MS 365 DLP not triggering alert for print audit action.

Copper Contributor

Hi MS Community

 

I'm facing a weird problem with MS 365 DLP solution (compliance.microsoft.com)

I have 2 machines 1) Win 10 Desktop 2) Win 10 Azure AVD.

Both machines have latest Defender version. as shown below.

 

alta94_2-1698273429268.png

 

Background of DLP policy: I have 7-8 Endpoint policy which has audit enable for print and copy to USB option. Both device showing policy updated and sync with latest. Currently Testing a policy where if someone print a business document it should trigger alert. The policy has

1)SIT with few words sensitive words matching

2) A trainable classifier.

3) Extension: PDF WORD PPT 

 

Problem:  When i try to print a business document, the alert is triggering for desktop machine but not for my AVD machine. even though both machines are scoped for policy, MDE Onboarded, and defender is latest. also, policy is synched. Somewhere its not detecting the print action initiated on AVD machine. The Print action is not working for any policy for AVD machine.

 

Regards

Mohammed

 

2 Replies

@alta94 

 

Can you check the activity on AVD under Security & compliance portal?

This issue was resolved . You wont believe the stupidity here.

Statement from support : as per backend logs , its seem MS purview is considering AVD as server and since DLP doesnt work on server its not detecting . Soon after that month they release Defender for server option in setting of DLP. its a toggle button.

 

They release an update , so if your AVD has Antimalware client version 4.18.24010.9 and above it will work on AVD.

It means Microsoft QA didnt even check that this MS product is not working on one of their own product.