Data Loss Prevention
Click ‘Settings’ > ‘Data loss prevention’
- The data loss prevention (DLP) section lets you identify and control the movement of sensitive data from your device.
There are three components:
- Rules which allow or block files copied to USB and other storage devices.
- Monitoring rules are created by your Endpoint Manager administrator and added to the EM profile applied to your device. You can view the monitoring rules active on your device from the CCS interface.
- Rules which scan your computer for files which contain sensitive information. For example, The rules can search for credit card numbers, social security numbers, bank routing numbers etc.
- Discovery rules are created by your Endpoint Manager administrator and added to the EM profile applied to your device. You can view the rules active on your device from the CCS interface.
- Click 'Tasks' > 'DLP Tasks' > 'Data Loss Prevention Scan' to run DLP scans to identify the files containing sensitive information defined in the rules
- See Run Data Loss Prevention Scans for help to run scans and view results
- A keyword group is a list of search-terms. For example, the ‘Names’ group is a list of common first names and surnames.
- Keyword groups are used in the construction of DLP discovery rules.
- The ‘Names’ group must be populated in order for many of the patterns in a discovery rule to work.
- Keyword groups are created by your Endpoint Manager administrator at the portal. You can view the keywords added to the groups from the CCS interface.