cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more
SOLVED

DLP policy to monitor every file copied to USB drive

Afsar_Shariff
Brass Contributor

‎Apr 17 2023 12:28 PM

‎Apr 17 2023 12:28 PM

DLP policy to monitor every file copied to USB drive

Hello All,

 

I am looking for an option in Microsoft DLP to monitor every file copied to a USB drive so that I can pull a report periodically.

 

The policy is not to capture when someone copies sensitive data to a USB drive, but rather looking for a policy that can capture every file copied to a USB drive.

 

Kindly advice.

1,408 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Afsar_Shariff (Brass Contributor)
miller34mike

‎May 24 2023 04:58 AM

‎May 24 2023 04:58 AM

Solution

Re: DLP policy to monitor every file copied to USB drive

Hi @Afsar_Shariff 

 

This isn't exactly something you can set from a policy perspective through DLP. You could do a policy that looks for file types or file extensions versus sensitive content, but you'd likely have a long list to enter for file extensions.

 

You can enable "always audit file activity for devices" in endpoint DLP settings which you can then monitor the auditing through Activity Explorer but this will not alert you. 

 

You can also follow along with this article for Auditing read, write, and execute attempts to any USB, which is configured through Microsoft Intune.

 

Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage m...

0 Likes
Reply