will be accessing the application, via ZPA & there are chances that the end user will be able to download the data to end users device.

Would like to know how to prevent this if I am using ZPA(ZTNA)

The Zscaler DLP service only works for ZIA traffic but I wonder if you could bounce your internal traffic through the Service Edge and then through ZPA with IP anchoring.

Not something I would recommend but technically I think it would work.