Microsoft’s new Endpoint Data Loss Prevention (DLP) service is now available in public preview to all customers with Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance subscriptions. The new service is designed to help accelerate the deployment of a comprehensive information protection strategy across all environments.
Endpoint DLP complements Microsoft Information Protection (MIP) by extending MIP classification and protection to endpoints. MIP understands and classifies data, protects it, and it provides data loss prevention for Microsoft 365 apps and services. MIP also works with third-party on-premises and cloud applications.
MIP and Endpoint DLP are integrated so that you only need to set up DLP policies once in the Microsoft 365 Compliance Center. The policies are then applied to Microsoft 365 apps and services, like Exchange and Teams, and to endpoints. Endpoints must be running Windows 10 build 1809 or later and joined to Azure Active Directory (Azure AD), or hybrid Azure AD joined.
Before you start using Endpoint DLP, devices must be onboarded in the Microsoft 365 Compliance Center. Microsoft’s new Chromium-based Edge browser must also be installed on endpoints. You can find more information about the onboarding process here.
Microsoft says that Endpoint DLP is native to Windows 10 and that its Edge browser supports Endpoint DLP without the need to install or maintain any additional software. Users are alerted when they perform actions not permitted by policy. Users see actionable policy tips and guidance to help remediate issues when policy is violated. Endpoint DLP alerts have a similar look and feel to those that users already get with MIP.
Because Endpoint DLP is an integral part of MIP, customers can deploy Endpoint DLP without additional consoles, event management systems, databases, or on premises hardware. Microsoft has more than 100 built-in sensitive data types and 40 templates for common industry regulations that can be used with Endpoint DLP. Importantly, customers already using MIP can deploy Endpoint DLP without any reconfiguration.
Policies can be set to audit violations, block violations with the option to override, or block. Endpoint DLP enforces different activities that are unique to endpoints, including:
In the Microsoft 365 Compliance Center, Activity Explorer lets admins view events that indicate risky activity and get more detail on actions, users, and files. Endpoint DLP and MIP integrate with Microsoft Threat Protection and Insider Risk Management.
For more information on Microsoft Endpoint DLP, you can find the documentation on Microsoft’s website here.