Endpoint Data Loss

Prevention Microsoft 365

Information Protection & Governance
Protect and govern data – wherever it lives

Understand your data Prevent accidental

landscape and identify KNOW PREVENT oversharing of sensitive
important data across your information
hybrid environment YOUR DATA DATA
LOSS

Apply flexible
protection actions PROTECT GOVERN Automatically retain,
including encryption, delete, and store data
access restrictions and
YOUR DATA YOUR DATA and records in a
visual markings compliant manner

Powered by an intelligent platform

Unified approach to automatic data classification, policy management, analytics and
APIs
DLP Solution
Overview
Comprehensive support across workloads

Future: Expand
Exchang Teams SharePoint, Endpoint Non- On-prem to non-M365
e OneDrive Microsoft file workloads
Online Clouds and shares
SaaS apps

Unified and integrated experiences

Guided Unified & flexible Integrated with Unified alerting & Integrated end-user
onboarding policy management MIP Remediation experiences
 Unified and integrated
experiences - Cloud native, no on-prem infra required
- Out-of-the-box analytics, no policy needed
Easy onboarding - Tailored experience for policy creation, driven by
insights from analytics (underway)

- Single console to control movement of

Unified, flexible
sensitive information across devices, apps,
policy management and services
& enforcement - Rich policy controls
Admin

Integrated with MIP - Leverage 100+ sensitive information types,

classification & functions, custom patterns & dictionaries
labels - Labels integrated with DLP policy (preview)

-
Notify data officer when sensitive data is
Unified alerting and exposed, with rich incident details and triage
remediation - SIEM integration – API support to retrieve
audit and alert data, and remediate
End user

Integrated end-user - Native experiences in Office, Windows, Edge,

experiences and other apps helps preserve user
productivity
Easy
onboarding

Cloud native, no on-

prem infra required

Out-of-the-box
analytics, no
policy needed

Tailored experience for

policy creation, driven
by insights from
analytics (underway)
Unified, flexible policy management &
enforcement

Configure policies across

devices, apps and services in
the Microsoft 365
Compliance center

Rich flexibility in configuring

Lorem Ipsum (future locations)
rules and enforcement
actions
Integrated with MIP classification &
labels

100+ sensitive information types

40+ built-in policy templates for

common industry regulations
and compliance needs.

Labels as conditions in DLP

policy
(preview)
Unified alerting and
remediation
Alert : DLP rule match detected : “CCN
Rule” in “Sensitive Data Policy”

Rich detail to
triage
2 and remediate

API support
enabling SIEM
integration

This enhanced experience is work-in-progress, not live yet

API for analytics, SIEM
integration
Available via the Office 365 Management Activity API
• REST-based API exposing audit events
• ISVs can build rich compliance-oriented applications.
• Customer data is not accessible unless customer grants consent to application
• Documentation here: https://msdn.microsoft.com/en-us/office-365/get-started-with-office-365-management-apis

2 types of DLP events:

Exposed via this Content Type Required
DLP event type Available Data in Activity API Permission

• Document or Email that triggered the hit

Read Activity Data
Non-sensitive • User that triggered the hit Audit.Exchange
Audit.SharePoin
for your
• Policy, Rule t
organization
• Actions taken
• Type of sensitive data detected (e.g. Credit card)

All non-sensitive data, plus: Read DLP policy

events including
Sensitive • Value of sensitive data (e.g. Visa 4916-6867-9255-1997) Dlp.All
sensitive data
Integrated end-user
experiences
Built-in experiences in Office, Windows,
Edge, and other apps helps preserve
user productivity

Policy Tips help educate users when

they
are about to violate a policy.

Supported across platforms:

desktop, web, and mobile apps.
Integrated end-user
experiences

Built-in experiences in Office, Windows,

Edge, and other apps helps preserve
user productivity

Policy Tips help educate users when

they
are about to violate a policy.

