Microsoft Endpoint DLP: Create a Policy & Test! (using Sensitivity Label as the trigger)
HTML-код
- Опубликовано: 7 сен 2024
- How to create a Microsoft Endpoint Data Loss Prevention (DLP) policy to apply to Windows 10 devices, and use a custom Microsoft Information Protection Sensitivity Label to trigger the DLP policy. Oh by the way...
I'm really sorry, I totally forgot to show you what override looks like in this video - so I created another video to demo that.
Excellent video Matt! I liked how you explained it quickly and to the point.
Hey Matt, great video as usual! I'm getting ready to work with a few customers to do this so these videos have been so helpful! Question on enabling sensitivity labels for OneDrive, SharePoint Online, and Teams. I have followed the steps from the linked documentation on the create a label screen and performed the activation steps and/or PowerShell commands with no success. Not sure how to troubleshoot it to see why it's not active in my tenant (M365 E5).
I resolved my issue. I re-ran the prerequisite PowerShell commands.
Glad you figured it out!
Excellent video. I have question for you. I can turn on all the office365 app locations while creating the policy. But the device option is not available for me. Do you know why?
Were you able to find a solution for this? I'm stuck on the same issue.
Matt, great video. Did you do an EDM video?
Not yet, will be doing one in Feb
Hey, Matt, great video, thank you. I have one question regarding copy/paste restriction though. Does it work the same way as in sensitivity labels? The problem is - you cannot copy inside equally categorized documents or even within document itself. Now imagine working in excel without possibility to copy cells. Copy/paste restrictions outside of “safe environment” are one of crucial information protection methods and in this case, they are not implemented in the best way IMO. By the way - within MAM copy/paste between company documents is completely fine, so this can be done. What are your thoughts on this?
Endpoint DLP allows you to copy/paste data inside the protected document.
@@MattSoseman Perfect, thanks! I do hope, that MS will use same capability in simple security labels (without the endpoint)
Have you observed how long it took before your settings work on the endpoint?
1. If we block dropbox, are all subdomains/client specifics (Wildcard) domains included in the block?
2. Is there a capped limit to the number of domains that we can add to block or allow?
Do you have any guidance about when to create a DLP that applies to multiple locations vs creating separate DLP policies for each location. A video that discusses the pro/cons and limitations of each approach would be helpful
Hey, could AIP scanner reposotaries is what you are looking for?
I wish someone would answer this specific question - have you ever found an answer to this?
Hello Matt, this is a great video to start with. Is there also any troubleshooting link from Microsoft? As in my case I have done this and on the endpoint the policies are still not working. Is there a way we can confirm if the endpoint has even received the policy?
Did you watch the previous video on how to setup and configure? Make sure you have the correct licensing assigned to the user and ensure the device is onboarded
@@MattSoseman Yes Matt, I have the license in place and the device is also onboarded still nothing seems to be working. Hence I was looking for any troubleshooting steps.
Thank you bro
Hi Matt, Excellent video it is a very important content. I have a questions for you, when you created a DLP rule and add the two content conditions, you didn't select the options for (all of these) you kept the setting for (any of these) you can see in minute 3:33. So, I think the policy will be trigger with any of the content conditions (SIT or Labels), not both.
Good catch, you're right. If it's set to "All of These" then both the label and sensitive information type need to be present to trigger. Whereas if it's set to "any" it's either/or.