Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

sensitive information on screenshots taken on endpoints and browers using m365 security and

Copper Contributor

I hope this message finds you well. I am reaching out with a query regarding the robust security features offered by Microsoft 365 E5, specifically related to safeguarding sensitive information from screenshots on endpoints and browsers.

 

Scenario: We have implemented Microsoft 365 E5 licenses within our organization, and while we are confident in the overall security capabilities, we are seeking advice on how best to protect sensitive information from being captured via screenshots on endpoints and browsers.

 

Key Components:

  • Microsoft 365 E5 Security and Compliance Suite
  • Endpoint Security Features
  • Browser-based Security Measures
1 Reply

@Garre_Akhil 

 

Microsoft Purview DLP and Purview Information Protection can help you with this, you will need to ensure that you have a labelling system in place to protect your sensitive information, then using Purview DLP, and Purview Endpoint DLP, you will need to create policies to protect these sensitive data.

 

Onboard your Windows Devices to be managed by Purview:

This requires that you on-board all your managed devices to Purview. Once the onboarding is done, the following steps below will work with the latest version of Microsoft Edge on Windows 10/ 11 out of the box.

 

Manage the Browser and Domains that can access you data:  

Within Purview Endpoint DLP, there are capabilities for you to manage. You can control which browsers you can allow to access your data and also control which service domains can access your sensitive information.

vicwingsing_0-1701623346795.png

 

Manage which apps can the users use to access your data:

You can then use the restricted apps option to restrict the tools that you have in their devices. So when a user tries to use the Snipping tool or something similar, the activity itself will be restricted. This will only work on the sensitive/ restricted data that you set of-course. Hence the importance of a well-defined Information classification using Purview Information Protection.

 

vicwingsing_1-1701623535496.png

You can read more here: https://learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started