MDATP can integrate with other Microsoft services in your overall DLP strategy, but doesn't have built in controls other endpoint solutions have. For example, Sophos Endpoint Protection can offer DLP based on contents of a file and where you put that file. Defender itself doesn't, but you can integrate it with services such as Azure Information Protection and Cloud App Security to protect against data loss. Also worth looking into Windows Information Protection. As for licensing, depends on exactly what you need, but M365 E3 with E5 Security is a good start.