Forum Discussion
Purview -> DLP -> Settings -> Endpoint DLP Settings
I have configured Browser and Domain Restrictions to sensitive data, with a condition as a sensitivity label. I used the Allow for a whitelist for sites, and all others should be blocked. I created...
Hi @learnazuread, I think there few factors involved here,
- Licensing
I can confirm defender for business under business premium is working well at the endpoing protection part.
Endpoint DLP Require some higher licenses, thats why endpoint dlp onboard is grayed out. Ex: M365 E5, Information protection and governance E5
2. Features
If you just want to block or allow sites defender for business can help there, confirm if you have enabled "network protection", if you are looking to Block sites based on contents you need endpoint dlp.
Based on this can you confirm what are the features Exactly needed. So, can help you where you need support exactly. :)
Hi. Appreciate the response. We were using WIP before and would like the same functionality and possibly expand on it. Given my research, reading and site configurations - I believe this is all doable. I have further been directed by microsoft techs to get Defender for Endpoint stand alone license and the configurations should 'kickin' which has not happened when i purchased a Defender for Endpoint for one user for testing.
Core needs:
-have a whitelist of sites, and block others based on file sensitivity label. I believe this is done by "Browser and domain restrictions to sensitive data".
-allow\block apps from accessing data based on file sensitivity label.
-disable printing and other actions if needed of sensitive files
I think I may be on a new thread of why it is not working. We have one license for Defender for Endpoint and many for Defender for Business. Apparently we cannot mix licenses and it will revert to the lowest license. Not sure at this point - but going to get more Endpoint licenses and see if this fixes the issue.
Hi learnazure_ad learnazure_ad Thanks for clarifying, I think WIP is mostly outdated. Next solution you have is Defender for Endpoint + Microsoft Purview, In Business Premium, you have defender for business (Likely same functionality as Defender for Endpoint P2. Obviously with some limitations). However, defender comes in Business Premium is sufficient to get the defender function required. Your website blocking based on sensitive data, as I said you need Information Protection and Governance E5, which provide Endpoint DLP capability. If we drilled down to website blocking when sensitive data available, 1. We can block uploading data to a external website 2. Block website if required, This require purview browser extension and purview endpoint DLP capability. Your "mixed license" scenario does not apply as Defender for Business is sufficient to work on your scenario. There is another scenario where as we call WCF, web content filtering based on categories such as Gambling, Gaming etc. you can achieve that functionality through Defender for Business.
- We can block uploading data to a external website - Yes i can block specific websites via Defender portal > Settings > Endpoints > Rules\Indicators > URLs\Domains\IP's\etc.
But this does not give me the whitelist or block. I have to explicitly set the site, leaving any sites that are not blocked as allowed. Not very helpful to blanket block all then have a allowed list of sites. If there is something I am missing please let me know.
2. WCF - not great. General headings (Gambling\Social Media\etc) without knowing what sites it deems to block is not very helpful and will cause problems down the line, as it has in testing.
Ultimately I am getting that to move from WIP which is deprecated in latest Win11 release, which allows everything that i want. Is only supported for all features in E5. Which is 2x the cost of Business Premium and needs the additional license for Teams as that is not included.
- We can block uploading data to a external website - Yes i can block specific websites via Defender portal > Settings > Endpoints > Rules\Indicators > URLs\Domains\IP's\etc. ( This blocking is not based on content you upload. If your user uploads content like credit card number, purview DLP can block just that. All other data can be uploaded. 2. You can still block websites from purview DLP, talking from compliance perspective, Purview MIP and DLP is way to go. Below are some use cases, sensitive data redacted purposefully.
- We can block uploading data to a external website - Yes i can block specific websites via Defender portal > Settings > Endpoints > Rules\Indicators > URLs\Domains\IP's\etc. ( This blocking is not based on content you upload. If your user uploads content like credit card number, purview DLP can block just that. All other data can be uploaded. 2. You can still block websites from purview DLP, talking from compliance perspective, Purview MIP and DLP is way to go. Below are some use cases, sensitive data redacted purposefully.
