Forum Discussion
MicrosoftEndpoint DLP Device Onboarding - WorkspaceOne
Hi everyone,
We have a customer who is using WorkspaceOne for managing the Endpoints. It is an Hybrid environment. We need some guidance and documentation(if any), to help onboard devices for Purview eDLP. The ruled-out option is Group Policy as some employees are working from home and some working from office. There are around 25k+ devices in the tenant that needs to be onboarded. The customer is not using Intune or SCCM.
We are looking for best method/approach to onboard devices where the org is using WorkspaceOne.
1 Reply
You can onboard via the MDM onboarding method. The mdm deployment uses the OMA-URI setting below to push the configuration package to devices:
OMA-URI:./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding
Date type: String
Value: [Content of the DeviceCompliance.onboarding file that is available in the downloaded DeviceComplianceOnboardingPackage.zip file]
Using WorkspaceOne you can configure a custum OMA-URI / CSP based profile for your devices.
More here : https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-mdmAlthough this article describes onboarding devices to Microsoft Defender for Endpoint, the instructions are the same for onboarding to the compliance center.
I've seen people using their third-party MDM as the deployment layer to run the “Local Script” onboarding package from Microsoft Purview. https://learn.microsoft.com/en-us/purview/device-onboarding-script#offboard-devices-using-a-local-script
Note that the documentation recommends using the local script to deploy up to 10 devices.
