There are several built-in reports available for DLP in the compliance center (https://compliance.microsoft.com), which will be covered in Chapter 9, Managing and Monitoring Data Loss Prevention Policies and Activities.
To monitor the endpoint activities, we will instead use the activity explorer in the compliance center. Navigate to either one of the following places:
- Data classification | Activity explorer
- Data loss prevention | Activity explorer
Using the activity explorer, we can see exactly what our onboarded devices are doing when it comes to creating items, editing items, moving items, and/or sharing them. The information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the activity explorer interface:
Figure 8.20 – The activity explorer shows us all activities performed on endpoints
You can use the activity explorer to drill down into specific events, as described in Figure 8.20, and make sure that your classified or sensitive information is taken care of in the correct manner according to the information security policy in your organization.
This concludes the section about monitoring endpoint activities.
Summary
To summarize, we have taken a deep dive into the wonders of Endpoint DLP in Microsoft 365. This feature will no doubt help guarantee that your information does not leave the organization in any way, shape, or form.
Up next, we have a chapter on how to manage and monitor DLP policies and activities.
Leave a Reply