Merk
Tilgang til denne siden krever autorisasjon. Du kan prøve å logge på eller endre kataloger.
Tilgang til denne siden krever autorisasjon. Du kan prøve å endre kataloger.
This article provides guidance on using Endpoint Data Loss Prevention (DLP) capabilities within Microsoft Purview to help safeguard sensitive information across organizational devices. It focuses on practical, scenario-based approaches for creating and modifying DLP policies, including auditing, alerting, blocking actions, and enforcing controls on how sensitive data is accessed, shared, or transferred. By addressing common administrative use cases, it helps define how policies can be applied across endpoints and integrated services to monitor and regulate user activity effectively.
By applying these scenarios, administrators can reduce data loss risks, support compliance, and gain better visibility into user activity. This approach helps strengthen data governance and improves the organization’s overall security posture.
Important
These Endpoint DLP scenarios aren't the official procedures for creating and tuning DLP policies. For general situations, see the following topics:
Tip
Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.
Before you begin
SKU and subscription licensing
For information on licensing, see
These scenarios require that you already onboard devices and that they report to Activity explorer. If you didn't onboard devices yet, see Get started with Endpoint data loss prevention.
Important
Before you start, make sure you understand the difference between an unrestricted administrator and an administrative unit restricted administrator. For more information, see Administrative units.
Scenarios
- Create policy to audit activities using a template (audit only mode)
- Create policy to manage printer access using authorization groups
- Create policy to detect and alert on U.S. PII data exposure
- Help prevent unauthorized sensitive data sharing with block actions and allow overrides
- Help prevent risky user activity by monitoring or restricting access to sensitive service domains
- Help prevent leakage of sensitive content by restricting paste actions into browsers
- Help prevent exposure of sensitive files by configuring auto-quarantine for OneDrive sync
- Help prevent sharing of sensitive items with unauthorized cloud apps and services
- Create policy to manage file activities by implementing network exceptions
See also
- Learn about Endpoint data loss prevention
- Get started with Endpoint data loss prevention
- Learn about data loss prevention
- Get started with Activity explorer
- Microsoft Defender for Endpoint
- Onboard Windows 10 and Windows 11 devices into Microsoft Purview overview
- Microsoft 365 subscription
- Microsoft Entra joined
- Download the new Microsoft Edge based on Chromium
- Create and Deploy data loss prevention policies