Learn about the Microsoft Compliance Extension
Endpoint data loss prevention (endpoint DLP) extends the activity monitoring and protection capabilities of Microsoft 365 data loss prevention (DLP) to sensitive items that are on Windows 10 devices. Once devices are onboarded into the Microsoft 365 compliance solutions, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies.
Once the Microsoft Compliance Extension is installed on a Windows 10 device, organizations can monitor when a user attempts to access or upload a sensitive item to a cloud service using Google Chrome and enforce protective actions via DLP.
Activities you can monitor and take action on
The Microsoft Compliance Extension enables you to audit and manage the following types of activities users take on sensitive items on devices running Windows 10.
| activity | description | supported policy actions |
|---|---|---|
| file copied to cloud | Detects when a user attempts to upload a sensitive item to a restricted service domain through the Chrome browser | audit, block |
| file printed | Detects when a user attempts to print a sensitive item that is open in the Chrome browser to a local or network printer | audit, block with override, block |
| file copied to clipboard | Detects when a user attempts to copy information from a sensitive item that is being viewed in the Chrome browser and then paste it into another app, process, or item. | audit, block with override, block |
| file copied to removable storage | Detects when a user attempts to copy a sensitive item or information from a sensitive item that is open in the Chrome browser to removable media or USB device | audit, block with override, block |
| file copied to network share | Detects when a user attempts to copy a sensitive item or information from a sensitive item that is open in the Chrome browser to a network share or mapped network drive. | audit, block with override, block |
Deployment process
- Get started with endpoint data loss prevention
- Onboarding tools and methods for Windows 10 devices
- Install the extension on your Windows 10 devices
- Create or edit DLP policies that restrict upload to cloud service, or access by unallowed browsers actions and apply them to your Windows 10 devices
Next steps
See Get started with the Microsoft Compliance Extension for complete deployment procedures and scenarios.
See also
- Get started with Microsoft Compliance Extension
- Learn about Microsoft 365 Endpoint data loss prevention
- Getting started with Microsoft Endpoint data loss prevention
- Using Microsoft Endpoint data loss prevention
- Learn about data loss prevention
- Create, test, and tune a DLP policy
- Get started with Activity explorer
- Microsoft Defender for Endpoint
- Insider Risk management