Microsoft’s data loss prevention tools may begin snooping around your PC

Loknath Das

Most workers wouldn’t even think about emailing a confidential planning document outside of the company. Microsoft’s new Endpoint Data Loss Prevention service might flag you for a chat with your IT department if you carelessly copy it to a local hard drive, however.

Microsoft’s new Endpoint Data Loss Prevention (Endpoint DLP) builds upon the existing DLP services within Microsoft 365 (Microsoft Teams, SharePoint, Exchange, and OneDrive, among others), which can track email and other documents sent to and from your company’s servers. That service will likely flag an attempt to forward an internal confidential email to an external email address, which most users already know not to do.

Endpoint DLP was designed to address the gray area in working from home, especially where “personal” devices like external hard drives can be connected to corporate-owned PCs. Endpoint DLP, now in a public preview, hooks into your administrator’s Microsoft 365 compliance center. A separate solution within Microsoft 365’s E5 enterprise edition, called Insider Risk Management, uses signals from Windows 10, such as files copied to a USB drive or transferred to a shared network drive, that may be indicative of suspicious behavior, Microsoft said in a blog post authored by Alym Rayani, senior director of Microsoft 365.

Microsoft isn’t saying what specific behaviors will trigger the Endpoint DLP service. It’s probably reasonable to assume that if you’re responsible with your company’s data, you have nothing to worry about. Still, the message here is that even though you’re working in your home, don’t think that you’re working unsupervised.