Microsoft is also making Data Loss Prevention available to endpoint devices
Microsoft is now also making its Data Loss Prevention tools available on endpoints. Customers with Microsoft 365 licenses not only protect online services and apps, but also the data on physical Windows 10 devices.
With the new feature, Microsoft 365 users can also deploy policies they set for apps on computers and laptops. This is an extension of Data Loss Prevention, a tool that allows system administrators to determine what end users can do with sensitive data and files. For example, via DLP you can set that users are not allowed to copy data to an external USB stick or a network drive or to print a specific file. Data Loss Prevention is intended to prevent certain files from being leaked by employees.
Data Loss Prevention already worked on online applications such as Sharepoint and Office, but Endpoint Data Loss Prevention can also regulate hardware. The feature works on Windows 10 devices. There will be no new policies that can be controlled, but Microsoft says new notifications will be available to system administrators. For example, notifications come when users use Edge to download or upload certain files to a personal cloud storage.
Endpoint DLP works on the basis of MIME, according to Microsoft, so it does not matter if users change the file extension. In addition to Word files and PDFs, system administrators can also manage files such as Java files, c-files or csv files. In addition, administrators are shown a lot of information about the data transfer when notified, such as the model of the external device or the SHA values.
For now, Endpoint DLP can be used as a public preview. Devices included as endpoints must be in Azure Active Directory and running Windows 10 build 1809 or higher. Chromium Edge must also be installed.