Forum Discussion
Solved
DLP policy to monitor every file copied to USB drive
Hello All,
I am looking for an option in Microsoft DLP to monitor every file copied to a USB drive so that I can pull a report periodically.
The policy is not to capture when someone copies sensitive data to a USB drive, but rather looking for a policy that can capture every file copied to a USB drive.
Kindly advice.
This isn't exactly something you can set from a policy perspective through DLP. You could do a policy that looks for file types or file extensions versus sensitive content, but you'd likely have a long list to enter for file extensions.
You can enable "always audit file activity for devices" in endpoint DLP settings which you can then monitor the auditing through Activity Explorer but this will not alert you.
You can also follow along with this article for Auditing read, write, and execute attempts to any USB, which is configured through Microsoft Intune.
- miller34mike
Microsoft
This isn't exactly something you can set from a policy perspective through DLP. You could do a policy that looks for file types or file extensions versus sensitive content, but you'd likely have a long list to enter for file extensions.
You can enable "always audit file activity for devices" in endpoint DLP settings which you can then monitor the auditing through Activity Explorer but this will not alert you.
You can also follow along with this article for Auditing read, write, and execute attempts to any USB, which is configured through Microsoft Intune.
