Contents
DLP Policies for Endpoints in Microsoft 365
This course focuses on how data loss prevention policies are used with endpoints within Microsoft 365. Much of the demonstrations will happen within the Microsoft Purview portal, and will show scripts running locally with the command and PowerShell terminals.
Learning Objectives
- Understand the types of protection offered by endpoint DLP policies on devices
- Learn how to onboard a device to endpoint DLP
- Learn how to create a DLP policy to control and report activities on a device
Intended Audience
- Anyone who wants to learn about data loss prevention policies in the context of Microsoft 365 endpoints
- Students preparing for the SC-400: Microsoft Information Protection Administrator exam
Prerequisites
This is an intermediate-level course so an understanding of the fundamentals of Microsoft 365 would be beneficial.
Endpoint DLP policies enable auditing and control of user activity at the source, that is, on the device. Devices are Windows 10 and 11 machines and the latest 3 versions of macOS. Devices must be onboarded, which involves making configuration changes to eligible machines by running a script. The script is essentially the same as that used for Microsoft Defender for Endpoint and can be downloaded from settings device onboarding in the Microsoft Purview portal. As you’d expect, it’s activities performed at the device that is the target of endpoint DLP policies. So, copying files to removable storage, network shares, or Bluetooth devices. You can restrict the use of unallowed browsers and the printing of protected material. These actions can be audited and or blocked. Creating and renaming items can only be audited. Endpoint activity can be viewed through Activity Explorer in the Purview portal, and events can be configured to appear as DLP alerts.
My name is Hallam Webber, and we have been looking at creating and maintaining DLP policies for endpoints in Microsoft 365.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.