Microsoft Purview compliance portal: Endpoint Data Loss Prevention -- Always-on diagnostics for macOS endpoints (Phase 1)

🚨 The Signal: Microsoft Purview Endpoint DLP on macOS now automatically collects detailed diagnostic logs for up to 90 days. This improves troubleshooting for data loss incidents but increases local data storage and potential exposure of sensitive diagnostic information.

The Impact

Security teams and macOS users are affected by increased local storage of diagnostic data, posing a risk of sensitive information exposure if devices are compromised.

• Security Teams: Increased data footprint on macOS endpoints requires review of data handling and retention policies.
• macOS Users: Local storage of detailed diagnostic logs could expose sensitive information if the device is compromised.
• Incident Responders: Access to historical diagnostic data aids in post-incident analysis for DLP events.

The Action

1. Review existing data retention policies for macOS endpoints to ensure compliance with local diagnostic log storage.
2. Assess the security posture of macOS endpoints to mitigate risks associated with increased local sensitive data storage.
3. Update incident response playbooks to leverage the new diagnostic data for EDLP investigations.

Domain: Purview · Impact: medium · Workload: Microsoft Purview