Available across platforms: desktop,

web, and mobile apps.
DLP enforcement across devices, apps,
services

Email & Documen Cloud

chat ts services
DLP policies for DLP policies for Office Microsoft Cloud App Security
Exchange Online, apps, SharePoint Online, DLP policies for sensitive
Microsoft OneDrive for Business information in 3rd-party
Teams cloud services
Announcing Endpoint Data Loss
Prevention
Identify and protect information on endpoints

Native protection
Built-in to Windows 10, Office Apps, Edge – no agent required

Seamless deployment
Cloud-delivered, lightweight configuration leads to immediate
value

Integrated
Integrations (e.g. with Microsoft Information Protection)
build on existing capabilities and focus on risks that matter
Key customer pain
points

Friction Difficult to manage Effectiveness

On-prem infrastructure “You can’t protect what you can’t see” Heavy handed lockdown
Endpoint agent Complicated policies Siloed solution
DLP from the ‘outside-
in’
Large system footprint
Next generation Endpoint
DLP

Quick time to value

Seamless

Data-centric,
Risk-aware
Seamle
ss

Cloud delivered Built into Microsoft apps

No on-premise infrastructure Reliable and performant DLP from the inside

Built into Windows 10 Plug & play for MDATP customers

No agent on Windows Just own the license
 Quick time to
value
Discover sensitive data on devices on day 1
• Audit activity of common file types with rich context
• Data classification without any policy
• Data driven policy orchestration

Integrated to MIP
• Managed through Microsoft Compliance Center
• Single click extends existing DLP policies to devices
Data-centric,Risk-
aware
Data-centric protection
• Content-centric auditing and enforcement
• Apply sensitivity label and encryption (future)

DLP Threat Protection

• Prioritize incident response based on data sensitivity
• DLP sensors and data exfil detection in MDATP
• Risk-aware DLP policies (future)
• Serves as Insider Risk Management endpoint sensor
Demo
Video
Endpoint Data Loss
Prevention
Identify and protect information on endpoints

Native protection
Built-in to Windows 10 (1809+), Office Apps, Edge – no
agent required From private preview customers

“Deployment is a breeze”
Seamless deployment “It plugs into my M365 DLP eco-
Cloud-delivered, lightweight configuration leads to immediate system”
value “Bridges the visibility gap for data
on endpoints”
Integrated
Integrations (e.g. with Microsoft Information Protection)
build on existing capabilities and focus on risks that
matter

Public preview July 30 (ETA)

GA Q4 CY20
Endpoint Data Loss
Prevention
Technical Requirements

Operation System
Windows 10, builds 1809 and up.

License
• Microsoft 365 E5/A5
• Microsoft 365 E5/A5 Compliance
• Microsoft 365 E5/A5 Information Protection and Governance
• Microsoft 365 E5 Information Protection + DLP (add-on)
Endpoint DLP
Microsoft 365 E5/A5
Licensing
•
• Microsoft 365 E5/A5 Compliance
• Microsoft 365 E5/A5 Information Protection and
Governance
• Microsoft 365 E5 Information Protection + DLP (add-on)
Microsoft 365 E5 Compliance
Pre-req: M365 E3/A3 or Office 365 E3 + EMS E3

M365 E5 Info Protection & Governance M365 E5 Insider Risk Management M365 E5 eDiscovery and Audit

Information Protection and Governance: Advanced Audit

Insider Risk Management
• Records Management
Communication Compliance Advanced eDiscovery
• Rules-based automatic classification
and retention Information Barriers
• Machine Learning-based automatic Customer Lockbox
classification and retention
Privileged Access
Microsoft Cloud App Security
Management
(MCAS) Communication DLP (Teams
chat)
Endpoint DLP
Customer Key Pre-req: Any M365 or Office 365 plan
Advanced Message Encryption Pre-req: Any M365 or Office 365 plan
Pre-req: Any M365 plan or [any Office 365
plan + Azure Info Protection Plan 1/EMS]

See Microsoft 365 licensing guidance for security & compliance for detailed guidance and license
Endpoint DLP
Roadmap

Improvements to MIP integration Data-centric protection

Cross-Platform, cross-browser Enhanced visibility

Data-aware threat protection,

Advanceddata classification
Risk-aware DLP policies
Q&
A
Thank
you!