News

Endpoint Data Loss Prevention Service Nears Preview for Microsoft 365

• By Kurt Mackie
• 07/22/2020

A preview of Microsoft's new Endpoint Data Loss Prevention (DLP) service will soon become available to "Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance" subscriptions.

Microsoft's announcement did not give a specific timeline for the preview's release, however.

Endpoint DLP is yet another Microsoft Information Protection scheme, in this case offering protection for data on devices when end users take certain actions. Microsoft Information Protection is built into various Microsoft software products, aimed at preventing the exposure of data outside an organization. Microsoft has created detections for more than 100 data types deemed to be "sensitive," and includes more than 40 templates to address regulations.

Microsoft explained that "Endpoint DLP is native to Windows 10 and the new Microsoft Edge browser." The benefit of this built-in aspect is that there's no additional software to install.

In a separate announcement about the Microsoft Edge browser, Microsoft claimed that "Microsoft Edge is the only browser that natively supports Microsoft Endpoint DLP and eliminates the need to install, maintain and upgrade additional data loss prevention software for the browser." Microsoft further claimed that Edge has strong phishing and malware protections, automatic profile switching within the browser for work and home uses, and an improved Collections feature for gathering site contents, among other improvements. Edge also will be getting FastTrack partner support next month, Microsoft indicated.

Microsoft Information Protection already has support for preventing data leakage across Microsoft 365 applications and "third-party SaaS applications," Microsoft's announcement explained. With the new Endpoint DLP preview, there's now data protections at the device level.

Using Endpoint DLP, IT pros can set policies to block certain end user actions, or just warn them, giving an option to proceed, but all of the actions can get logged. The policies can be set for things like copying files to an external USB device, the clipboard, network file share or cloud storage service. It's possible to set policies on printing sensitive files, too. Policies for "unallowed apps" that try to access sensitive files can be set.

The new Endpoint DLP preview, when available, will show up in the Microsoft 365 Compliance Center portal. The portal now centralizes policy settings for Exchange, SharePoint, OneDrive, Teams and "Devices."