Real Time Monitoring and Behavior Monitoring
Good afternoon,
I am running into an issue with DLP protecting endpoints, the following are the findings:
In purview:
– Real-Time Monitoring Enabled
– Behavior Monitoring Enabled
The devices are using CrowdStrike as the active AV client and the Defender AV client is in EDR Block Mode however when testing Policies that should restrict USB, Printing, and Copy and Paste of Sensitive Data the policies are not being enforced. The test device is not generating any alerts or notifications in the Purview portal or Toast Notifications.
Policies are enforced via GPO:
– Real Time Monitoring
– Behavior Monitoring
Endpoints have Windows Defender FW and Crowdstrike enabled, but have been disabled on the test device.
Any insights on why the devices are showing in the MDE Portal that RTM and BM are disabled
Good afternoon, I am running into an issue with DLP protecting endpoints, the following are the findings: In purview:- Real-Time Monitoring Enabled- Behavior Monitoring Enabled The devices are using CrowdStrike as the active AV client and the Defender AV client is in EDR Block Mode however when testing Policies that should restrict USB, Printing, and Copy and Paste of Sensitive Data the policies are not being enforced. The test device is not generating any alerts or notifications in the Purview portal or Toast Notifications. Policies are enforced via GPO: – Real Time Monitoring- Behavior Monitoring Endpoints have Windows Defender FW and Crowdstrike enabled, but have been disabled on the test device.Any insights on why the devices are showing in the MDE Portal that RTM and BM are disabled Read More