Tuesday, April 19, 2022

Announcing general availability of Microsoft Purview Data Loss Prevention for macOS endpoints

As workplaces transition from remote to hybrid, workers are moving fluidly between work and home devices and networks. This shift poses new set of challenges, and organizations are concerned about worker’s inadvertent mistakes and unsafe data practices leading to more data breaches and exfiltration. Additionally, the great reshuffle is fueling the great exfiltration - with 29% of workers downloading and storing more sensitive corporate data, and 15% uploading more corporate data to personal cloud apps in 2021 as compared to 2020 [1]. Organizations are scrambling to prevent data exfiltration in the cloud and across platforms and applications.


Today we announced Microsoft Purview - a comprehensive set of solutions that help you govern, protect, and manage your entire data estate. This new brand family combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization. As part of this announcement, Office 365 Data Loss Prevention will now be called Microsoft Purview Data Loss Prevention (DLP).


Microsoft Purview DLP helps users make the right decisions and take the right actions while using sensitive data, therefore helping balance security and productivity. Microsoft Purview DLP leverages sensitivity labels from Microsoft Purview Information Protection to create and enforce policies to prevent sensitive data exfiltration through common egress points. Microsoft Purview Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate – in Microsoft 365 cloud services, on-premises data stores, endpoints and mobile devices, third-party SaaS applications, and more. Microsoft Purview DLP is part of Microsoft Purview Information Protection and is offered and managed as a single, integrated, and extensible offering that allows organizations to manage their DLP policies from a single location and has a familiar user experience for both administrators and end-users.  


Today we are extremely pleased to announce the general availability of Microsoft Purview Data Loss Prevention for macOS endpoints, enabling organizations to extend their endpoint DLP insights and controls to devices running macOS (Catalina or higher). We know that macOS is an important platform for our customers and are excited to continue to invest in supporting our customers’ multi-platform strategy.



“The endpoint DLP capabilities for macOS help us improve the security posture of our non-windows devices as it alerts users of inappropriate or risky actions on sensitive data and provides actionable policy tips and remediation guidance. This provides Intact the ability to quickly identify and block potential data exfiltration on macOS in addition to Windows” said Sophony Anselme, IT Technical Advisor Specialist, Intact Financial Corporation.


Microsoft Purview DLP helps your organization to move away from a disparate set of tools and benefit from a unified solution that helps detect the use of sensitive data, remediates policy violations, and educates users on how best to handle sensitive data at the endpoint, on-premises, and in the cloud. You can manage your endpoint DLP policies for macOS from the same place in the Microsoft Purview compliance portal where you manage your DLP policies for other workloads, making it easy to extend your policies and custom sensitive identifiers to macOS endpoints without extensive reconfiguration. Learn more here.


“At Avanade, we are committed to ensuring we have the right processes and technologies in place to keep our people, our data, and our clients safe without hampering employee productivity, and Microsoft’s Endpoint DLP capabilities help us do just that. In addition to Windows, we are now able to enforce the same DLP policies on the Mac endpoints and prevent inappropriate or risky sharing, transfer, and use of sensitive information and quickly identify and prevent potential risks to Avanade.” – said Erika Ludwig, Information Security Manager, Avanade.


DLP for macOS endpoints is a continuation of our promise to extend DLP support for non-Microsoft environments. We previously announced support for Chrome browser through the Microsoft Purview extension for Chrome and various cloud apps such as Dropbox, Box, Google Drive, and others through the integration with Microsoft Defender for Cloud Apps.


Recent endpoint DLP capabilities

In addition to the general availability of endpoint DLP for macOS, we are excited to announce the following recent capabilities that provide additional controls to protect sensitive information on Windows endpoints.

  • Public preview of controls that are designed to give you the flexibility to scope different access restrictions to sensitive files when they are accessed by different applications. This will allow you to create groups of sanctioned or unsanctioned applications and scope policies to control access of sensitive information by individual applications in the application groups. Learn more here.Picture1.png

Figure 1: Restricted app groups settings in endpoint DLP

General availability of

  • Controls for advanced classification scanning and protection that allows the advanced Microsoft Purview cloud-based data classification service to scan items, classify them, and return the results to the local machine. This means you can take advantage of exact data match classification and named entities classification techniques in your endpoint DLP policies. Learn more here.
  • Controls to help identify whether a file is sensitive based on the file’s type or extension. This will allow you to add contextual conditions in addition to content-based conditions to detect and protect even more content types such as CAD drawing files, video and audio files, and custom file types used in your specific industry. Learn more here
  • Controls to help detect when sensitive files are created and added to archives such as ZIP or ARJ and apply restrictions to archive files when they contain sensitive files, reducing the risk of sensitive data exfiltration through concealment in archive files.
  • Flexibility to detect the presence of sensitive data stored in documents authored using a region-specific character set, including Simplified Chinese, traditional Chinese, Japanese, and Korean. 

Increasing DLP value across different workloads

In addition to endpoint DLP capabilities, we are continuing to add value to Microsoft Purview DLP across several workloads with the general availability of the following capabilities

  • Capability to scope new and existing Microsoft Teams DLP policies to automatically protect the content shared as part of the Teams team and chats, allowing you to use the same DLP policy rules and actions on the associated SharePoint sites and OneDrive for Business folder that stores documents shared by users within that team or channel. Learn more here.
  • More flexibility and granular controls during DLP policy authoring with five new conditions for SharePoint Online and OneDrive for Business.  
    • Document name contains words or phrases
    • Document name matches patterns
    • Document size over
    • Document created by
    • Document created by member of
  • On-premises DLP capabilities for Gov customers, providing visibility and control needed to help protect sensitive items at rest, in file shares and SharePoint document libraries. You will be able to create DLP policies and see activities on the sensitive data in the familiar Activity explorer in the Microsoft Purview compliance portal, along with any activities for DLP policies that are applicable to your cloud and endpoint workloads. Learn more here.

Leverage your Microsoft Purview Information Protection investments in DLP

You can reuse your investments in Microsoft Purview Information Protection’s unified classification and labelling across Microsoft Purview solutions, including DLP. We are excited to share that DLP policies will support the 50 new Sensitive Information Types (SITs) and 10 new enhanced policy templates spanning Financial, Medical, Health, and Privacy. These new SITs will make it easier to detect person names, physical addresses, and a rich set of medical conditions and terms, enabling your organization to detect sensitive personal data with improved efficiency and accuracy. You can read more about these capabilities in this blog.


Get Started 

We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial. By enabling the trial in the compliance portal, you can quickly start using all capabilities of Microsoft Purview, including Insider Risk Management, Records Management, Audit, eDiscovery, Communication Compliance, Information Protection, Data Loss Prevention, and Compliance Manager.  


Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial (an active Microsoft 365 E3 subscription is required as a prerequisite).  


Additional resources:

  • Read this blog to learn more about the Microsoft Purview announcement
  • Watch these videos to learn more about Microsoft’s approach to unified DLP, endpoint DLP, and maximizing the value of DLP
  • Listen to this podcast on Microsoft Purview DLP.
  • Learn more about using sensitivity labels as a condition for DLP policies here
  • Learn more about sensitivity labels here
  • Learn more about Predicates for unified DLP here
  • Read this blog for the latest on Microsoft Purview Information Protection

We look forward to your feedback!


Thank you, 

The Microsoft Purview Information Protection Team


[1] With the ‘Great Resignation’ comes the ‘Great Exfiltration’, SECURITYWEEK, Jan 2022



Posted at https://sl.advdat.com/3JXfkHuhttps://sl.advdat.com/3JXfkHu