Microsoft Purview | Endpoint DLP – Support for New Predicates

Originally posted by Microsoft Oct 24, 2023 Uncategorized 0 Comments

With this new feature for Microsoft Purview Data Loss Prevention, we’re introducing support for four new conditions that you can use in your policies for endpoint devices.

This message is associated with Microsoft 365 Roadmap ID 167332

When this will happen:

Preview: We will begin rolling out in mid-October and complete rolling out by late October.

How this will affect your organization:

With this capability, your Microsoft Purview Data Loss Prevention (DLP) policies will be able to detect documents that are unscannable, partially scannable, greater than a specific file size, and if the document name matches configured patterns on Windows endpoint devices. With this capability, you will be able to prevent your users from accessing unscannable files on endpoint and trying an egress action such as copy to a USB, or copy to clipboard, or copying it to another network share, etc.

The four new predicates are:

a. Document Size equals or is greater than: Detects documents is greater than or equal to the specified value.

b. Document Name matches patterns: Detects documents where the file name matches specific patterns.

c. Document couldn’t be scanned: Applies to documents when their content wasn’t scanned. Examples include password protected files, files for which text extraction failed, files that exceed file size limit.

d. Document couldn’t complete scanning: Applies to documents when their content was scanned, however the entire document was not scanned. Examples include files for which extracted text exceeded the limits/thresholds.

Please refer to the supported file types on endpoint, for which these predicates will provide protection.

https://learn.microsoft.com/en-us/purview/endpoint-dlp-learn-about#file-types

What you need to do to prepare:

As part of your DLP Policy definition, you can leverage these conditions across supported/applicable workloads. For example, you can extend the above mentioned four conditions which are already available in DLP for Exchange and scope it to Endpoint/Devices as part of your policies and rules, thereby enhancing your protection across your digital estate.

Get started with Data Loss Prevention in the Microsoft Purview compliance portal.

Learn more: Using Endpoint DLP

Message ID: MC683660

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: