Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Announcing the Availability of Microsoft Endpoint Data Loss Prevention for macOS
Published Nov 02 2021 08:00 AM 30.2K Views

Data Loss Prevention (DLP) at its core is a set of technologies and processes that protect sensitive information and reduce risks. DLP applies policies to govern and prevent the inappropriate sharing, transfer or use of this data across applications and services. Fundamentally DLP helps users make the right decisions and take the right actions when using sensitive data. 


Microsoft’s DLP solutions are deployed in thousands of customer environments to protect native and third-party solutions. Microsoft’s unified DLP solution is offered and managed as a single, integrated, and extensible offering that both users and administrators find familiar. 


Microsoft understands that work is not only hybrid in location but also hybrid in terms of the platforms that information workers use every day. Previously we announced DLP for windows endpoints  

Information workers on macOS use and access sensitive information in their day-to-day activities like their Windows workmates and macOS is an important platform for our customers.  Today we are extremely pleased to announce the availability of Microsoft Endpoint DLP for macOS in public preview in the coming weeks.


With Microsoft Endpoint DLP for macOS, users are automatically alerted when they take an inappropriate or risky action with sensitive data and are provided with actionable policy tips and guidance to remediate properly.  


Get Registered for the Ignite public preview!

To get access to this feature you must register your tenant with Microsoft. See Get Registered .  


Microsoft Endpoint DLP for macOS

Microsoft Endpoint DLP for macOS provides organizations with flexible policy enforcement options to protect sensitive information while minimizing the impact to their workflow and maximize policy effectiveness.  


Microsoft DLP solutions offer three different modes to monitor and restrict activities in a DLP policy to ensure the intended compliance objectives are achieved:

  • Audit: only records policy violation events without impacting end-user activity
  • Block with override: records and blocks the activity, but allows the user to override when they have a legitimate business need
  • Block: records and blocks the activity without the ability to override 

Microsoft’s Endpoint DLP for macOS can enforce policies for a broad range of activities  including:

  • Copying a sensitive file to an external USB media device
  • Copying a sensitive file to a network share
  • Uploading a sensitive file to a cloud service
  • Printing a sensitive file
  • Copying sensitive content to the clipboard
  • Accessing a sensitive file by an unallowed app


Figure 1: Flexible DLP Policy Enforcement – User offered override option for an unapproved printing of a sensitive file


Seamless Deployment

Endpoint DLP for macOS is a cloud-managed solution that is available in the Microsoft 365 Compliance Center. It works seamlessly with other Microsoft Unified DLP solutions and it’s easy to extend your existing DLP policies and custom sensitive content identifiers to macOS endpoint devices without extensive reconfiguration.


Integrated Insights

Insights on activity with sensitive data on the endpoint start flowing to the Security and Compliance solutions like MIP’s Data Classification dashboard, Microsoft Defender for Endpoint, and Insider Risk Management as soon as onboarding has been completed, and before any DLP policy is deployed. These insights provide comprehensive coverage and visibility of active data protections, device states, and user actions that may be needed by organizations to meet regulatory and policy compliance requirements.


Furthermore, they can be used to help identify the most critical needs for DLP policies and can assist in guiding DLP policy creation priority.


integrated MIP DLP IRM Insights.png

Figure 2: Integrated Insights across Microsoft Information Protection, DLP, Insider Risk Management, and Information Governance 



Microsoft Endpoint DLP for macOS offers seamless deployment, integrated insights, a familiar user experience, and integration with Microsoft Information Protection and Insider Risk Management.



Insider Risk Management for macOS Endpoints

Identifying and remediating insider risks within an organization requires context, centered around the users, and must take into account privacy considerations.  Within Microsoft 365, organizations can identify anomalous activities over time and correlate the alerts to paint a broader picture of potential risky activity.


Now with the support for endpoint exfiltration signals from macOS endpoints, organizations will have an expanded scope of insider risk detections across their environment. Learn more about Insider Risk Management and the recent announcements by visiting our blog:


A Familiar User Experience
No matter where DLP is applied, users have a consistent and familiar look and feel they are already accustomed to the applications and services they use every day. Endpoint DLP also reduces end-user training time and alert confusion, increasing user confidence in prescribed guidance and remediations, and improving policy compliance – without impacting productivity.


macOS blog Figure2.png

Figure 3: Familiar user experience – user blocked from unapproved copying of a sensitive file to USB


Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution to know your data, protect your data, and prevent data loss across your enterprise – in Microsoft 365 apps and services, on-premises data stores, endpoint and mobile devices, and third-party SaaS applications and services. Microsoft’s Data Loss Prevention (DLP) solutions leverage MIP sensitivity labels to create and enforce policies to extend data protection to common egress points.


Endpoint DLP for macOS uses the same classification technology as our other MIP solutions. With over 150 sensitive information types and built-in policy templates, it’s easy to turn on Endpoint DLP for macOS to identify sensitive data across common industry regulations and compliance-related data types.


Clear Value

With Microsoft’s Endpoint DLP for macOS, your organization can move from a disparate set of tools and benefit from a completely unified solution to monitor user actions, remediate policy violations, and educate users in context on the correct handling of sensitive data at the endpoint, on-premises, and in the cloud.


Get Started - Compliance Trial 

Microsoft’s DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center with a free trial. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communication Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager. 


This trial is currently rolling out to tenants worldwide and you can learn more about it here. 


Additional resources:

  • To join the Ignite Public preview of DLP for macOS see this. 
  • For more information on Data Loss Prevention, please see this and this and this 
  • For a podcast on Microsoft’s Data Loss Prevention, see this
  • For more information on Sensitivity Labels as a condition for DLP policies, see this 
  • For more information on Sensitivity Labels, please see this 
  • For more information on Predicates for Unified DLP, please see this
  • For the latest on Microsoft Information Protection, see this 


Thank you, 


The Microsoft Information Protection Team


Version history
Last update:
‎Feb 18 2022 09:31 AM
Updated by: