Endpoint DLP now classifies Azure RMS protected Office documents on Windows devices

🚨 The Signal: Endpoint DLP can now classify Office files on Windows devices that have Azure RMS protection. This classification occurs when files are used in applications or with just-in-time classification enabled.

The Impact

Security teams are affected by enhanced data protection capabilities, reducing the risk of sensitive information exfiltration from Windows devices.

• Security Teams: Reduced risk of data exfiltration for Azure RMS protected Office documents.
• Data Owners: Improved assurance that sensitive information in RMS-protected files is subject to DLP policies.
• Compliance Officers: Enhanced ability to meet regulatory requirements by extending DLP coverage to encrypted content.

The Action

1. Review existing Endpoint DLP policies in the Microsoft Purview compliance portal.
2. Identify policies relevant to Office documents and Windows devices.
3. Consider enabling 'just-in-time classification' for broader coverage if not already active.
4. Test updated policies to ensure proper classification and enforcement for Azure RMS protected files.

Domain: Purview · Impact: high · Workload: Microsoft Purview · Essential Eight: Application Control, Patch Applications, Restrict Administrative Privileges · ISM: ISM-0974, ISM-1654, ISM-1655