Forum Discussion
Endpoint DLP not working as expected
Just to give more information ,
i am able to see all activities in the activity explorer in the compliance center. for example i can see upload to the cloud activity which i block in the policy but nothing happened
Hey man, I am having the exact same problem. The events get audited but still no actions taken on the Endpoint aka Windows 10 devices. Did you ever find a solution to this?
- AdminAt845, DP-IT, @All...
I'm having the same problem: "events get audited but still no (block) actions taken on the Endpoints". Did you find the solution?
I've been succesful in a number of previous deployments, and the only differences I can identify here are:
a- the endpoint is managed from SCCM (no Intune);
b- device join type is "hybrid azure AD join";
c- the UPN I use to authenticate to Azure AD doesn't match my email address.Jordi_Nogues , AdminAt845 DP-IT , yodaPREDATOR , same issue, the device is a Windows 11 Pro, managed by intunes, joined as Azure AD ; I can see that the activities are audited in the Purview Compliance DLP Activity Explorer but they are not blocked on my device as they should by the Endpoint DLP policy I deployed.
NB : I don't see any policy / rule names in the last columns of Activity Explorer?! (check
my Purview Endpoint DLP Activity Explorer
Does anyone find the root cause of that issue?
Maybe the files are not actually scanned by a policy?
I believe those files that appear in the Activity Explorer are audited because the “Always audit file activity for devices” option is On, in the Data loss prevention -> Endpoint DLP settings, in the Compliance portal.
I cant see what is wrong because if they can be audited then they should been scanned and blocked by the dlp polices.
My device is Windows 10 Pro and is onboarded be script through the Compliance portal.
Anyone, any ideas are appreciated.
