Data Loss Prevention Microsoft Purview (DLP) for Endpoint Step By Step Guide and Demo
Вставка
- Опубліковано 7 вер 2024
- This video will cover a step by step guide and demo showing how to configure Data Loss Prevention (DLP) in Microsoft Purview for Windows endpoint devices to block, block with override and audit.
We will create a DLP policy for sensitive information such as drivers license numbers, IP addresses being copied to the clipboard from a document and pasted elsewhere into notepad for example.
We will also cover onboarding to Microsoft Purview from Microsoft Intune for Endpoint DLP. Blocking the copying of Microsoft documents and files to a network share, copying files outside a Remote Desktop Session for RDP, blocking uploading files and data to Cloud Storage like google drive and dropbox. We will also look at auditing in the compliance portal to see alerts and the activity explorer.
👌 Contents of this video 👌
00:06 Intro
01:37 Licensing
01:52 Onboarding Windows Devices to Microsoft Purview from Microsoft Intune
04:15 Configuring Data Loss Prevention (DLP) Settings Overview
07:34 Block service domains
08:19 Configure DLP Policy for Endpoint DLP
12:15 Demo Block Copy to Network Share DLP Policy
13:36 Demo Block Copy from RDP DLP Policy
14:02 Demo Block Copy to Cloud Storage DLP Policy
14:43 Demo Block Copy Paste to Clipboard DLP Policy
15:25 Alerts and Activity Explorer
👌 Check out my Social Media pages 👌
💡 Blog at Cloudinspired.com
www.cloudinspi...
💡 Twitter(X)
/ cloud_inspired
💡 Licensing
learn.microsof...
💡 Subscribe here, new videos posted weekly
/ @cloudinspired
#microsoft365
#microsoft
#purview
#dlp
#azure
This is well timed, im due to start testing device DLP soon. Thanks for the tips 👍
Glad it was helpful!
Great overview of the capabilities. I’m particularly interested in the RDP copy options. Is it possible to prevent copy out of rdp but not into rdp?
I don't think it is possible because it doesn't care about receiving the sensitive information from any channels.
I have created the DLP policy for particular file typelike. .exe,.msi when copy the file to usb device i am unable genarate the alrets for .exe file ,can you olease suggest
Excellant
Thanks Mustafa
Hi, really enjoying watching your videos, such an informative video. Do you know if I onboard a device to use Endpoint DLP protection in my organization and the users using that device have some sensitive contents that I don't want them to leak, will this setup give me an alert if they copy the text to the clipboard and then paste on OneNote on the web?
Thanks Rohit for your kind comment.
Copy to clipboard and block with override as shown in the demo block copy paste to clipboard DLP policy in 00:14:46 should prevent this, as always would need to be tested in your environment.
Hey, excellent video. We're implementing Endpoint DLP but we can't fully enroll the pcs. In Purview, the configuration status is Updated but the Policy Sync Status is Not Updated. The test pcs have the Intune EDR onboarding package and Purview and Intune are connected. The problem may be onboarding into M365, we can't get the two processes in the article you link in the response to run - MdCoreSve and MDDlpSvc. Defender and the Windows 10 OS are at the right version. Any help would be greatly appreciated. Thanks.
Hello and thanks for your comment. Have you checked out and confirmed the requirements in preparing and onboarding devices for DLP learn.microsoft.com/en-us/purview/device-onboarding-overview#prepare-your-windows-devices
When I create the policy, I don't have the option to upload the configuration file?
i have a test environment using business premium license, and when i access security portal - settings i can't see endpoint there! is it because lacking license? can i check the settings from other portals as i have access like to purview portal (compliance) and created a policy for test to scan exchange for credit card but it didn't captured my email including credit card word! any help and tips please
Hi Ehab, there could be multiple reasons for the policy not working. I would confirm that the DLP policies are configured
correctly and enabled from compliance portal. In addition, confirm that the correct content sources are selected.
This article also explains how the DLP compliance portal works with DLP and mail flow rules in the Exchange admin center learn.microsoft.com/en-us/purview/dlp-how-dlp-works-between-admin-centers?view=o365-worldwide
For licensing requirements this should help.
learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started#skusubscriptions-licensing
Hi, I am preparing for my SC 400 exam. Just wondering does that mean for all third party apps, to configure DLP -> require defender of cloud apps; whereas all the Microsoft 365 suites apps, no matter on premises or cloud could be configured on Purview?
Hi, Joyce. Most of the endpoint DLP settings for Purview are shown in the video and listed here that can be applied to endpoints learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings
Defender for Cloud Apps can monitor and enforce restrictions on Microsoft 365 apps i.e SharePoint Online, Exchange Online, OneDrive, Teams. You can also use it to restrict browser access for some supported third-party apps to prevent data leakage. Best of luck with the exam!
Is it possible to use the Purview DLP on Windows Endpoints without the Defender for Endpoint agent?
Hi Travis. Endpoint DLP requires that Windows devices be onboarded into the service to send monitoring data.
Check out the EndPoint DLP onboarding requirements here:
learn.microsoft.com/en-us/purview/device-onboarding-overview#onboard-windows-devices-into-microsoft-365-overview
Will the policy be applied for Windows 11? 23H2
Windows 11 lastest version is supported.