Microsoft Purview | Endpoint Data Loss Prevention: New Allow and Off modes for each activity

Originally posted by Microsoft Feb 21, 2025 Uncategorized 0 Comments

Microsoft Purview Endpoint DLP is adding two new modes, “Off” and “Allow,” to the existing “Audit only,” “Block,” and “Block with override” options. The rollout will occur in March 2025. These modes will be available by default, and prerequisites include specific Defender Antimalware client versions. No admin action is required before the rollout.

Before this rollout, Microsoft Endpoint data loss prevention (Endpoint DLP) supports Audit only, Block, and Block with override on the Create policy page in Microsoft Purview | Endpoint DLP. This rollout will add two new modes: Off and Allow.

This message is associated with Microsoft 365 Roadmap ID 480731.

When this will happen:

General Availability (Worldwide): We will begin rolling out early March 2025 and expect to complete by mid-March 2025.

How this will affect your organization:

The two new modes are:

  • Off: Endpoint DLP will not trigger events or Alerts and will not trigger notifications. You can use this enforcement mode to configure restrictions for a specific group.
  • Allow: Endpoint DLP will not trigger Alerts and will not trigger notifications but will trigger events in Activity explorer.

In Microsoft Purview, the new Allow and Off enforcement modes on the Create policy page for Endpoint DLP:

admin controlsView image in new tab

The new modes will be available by default for admins to configure.

What you need to do to prepare:

You will need these prerequisites to use the new modes:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.

  1. All prerequisites in Onboard Windows devices into Microsoft 365 overview | Microsoft Learn
  2. A Defender Antimalware client version higher than 4.18.25010. To find the version of Microsoft Defender (Windows Defender) Antimalware, follow these steps:
    1. Open Windows Security.
    2. Click on the Settings gear icon.
    3. Look for the About link.
    4. The About page contains the version information for the Windows Defender components.

Message ID: MC1012244

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: