Onboard macOS devices into Microsoft 365 overview

Je li ova stranica od pomoći?

Imate dodatne povratne informacije?

Povratne informacije će biti poslane kompaniji Microsoft: pritiskom na dugme za slanje, vaše povratne informacije će se koristiti za unapređivanje proizvoda i usluga kompanije Microsoft. Pravila privatnosti.

Note

Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. For more information about Microsoft Purview, see the blog announcement.

MacOS devices can be onboarded into Microsoft Purview solutions using either Intune or JAMF Pro. The onboarding procedures differ depending on which management solution you are using. If your macOS devices have already been onboarded into Microsoft Defender for Endpoint (MDE), there are fewer steps. See Next steps for links to the appropriate procedures for you.

Applies to:

• Endpoint data loss prevention (DLP)
• Insider risk management

Before you begin

Before you get started with Endpoint DLP on macOS devices (Catalina 10.15 or later), you should familiarize yourself with these articles:

• Learn about Endpoint data loss prevention
• Get started with Endpoint data loss prevention

If you are not familiar with DLP at all, you should familiarize yourself with these articles as well:

• Learn about data loss prevention
• Plan for data loss prevention (DLP)
• Data loss prevention policy reference

If you are not familiar with Insider Risk, you should familiarize yourself with these articles:

• Insider risk management
• Plan for insider risk management

Your macOS devices must already be managed through Intune or JAMF Pro.

• To onboard into Intune, see Deployment guide: Manage macOS devices in Microsoft Intune and Enroll your Mac with Intune Company Portal.
• To onboard into JAMF Pro see, JAMF Pro administrators guide and JAMF Pro Installation and Configuration Guide for Mac

Supported browsers

Endpoint DLP supports these browsers on macOS Catalina 10.15 or higher:

• Microsoft Edge (latest version)
• Safari (latest version, macOS only)
• Chrome (latest version)
• Firefox (latest version)

Licensing guidance

See, Microsoft 365 licensing guidance for information protection.

Activities that can be restricted on macOS

Once a macOS device is onboarded into Microsoft Purview solutions, you can monitor and restrict these actions with data loss prevention (DLP) policies.

Copy to a USB removable media – when enforced, this action blocks, warns or audits the copying or moving of protected files from an endpoint device to USB removable media

Copy to network shares – when enforced, this action blocks, warns, or audits the copying or moving of protected files from an endpoint device to any network share

Print – when enforced, this action blocks, warns, or audits when protected files are printed from an endpoint device

Copy to clipboard – when enforced, this action blocks, warns, or audits data in protected file that is being copied to a clipboard on an endpoint device

Upload to cloud – this action blocks, warns, or audits when protected files are prevented from or allowed to be uploaded to cloud services based on the allow/unallowed domains list in global settings. When this action is set to warn or block, other browsers (defined on unallowed browsers list under Global settings) are blocked from accessing the file.

Accessed by unallowed apps – when enforced, this action prevents applications that are on the unallowed apps list (as defined in Global settings) from accessing protected files on an endpoint device. Sample scenarios

Onboarding devices into device management

You must enable device monitoring and onboard your endpoints before you can monitor and protect sensitive items on a device. Both of these actions are done in the Microsoft Purview compliance portal.

When you want to onboard devices that haven't been onboarded yet, you'll download the appropriate script and deploy it to those devices.

1. Open the Microsoft Purview compliance portal Settings page and choose Enable device monitoring.

   Note

   While it usually takes about 60 seconds for device onboarding to be enabled, please allow up to 30 minutes before engaging with Microsoft support.

2. Open the Compliance Center settings page and choose Turn on macOS device monitoring.

Next steps

Getting devices onboarding into Microsoft Purview solutions is required in order to receive DLP sensor telemetry and to enforce data loss prevention policies.

Topic	Description
Onboard and offboard macOS devices into Microsoft Purview solutions using Intune	For macOS devices that are managed through Intune
Onboard and offboard macOS devices into Compliance solutions using Intune for Microsoft Defender for Endpoint customers	For macOS devices that are managed through Intune and that have Microsoft Defender for Endpoint (MDE) deployed to them
Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro	For macOS devices that are managed through JAMF Pro
Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers	For macOS devices that are managed through JAMF Pro and that have Microsoft Defender for Endpoint (MDE) deployed to them

Related topics

• Using Endpoint data loss prevention
• Support Matrix for DLP policy tips across Microsoft apps