Could we use CrowdStrike as the main (Active) EDR while also enrolling the same machine into the agent-based Purview DLP? We have currently deployed MDE (passive) through the MDE Portal Onboarding, with RTP (Real-Time Protection) and BM (Behavioral Monitoring) enabled in the policy settings.

While testing policies against user devices, we are unable to generate any alerts that match a rule based on conditions (e.g. PII, CC Data – where a user tries to copy and print sensitive information in a document), and the action based on the rule should be to BLOCK. This is not happening because there seems to be a disconnect from the workstation receiving the policies from Purview.

​Could we use CrowdStrike as the main (Active) EDR while also enrolling the same machine into the agent-based Purview DLP? We have currently deployed MDE (passive) through the MDE Portal Onboarding, with RTP (Real-Time Protection) and BM (Behavioral Monitoring) enabled in the policy settings.While testing policies against user devices, we are unable to generate any alerts that match a rule based on conditions (e.g. PII, CC Data – where a user tries to copy and print sensitive information in a document), and the action based on the rule should be to BLOCK. This is not happening because there seems to be a disconnect from the workstation receiving the policies from Purview.  Read More

​