Onboarding Devices: "No authenticated user found"
Hi, I am looking to onboard a device in Purview for the purpose of testing some Endpoint DLP policies. I have ran the onboarding script locally and the device successfully appears on the 'Devices' screen. 'Real time protection/RTP' and 'Behavior monitoring/BM' both show as 'enabled' with a green tick, however under 'Valid User' it has a red cross and states: "Invalid: No authenticated user found. Without proper authentication, data classification is impeded. To ensure precise validation, we recommend re-onboarding to Active Directory". The device is in active directory. I have signed into the device with an account that is also in Active Directory. Is there anything additional that I need to do? Any help would be really appreciated - thank you!!!Real Time Monitoring and Behavior Monitoring
Good afternoon, I am running into an issue with DLP protecting endpoints, the following are the findings: In purview: - Real-Time Monitoring Enabled - Behavior Monitoring Enabled The devices are using CrowdStrike as the active AV client and the Defender AV client is in EDR Block Mode however when testing Policies that should restrict USB, Printing, and Copy and Paste of Sensitive Data the policies are not being enforced. The test device is not generating any alerts or notifications in the Purview portal or Toast Notifications. Policies are enforced via GPO: - Real Time Monitoring - Behavior Monitoring Endpoints have Windows Defender FW and Crowdstrike enabled, but have been disabled on the test device. Any insights on why the devices are showing in the MDE Portal that RTM and BM are disabled
Upload to a restricted cloud service domain or access from an unallowed browser
-The action in DLP rules "Upload to a restricted cloud service domain or access from an unallowed browser" does not seem to be working as expected. -Currently a number of policies are meant to detect certain sensitivity labels as well as certain information types and among the actions taken to restrict data/files being shared, Is the action named above. -The activity explorer shows the policy match but the enforcement action is always audit instead of block(which is specified in the policy) -Service domains and domain groups are added with an action of block in DLP settings. -Unallowed browser also specified. What could be the issue here? Any Ideas?
exclude network share
i have enabled network share coverage and exclusions within the dlp settings and i have added a network share path in the exclusion list with the following format \\10.10.10.10\ i'm still getting alerts for file copied to network share activity, am i doing it right? do i need to be more specific? the file server has multiple directories and folders, i want to exclude all
Endpoint DLP restrictions not applied when document created in OneDrive-synchronized folder
I have a DLP policy for Endpoint, restricting activities for MIP-labeled documents, among them printing and copying. I can print a labeled document created in the "Documents"-folder. The "Documents"-folder is synchronized with OneDrive. I cannot print a labeled document created in the "Downloads"-folder (NOT synchronized with OneDrive), even if moved to the "Documents"-folder. Glad for any input or ideas.
