Native Information Protection with Microsoft Endpoint Data Loss Prevention
The loss of important company data has always been a nightmare of every company. The consequences can be enormous.
The topic “protection against data loss” is more relevant than ever, especially this year.
The Corona Pandemic has created many new challenges.
For a long time now, sensitive data has no longer been subject only to the sovereignty of the company’s own four network walls “on-premise”, but is additionally scattered in various cloud resources, on employees’ mobile devices and notebooks, as well as in other locations.
The year 2020 can confidently be called the “Year of the Home Office“.
Working from home has become the rule rather than the exception.
This increases the risk of (accidental) data loss.
But what exactly is data loss and why can it have fatal consequences?
The term data loss itself is actuallyquite self-explanatory.
According to Wikipedia, data loss is
Data loss is an error condition in information systems in which information is destroyed by failures (like failed spindle motors or head crashes on hard drives) or neglect (like mishandling, careless handling or storage under unsuitable conditions) in storage, transmission, or processing. Data loss can also occur if the physical medium containing the data is lost or stolen.
We solely focus on the “neglect” part here. I divide the possible consequences into three exemplary levels:
- Loss of reputation
Loss of reputation through the public disclosure of customer master data or internal communication.
- direct financial losses
Direct financial losses can arise, for example, if internal price lists or cost calculations are made known to the competition.
- Violations of the current legal situation
Violations of the current legal situation can be summarized by one term: GDPR.
Microsoft had recognized this challenge in time and well before Corona, and since July 21st, 2020, it has been offering a further fundamental building block in the Microsoft Information Protection stronghold in a publicly accessible (preview) form.
In this blog post series we will talk about Endpoint-DLP as one of the newest possibilities to protect the data on the endpoints (here – computer with Windows 10 = endpoint) against accidental or intentional data loss = Endpoint DLP or EDLP for short.
Endpoint Data Loss Prevention provides us with a whole range of tools.
tl;dr In summary and basically, Microsoft eDLP can prevent the upload or copy/cut and paste of data or files previously defined as worthy of protection.
What exactly can Endpoint Data Loss Prevention do?
The following options are currently available (as of November 2020):
- Uploading files to cloud services or accessing them through unauthorized browsers
- Copy data or files to the clipboard
- Copy files to removable media (aka. USB stick and Co.)
- Copy to shared network folder
- Access for non-permitted apps (e.g. Dropbox Synchronization Client)
Endpoint DLP is natively integrated into Windows 10 and requires no additional software installation. The protection mechanisms are enforced via SenseService.exe and Windows Defender.
Microsoft has created detections mechanisms for more than 100 data types classified as “sensitive” in the classic DLP and it includes more than 40 templates for compliance/regulatory (such as GDPR/DSGVO). Data types can be for example credit card numbers or similar.
These types are the basis of one of the detection mechanisms on which (endpoint) DLP policies are created.
Furthermore, Sensitivity Label from Azure Information Protection can also be the basis for protection policies.
From the user’s point of view in practice, the whole thing looks like this:
Blocking of copy / paste of sensitive text from a Word file:
Blocking of the upload of a file to a DLP Test Website
So, how do you configure a simple eDLP policy?
This comes in part 2 of this series. Stay tuned!