Step 1 – Scenario
Endpoint Data Loss Prevention (Endpoint DLP) is implemented in Microsoft 365.
Computers: Windows 11, joined to Microsoft Entra (Azure AD), with Microsoft 365 Apps installed.
Goal: Ensure Endpoint DLP policies can protect local content on these devices.
Step 2 – How Endpoint DLP works
Endpoint DLP builds on the same policy framework as Microsoft Purview DLP, but specifically extends coverage to Windows 10/11 devices.
Requirements:
Devices must be onboarded to Microsoft Purview (via Microsoft Defender for Endpoint or via Purview device onboarding).
Endpoint DLP does not require the Microsoft Purview Information Protection (MIP) client.
The MIP client is only required for sensitivity labeling and AIP functionality, not for Endpoint DLP.
Step 3 – Why the proposed solution is incorrect
Deploying the Microsoft Purview Information Protection client does not enable Endpoint DLP.
Endpoint DLP requires device onboarding into Microsoft Purview compliance.
Therefore, this solution does not meet the goal.
Step 4 – Microsoft Reference
Microsoft Docs states:
“To use Endpoint data loss prevention (Endpoint DLP), devices must be onboarded to the Microsoft Purview compliance portal. Installing the Microsoft Information Protection client is not required.”
[Reference: Get started with Endpoint DLP, , Final Answer, No – deploying the Microsoft Purview Information Protection client alone does not meet the goal., , Would you like me to also provide the correct solution (the exact steps required to onboard devices for Endpoint DLP protection)?]
Submit