Forum Discussion
DLP for SaaS Apps - Endpoint DLP/MDE + Purview Browser Extension
I need help verifying my understanding of how Purview tools control file upload/download and clipboard copy/paste actions. Here's the situation:
Goal: Block file upload/download, copy/paste of sensitive data to/from SaaS apps.
Deployment: Rolling out MDE (in Passive mode) or Endpoint DLP (Onboarding device to Purview) and the Purview browser extension for Chrome/Firefox.
My Understanding:
Copy Control: Handled by Endpoint DLP/MDE on the endpoint.
Upload/Download/Paste Control: Requires the Purview browser extension (or native browser support Edge/Safari).
Specific Question: The browser extension isn't available for macOS. I've read that MDE on macOS can handle everything (file upload/download and clipboard control). Could someone confirm if the table I've created correctly reflects this?
Summary of Clipboard (Copy/Paste) Enforcement
Operation | Windows (Onboarded) | macOS (Onboarded) | Note |
Copy to Clipboard Endpoint | Endpoint DLP Sensor | Endpoint DLP Sensor | Prevents data from reaching the clipboard |
Paste into SaaS Apps (Chrome/Firefox) | Browser Extension | Endpoint DLP Sensor | Blocks paste into SaaS apps. |
Paste into SaaS Apps (MS Edge/Safari) | Native on Edge | Native on Edge/Safari | Built-in integration; no extension needed. |
2 Replies
Any insights team?
Hi,
Just to clarify a few points, as this can be a bit confusing:
- On macOS, the Endpoint DLP / MDE sensor does not fully enforce paste actions into SaaS applications on its own. Clipboard activity can be monitored at the endpoint, but browser-based paste is not consistently blocked without browser integration.
- There is currently no native Purview integration for Safari comparable to the native Edge integration on Windows. The “native browser” capabilities are effectively limited to Edge on Windows.
- Because of this, MDE on macOS does not provide full parity with Windows for SaaS upload, download, and paste controls. You can get partial coverage and visibility, but not end-to-end enforcement for web-based actions.
I also updated the clipboard enforcement summary:
Operation Windows (Onboarded) macOS (Onboarded) Notes Copy to clipboard (endpoint) Endpoint DLP / MDE Endpoint DLP / MDE OS-level clipboard control Paste into SaaS apps (Chrome / Firefox) Purview browser extension Not supported Purview extension not available on macOS Paste into SaaS apps (Edge) Native Edge integration Not supported Native integration is Windows-only Paste into SaaS apps (Safari) N/A Not supported No native Purview integration File upload / download (SaaS apps) Edge native or browser extension Limited / not supported No feature parity on macOS Hopefully this helps clarify the differences and set expectations correctly. 🙂
