Does this skill work with Microsoft Purview?

Yes, it specifically includes workflows for Microsoft Purview DLP, including SIT definition, policy creation in the compliance portal, and endpoint onboarding via Intune.

Why should I use audit mode before enforcement?

Deploying in audit mode allows you to identify false positives and refine your policies without blocking legitimate business activities, ensuring a smoother transition to full enforcement.

What activities can be monitored with these controls?

Commonly monitored activities include file uploads to cloud services, copying data to removable media (USB), printing, clipboard usage, and transfers to network shares.

What is the primary purpose of Endpoint DLP?

Endpoint DLP (Data Loss Prevention) is designed to detect and prevent the unauthorized transmission of sensitive data, such as PII or financial records, from user devices to external locations like USB drives or personal cloud storage.

Endpoint DLP Implementation

Name: Endpoint DLP Implementation
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Configures and deploys endpoint Data Loss Prevention (DLP) controls to safeguard sensitive information from unauthorized exfiltration.

This skill provides specialized guidance for implementing endpoint Data Loss Prevention (DLP) agents and policies across an organization. It assists in defining Sensitive Information Types (SITs) for PII, PHI, and PCI data, and configuring content inspection rules for critical channels like USB transfers, email attachments, and cloud storage uploads. By focusing on frameworks like Microsoft Purview and Symantec DLP, this skill helps security teams meet compliance requirements such as GDPR and HIPAA while minimizing business disruption through phased audit-to-enforcement deployment strategies.

Características Principales

01Workflow guidance for Microsoft Purview and enterprise DLP agents

02Strategies for DLP incident response and activity analysis

03Configuration of monitoring for USB, cloud, and network activities

04Best practices for audit-mode deployment and false-positive tuning

05Definition and customization of Sensitive Information Types (SITs)

060 GitHub stars

Casos de Uso

01Preventing sensitive data exfiltration through removable media and cloud storage

02Configuring compliance-ready DLP policies for GDPR, HIPAA, or PCI DSS

03Onboarding and monitoring endpoint devices in Microsoft Purview

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-endpoint-dlp-controls

For use in Claude.ai and ChatGPT

Características Principales

01Workflow guidance for Microsoft Purview and enterprise DLP agents

02Strategies for DLP incident response and activity analysis

03Configuration of monitoring for USB, cloud, and network activities

04Best practices for audit-mode deployment and false-positive tuning

05Definition and customization of Sensitive Information Types (SITs)

060 GitHub stars

Casos de Uso

01Preventing sensitive data exfiltration through removable media and cloud storage

02Configuring compliance-ready DLP policies for GDPR, HIPAA, or PCI DSS

03Onboarding and monitoring endpoint devices in Microsoft Purview

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-endpoint-dlp-controls

For use in Claude.ai and ChatGPT