Category: Monitoring endpoint activities
-
Reviewing and analyzing DLP reports- Microsoft SC-400 Certification
With both the DLP Policy Matches report and the DLP Incidents report page, there is a chart and a table you will be able to view that display information based on their corresponding events. When analyzing both these reports, you have the ability to break down the charts and separate them by either of the…
-
Technical requirements- Microsoft SC-400 Certification
In this chapter, we’ll continue to explore configuring Information Protection within Microsoft 365. There will be an exercise that will require access to Microsoft 365 with Global Administrator rights. If you have followed the exercises from the previous chapter, you should now have the relevant trial licenses; however, if you have not yet created these…
-
Monitoring endpoint activities- Microsoft SC-400 Certification
There are several built-in reports available for DLP in the compliance center (https://compliance.microsoft.com), which will be covered in Chapter 9, Managing and Monitoring Data Loss Prevention Policies and Activities. To monitor the endpoint activities, we will instead use the activity explorer in the compliance center. Navigate to either one of the following places: Using the…
-
Configuring policies for endpoints- Microsoft SC-400 Certification
Now that we are familiar with the different settings available in Endpoint DLP, let’s use this knowledge and configure some DLP policies for endpoints. As usual, we will start by heading over to the compliance center at https://compliance.microsoft.com. As we covered this in the previous chapter, you should now be accustomed to creating a DLP…
-
Configuring Endpoint DLP settings- Microsoft SC-400 Certification
Moving back to the general DLP settings in the Microsoft compliance center, we will now cover the specific settings that are available for Endpoint DLP. The solution enables you to audit and act on several activities users take on sensitive items. The activities available for monitoring are as follows: The following screenshot from a DLP…
-
Technical requirements- Microsoft SC-400 Certification
As always, there are some technical requirements for running Endpoint DLP in your Microsoft environment. These are basically the same as before, but as a reminder we will go through them once more. Microsoft Endpoint DLP is available in the following license subscriptions: Furthermore, the licensing bit is not all the requirements, as usual. You…
-
Implementing data loss prevention policies in test mode- Microsoft SC-400 Certification
When you are configuring data loss prevention policies, it can be hard to understand the full effect on users. Test mode is there so that administrators can make new DLP policies and monitor the effect and usefulness of the policy for users. You will receive an email with the results that contain incident reports, where…
-
Configuring file policies in Microsoft Defender for Cloud Apps- Microsoft SC-400 Certification
The built-in engine for Microsoft Defender for Cloud Apps runs content inspections by removing text from all familiar file types, such as compressed files, Open Office, Office, and several rich text formats, such as XML and HTML. There are three parts within every policy: Once you’ve enabled this, the policy will constantly scan the full…
-
Custom DLP policy with SharePoint sites, OneDrive, and Microsoft Teams – Microsoft SC-400 Certification
You can create DLP policies for SharePoint sites, OneDrive, and Microsoft Teams in the same way you can create custom policies for Exchange Online. As shown in the following screenshot, you can select the appropriate option from the Choose locations to apply the policy page, depending on your requirements: Figure 7.19 – Choosing a Microsoft…