Set Up Endpoint DLP Evidence Collection on your Azure Blob Storage

This comprehensive guide walks you through the steps to configure Azure Blob Storage for collecting evidence files that match data loss prevention (DLP) policies from devices.

Endpoint Data Loss Prevention (Endpoint DLP) is part of the Microsoft Purview Data Loss Prevention (DLP) suite of features you can use to discover and protect sensitive items across Microsoft 365 ser...

Updated Jan 29, 2025

Version 5.0

Mansi_Agrawal

Microsoft

Joined January 12, 2025

View Profile

Microsoft Purview Blog

Follow this blog board to get notified when there's new activity

Manjish_Deb

Copper Contributor

Feb 14, 2025

Hi, I have tested this quite thoroughly using Azure Blob storage. Several observations:

1) You have to open your firewall from the Security Endpoint to enable this and make it "Open for All Connections".
2) You have to Enable both Read/Write permissions on the Azure Blob storage for all users thereby enabling them the ability to delete the evidence
3) The encryption on the files are simply renaming the file and if you change the file name or even the file extension back to the original state you can have the evidence file in the clear. And considering Point no 2, anyone can see everyone's data.

This is still flawed and would need lot of fixes.

Blog Post

Set Up Endpoint DLP Evidence Collection on your Azure Blob Storage

This comprehensive guide walks you through the steps to configure Azure Blob Storage for collecting evidence files that match data loss prevention (DLP) policies from devices.