Learn about the Microsoft Compliance Extension

Endpoint data loss prevention (endpoint DLP) extends the activity monitoring and protection capabilities of Microsoft 365 data loss prevention (DLP) to sensitive items that are on Windows 10 devices. Once devices are onboarded into the Microsoft 365 compliance solutions, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies.

Once the Microsoft Compliance Extension is installed on a Windows 10 device, organizations can monitor when a user attempts to access or upload a sensitive item to a cloud service using Google Chrome and enforce protective actions via DLP.

Activities you can monitor and take action on

The Microsoft Compliance Extension enables you to audit and manage the following types of activities users take on sensitive items on devices running Windows 10.

activity description supported policy actions
file copied to cloud Detects when a user attempts to upload a sensitive item to a restricted service domain through the Chrome browser audit, block
file printed Detects when a user attempts to print a sensitive item that is open in the Chrome browser to a local or network printer audit, block with override, block
file copied to clipboard Detects when a user attempts to copy information from a sensitive item that is being viewed in the Chrome browser and then paste it into another app, process, or item. audit, block with override, block
file copied to removable storage Detects when a user attempts to copy a sensitive item or information from a sensitive item that is open in the Chrome browser to removable media or USB device audit, block with override, block
file copied to network share Detects when a user attempts to copy a sensitive item or information from a sensitive item that is open in the Chrome browser to a network share or mapped network drive. audit, block with override, block

Deployment process

  1. Get started with endpoint data loss prevention
  2. Onboarding tools and methods for Windows 10 devices
  3. Install the extension on your Windows 10 devices
  4. Create or edit DLP policies that restrict upload to cloud service, or access by unallowed browsers actions and apply them to your Windows 10 devices

Next steps

See Get started with the Microsoft Compliance Extension for complete deployment procedures and scenarios.

See also