Endpoint DLP extends the activity monitoring and protection capabilities of DLP to devices. This way, when sensitive items are used or shared at risky points or through unsafe networks or applications in or out of an office, Endpoint DLP can identify, monitor, and protect the items.
Steps to Configure Endpoint DLP
To set up Endpoint DLP, you need to follow these steps:
Step 1: Enable Endpoint DLP
First, go to the ‘Compliance Center’ and select ‘Data loss prevention’ under ‘Policies & rules’. Then select ‘Endpoint DLP settings’ and choose ‘Turn on Endpoint data loss prevention’.
Step 2: Set up Device Onboarding
End-users need to sign in and access the resources using a Windows device joined to Azure Active Directory (Azure AD). Enabling the device at the Endpoint security node is also necessary.
Enabling can be done under Settings > Endpoints. Select the groups that need to be onboarded and select Add.
Step 3: Create a DLP Policy
A DLP policy outlines what sensitive information you are looking to protect, where this data resides, and the actions required when this specific data is in danger.
Select the Policy & rules > data loss prevention option, then ‘Create a policy’. Then, set the locations to ‘include’ or ‘exclude’ Windows devices.
How Endpoint DLP Works
The Endpoint DLP doesn’t scan files like traditional DLP solutions. Instead, it monitors the system activities and then applies DLP policies to those observed activities. It continuously checks these activities against the rules. For instance, a word document opened in Microsoft Word would trigger a content inspection, If the document contains sensitive information and the user tries to upload it to a personal cloud storage account. This action will violate the DLP policy set.
Examples of Actions Endpoint DLP Can Control
The following table illustrates some of the actions that an Endpoint DLP can control:
| Action | Description |
|---|---|
| Limit sharing | Restrict sensitive data sharing through app or cloud service |
| Access restriction | Prevent copying of sensitive data to external storage |
| Network restriction | Control sensitive data exchange over network |
| Use restriction | Define applications authorized to utilize sensitive data |
However, your actions must always be balanced against productivity. It’s recommended to set Endpoint DLP actions to “Audit” at first to evaluate potential impacts before enabling restrictive actions.
In conclusion, configuring Endpoint DLP settings is an essential part of the information protection process. As a prospective SC-400 Microsoft Information Protection Administrator, understanding how to establish Endpoint DLP is a vital component of your skill set.
Practice Test
True or False: Endpoint DLP settings cannot be configured in Microsoft 365 compliance center.
- True
- False
Answer: False
Explanation: You can configure endpoint DLP settings in the Microsoft 365 compliance center. You can specify rules to protect sensitive information across your organization.
You can create content filtering rules in the endpoint DLP settings.
- True
- False
Answer: True
Explanation: Endpoint DLP settings allow the creation of content filtering rules. These rules help protect sensitive data from unauthorized access and use.
Endpoint Data Loss Prevention (DLP) is an integral part of which Microsoft Suite?
- a) Office 365
- b) Microsoft Teams
- c) OneNote
- d) Windows 10
Answer: a) Office 365
Explanation: Endpoint DLP is a part of Microsoft’s Office 365 suite aimed at preventing sensitive information from leaking outside the organization.
True or False: It is possible to set up notifications with endpoint DLP.
- True
- False
Answer: True
Explanation: You can configure settings to receive notifications when certain events occur related to your DLP policies.
What is the correct sequence for configuring endpoint DLP settings?
- a) Setup device, Enable endpoint DLP, Create policy, Monitor Activity
- b) Enable endpoint DLP, Create policy, Setup device, Monitor Activity
- c) Create policy, Enable endpoint DLP, Setup device, Monitor Activity
- d) Enable endpoint DLP, Setup device, Create policy, Monitor Activity
Answer: b) Enable endpoint DLP, Create policy, Setup device, Monitor Activity
Explanation: The correct sequence for configuring endpoint DLP settings is to first enable endpoint DLP, then create policies, set up the device and monitor the activity.
True or False: It is necessary to reboot the device after enabling endpoint DLP.
- True
- False
Answer: False
Explanation: Enabling endpoint DLP does not necessitate the rebooting of the device.
What provides insights on activities that violate DLP policies across desktop versions of Windows operating systems?
