Monitoring endpoint activities- Microsoft SC-400 Certification

There are several built-in reports available for DLP in the compliance center (https://compliance.microsoft.com), which will be covered in Chapter 9, Managing and Monitoring Data Loss Prevention Policies and Activities.

To monitor the endpoint activities, we will instead use the activity explorer in the compliance center. Navigate to either one of the following places:

  • Data classification | Activity explorer
  • Data loss prevention | Activity explorer

Using the activity explorer, we can see exactly what our onboarded devices are doing when it comes to creating items, editing items, moving items, and/or sharing them. The information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the activity explorer interface:

Figure 8.20 – The activity explorer shows us all activities performed on endpoints

You can use the activity explorer to drill down into specific events, as described in Figure 8.20, and make sure that your classified or sensitive information is taken care of in the correct manner according to the information security policy in your organization.

This concludes the section about monitoring endpoint activities.

Summary

To summarize, we have taken a deep dive into the wonders of Endpoint DLP in Microsoft 365. This feature will no doubt help guarantee that your information does not leave the organization in any way, shape, or form.

Up next, we have a chapter on how to manage and monitor DLP policies and activities.

Leave a Reply

Your email address will not be published. Required fields are marked *