Microsoft has officially entered the data loss prevention business

Endpoint DLP
(Image credit: Microsoft)

Managing the risks around data has become increasingly complex for organizations as more employees are now working from home than ever before which is why Microsoft has introduced its own data loss prevention (DLP) service.

Currently the software giant prevents data loss across Microsoft 365 apps including Word, PowerPoint, Excel and Outlook, services such as Microsoft Teams, SharePoint and Exchange and third-party SaaS applications in the cloud or on-premise through its built-in Microsoft Information Protection (MIP). By employing a unified data loss prevention approach, Microsoft allows users to set a DLP policy once and have it enforced across all of the services, devices and apps they use everyday.

The company's new Endpoint DLP builds on the labeling and classification used in MIP as well as extends the existing DLP capabilities in Microsoft 365 to help users meet compliance requirements and protect sensitive information on endpoints.

Microsoft's new DLP solution is built into Windows 10, Microsoft 365 apps and Microsoft Edge so that users don't need to deploy additional software on each of their devices. Endpoint DLP is also integrated with Microsoft Defender for Endpoint and the new service provides policy tips to inform users when they are about to violate a policy.

Microsoft Endpoint Data Loss Prevention

Endpoint DLP is now generally available to Microsoft 365 E5/A5 customers and Microsoft has even added additional capabilities to the service based on feedback from its public preview program.

For instance, last month the company announced the addition of integrated unified data loss prevention with Microsoft Cloud App Security (MCAS) in public preview to allow users to extend data protection to third-party cloud apps. This means that when a users tries to share a document in a third-party app, the same DLP policy used in MCAS will be triggered and both an end-user and an admin will receive a notification.

In addition to its integration with Microsoft Defender for Endpoint, Endpoint DLP is also compatible with most antivirus software which gives customers a choice while extending their existing investments.

Microsoft also revealed in a blog post that it is adding sensitivity labels as a condition for its DLP policies, a new dashboard within the Microsoft 365 compliance center to allow users to manage DLP alerts and new conditions and exceptions in preview.

As data continues to grow exponentially, data loss prevention is needed now more than ever and by creating its own DLP service, Microsoft is making it easier for organizations to avoid data leaks.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.