- a) Windows Defender
- b) Azure Active Directory
- c) Endpoint DLP Activity Explorer
- d) Cloud Application Security
Answer: c) Endpoint DLP Activity Explorer
Explanation: Endpoint DLP Activity Explorer provides insights on endpoint activities that match the DLP policy rules across desktop versions of Windows operating systems.
In Endpoint DLP, which site specifies what happens when sensitive items are discovered in your organization’s network?
- a) Sensitive Information Type
- b) DLP Policy Tips
- c) DLP Policy Rule
- d) Incident Reports
Answer: c) DLP Policy Rule
Explanation: In Endpoint DLP, the DLP Policy Rule specifies what happens when the system discovers sensitive items.
Can you provide user overrides for endpoint DLP?
- True
- False
Answer: True
Explanation: User overrides can be provided in endpoint DLP, granting users the ability to override the policy under justification.
In the context of Endpoint DLP, what does FCI stand for?
- a) Full Content Indexing
- b) Federal Classification Interface.
- c) File Classification Infrastructure
- d) None of the above
Answer: c) File Classification Infrastructure
Explanation: In the context of Endpoint DLP, FCI stands for File Classification Infrastructure, which provides insight into your data by automating classification processes.
Interview Questions
What is the primary role of an SC-400 Microsoft Information Protection Administrator in configuring endpoint DLP settings?
The primary role is to understand, implement, and manage the Microsoft 365 compliance solutions for their organization, focusing on information protection. This can involve configuring endpoint DLP settings to prevent accidental data leaks and secure sensitive information.
What is Endpoint DLP in the context of Microsoft 365?
Endpoint DLP, or Data Loss Prevention, is a feature in Microsoft 365 that allows administrators to monitor and control sensitive information on organization-owned devices.
Where is the option to configure endpoint DLP settings found in the Microsoft 365 compliance center?
The option is found by going to Policies > Data loss prevention > Endpoint data loss prevention.
What is the difference between High, Medium, and Low settings when configuring Endpoint DLP?
The High, Medium, and Low settings refer to the severity of the incident that might occur if the data in question is leaked. A ‘High’ setting would be applied to extremely sensitive data that, if leaked, could cause significant harm to the organization.
What role-based access control (RBAC) roles do you need to create and manage endpoint DLP policies?
You need to be a Global admin, Compliance admin, or Compliance data admin in order to create and manage endpoint DLP policies.
How can Endpoint DLP mitigate the risk of sensitive data being transmitted outside a company?
Endpoint DLP can identify sensitive information like credit card numbers or social security numbers, and prevent this information from being transmitted outside the organization through alerts and restrictions on unallowed activities.
What are the steps to create an endpoint DLP policy in compliance.microsoft.com?
Navigate to Policies > Data loss prevention > Create policy > Custom > Next. Provide a name and description, select locations to apply the policy, add conditions, and define actions and user notifications.
Specifically, what types of data can Microsoft Endpoint DLP protect?
Microsoft Endpoint DLP can protect a variety of sensitive information types including Social Security numbers, credit card numbers, bank account numbers, passport numbers, and other personally identifiable information (PII) or confidential business data.
Are individual files opened in cloud-based applications protected by Endpoint DLP?
Yes, Endpoint DLP extends to cloud-based applications, effectively protecting individual files that contain sensitive data and are opened within those applications.
Can Endpoint DLP protect data on non-Microsoft applications?
Yes, as long as they are using Windows 10, the Endpoint DLP solution can monitor and apply DLP policies to content in non-Microsoft applications.
Can endpoints be disconnected from the Endpoint DLP policies?
Yes, you have the option to disconnect specific endpoints from the Endpoint DLP policies. The designated endpoints will not be subject to the DLP rules.
How are Endpoint DLP policy violations reported?
Policy violations are reported through the Microsoft 365 compliance center’s activity explorer. This tool provides detailed information on DLP policy matches, including when and where the match occurred, and actions taken as a result.
Can you use Endpoint DLP without enabling Microsoft Defender for Endpoint?
No, Endpoint DLP requires that Microsoft Defender for Endpoint be enabled and correctly configured on the devices where you want to implement DLP.
How long does it usually take for DLP policy changes to take effect on endpoints?
It generally takes 15 minutes for policy changes to propagate and take effect on endpoints, though in some cases it can take up to an hour.
Can non-admin users view and manage Endpoint DLP violations?
No, only administrators with the necessary role-based access control (RBAC) can view and manage Endpoint DLP policy matches and violations.
extutorials.com