Purview DLP Endpoint Protection Troubleshoot and Validation

Within Purview’s suite of data protection solutions for customers with the M365 E5 package (addon or O365) it is possible to use the DLP Endpoint feature where the DLP and label rules also apply to files recorded on the local machine or transmitted via external websites.

Enabling and Configuration

These settings are located in Settings  and cover several parameters where we want to apply information protection policies:

Once we have defined the types of blocking that we want to implement, we define that a certain policy is also applied to the devices:

Discovering the Application of Policies

Until then, many already use the resource. But how do you know if the policies were applied to a given machine?

To do this, it is possible to use PowerShell, however an application developed by the Microsoft team allows viewing in a simple way and is available in  Troubleshoot and Manage Microsoft Purview Data Loss Prevention for your Endpoint Devices – Microsoft Community Hub  with the name  DisplayDlpPolicy.exe .

This application is very simple to use and will allow you to see at a station which policy was applied in detail.

The first example below shows which DLP policies are applied to the device:

The second command below exemplifies the  DLP Endpoint Settings :

This result above is especially important to find out if a given failure was caused by a detection problem or if the rule is not applied, as here we see in detail which protections were configured.