Microsoft Purview Compliance Portal: Endpoint Data Loss Prevention - Device and Device group-based policy scoping support for Endpoint DLP

🚨 The Signal: Purview Endpoint DLP policies can now target specific devices or device groups, in addition to users. This allows for more granular data loss prevention, enabling different policies for the same user on different machines, enhancing control over sensitive data exfiltration.

The Impact

Security teams and data owners are affected, gaining enhanced control over data exfiltration risks from endpoints.

• Security Teams: Gain granular control over data exfiltration.
• Data Owners: Better protection for sensitive information on endpoints.
• Compliance Officers: Improved ability to demonstrate data protection compliance.
• End Users: Potentially fewer DLP blocks on authorised devices.

The Action

1. Review existing Endpoint DLP policies for opportunities to refine scope.
2. Identify critical device groups requiring specific DLP controls.
3. Create new Endpoint DLP policies targeting devices or device groups via Microsoft Purview Compliance Portal > Data loss prevention > Policies.
4. Test new device-based policies in audit mode before full enforcement.
5. Update internal documentation for DLP policy management to include device-based scoping.

Domain: Purview · Impact: high · Workload: Microsoft Purview