Microsoft endpoint dlp is now available

Effective from Nov 2020, customer using Microsoft operating systems and Edge Chromium browsers can avail endpoint data loss prevention (DLP) capabilities with Microsoft Endpoint DLP solutions. In my recent blog titled ”ENTERPRISE CAN’T PROTECT THREATS, IF THEY DON’T SEE IT“, you’ll find information on integrated DLP vs Enterprise DLP. Organizations earlier had choices of preferring 3rd party solution components to fulfill their Endpoint DLP use-cases, with Microsoft DLP product available now – this could potentially change in future.

Prepare your endpoints for deployment

Microsoft require below functional prerequisites to prepare the endpoints with DLP deployment

  • Windows 10 x64 build 1809 or later
  • Antimalware client version 4.18.2009.7 or newer
  • Devices must be Azure Active Directory (Azure AD) joined or Hybrid Azure AD joined
  • Microsoft Chromium Edge browser
  • SKU/subscription license
    • Microsoft 365 E5 (or) A5 (EDU)
    • Microsoft 365 E5 compliance (or) A5 compliance
    • Microsoft 365 E5 Information protection and governance (or) A5 information protection governance
  • Permissions
    • Global admin
    • Security admin
    • Compliance admin
  • End user computing device on-boarding via
    • Group policy
    • Microsoft Endpoint Configuration Manager
    • Mobile Device Management tools
    • using local script
    • non persistent virtual desktop infrastructure (VDI) machines

Microsoft has limited features that are widely require for any organization today; but constantly enhance its functionalities based on its product road map.

Microsoft Endpoint DLP use cases

Protect sensitive data based on regulatory compliance needs

Microsoft endpoint DLP today has over 40 ready to use templates that supports admins to enable the wide rage of common regulatory and business policy needs that includes, but not limited to

  • Gramm-Leach-Bliley Act (GLBA)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • United States Personally Identifiable Information (U.S. PII)
  • United States Health Insurance Act (HIPAA)

Prevent unintentional or accidental exposure of critical information to unwanted parties

Microsoft 365 provides a range of DLP policy templates to prevent critical information being leaked such as financial, medical and health, privacy and custom defined. with DLP policy customers can prevent unintentional or accidental exposure and take action such as

  • Log the event for auditing purposes
  • Display a warning to the end user who is sending the email or sharing the file
  • Actively block the email or file sharing from taking place

Restrict unwanted activities on Windows devices

Microsoft endpoint DLP performs audit and restrict below activities on windows devices for supported file systems (such as Word, PowerPoint, Excel, etc.) to block, override based on the DLP policies

  • Upload to cloud services
  • Access to unallowed browsers
  • Copy to clipboard
  • Copy to USB removable media
  • Copy to network share
  • Access to unallowed apps
  • Print

Listen to the below Microsoft Endpoint DLP video