Forum Discussion
Crowdstrike Agent with Microsoft Purview DLP
Hi ItsKJ11
Thanks for posting your question here. Yes, Endpoint DLP with Microsoft Purview will and does work when you are using CrowdStrike as the primary EDR solution on your devices. As noted, you have Defender in passive mode, however, RealTimeProtection must be ACTIVE on the device. You can confirm this by running Get-MpComputerStatus and making sure it says TRUE.
Also, the devices must be onboarded to Microsoft Purview as well. Since you onboarded to MDE first, this is just a simple switch. Confirm this has been done by going to Settings > Device Onboarding > and make sure device onboarding has been enabled. Once you do this, if it was not already enabled, it will take a bit for the devices to onboard and start receiving the policies.
Microsoft Purview DLP – Part 2 – Endpoint DLP – Cloudy Security
It appears our issue is our CrowdStrike deployment policy disables needed Defender components for DLP functionality. We are digging into this now with our CS administrator.