@VintageMacGuy Hello there,
I'm having the same problem getting DLP to work as well. Were you ever able to figure this out?
We do use Jamf Connect but with Okta being the IDP. Our policies and settings are cut directly from Microsoft.
@VintageMacGuy Hello there,
I'm having the same problem getting DLP to work as well. Were you ever able to figure this out?
We do use Jamf Connect but with Okta being the IDP. Our policies and settings are cut directly from Microsoft.
The short answer is 'no'.
We invested a bunch of time into trying to get it working. Sorted through the Microsoft documentation as best we could understand it (some terms were not well defined and could be interpreted different ways) We got close and were able to get it working in a dev environment, but when we replicated it in production, it was not working reliably. We did notice that there was something 'toggling' it on and off at each restart. It would work as expected, then when you restart the Mac, it stopped working. Then you restart the Mac again and it worked again. So somewhere there was a conflicting policy set that was overwriting at each restart, but we could never find it.
I did find some commands to run on the Mac that helped to troubleshoot. I don't have them handy, but if I recall, they confirmed if the policy was active or what state it was in, and if the machine was checking into Defender? I just took a look on my machine and don't see a copy of them, unfortunately.
in the end, we went another direction.
I finally found a command to enable the DLP.
sudo mdatp config data-loss-prevention --value enabled
Create an extension attribute that returns the value of dlp status, create a smart group for anything but active and then scope this command to this group.
I did not do anything further testing but it's a start.
I finally found a command to enable the DLP.
sudo mdatp config data-loss-prevention --value enabled
Create an extension attribute that returns the value of dlp status, create a smart group for anything but active and then scope this command to this group.
I did not do anything further testing but it's a start.
Do you happen to have the EA still if you dont mind sharing :)
Do you happen to have the EA still if you dont mind sharing :)
We are using the following:
defender=$(mdatp health | grep -e "healthy" -e "health_issues")
if [ -z "$defender" ]; then
echo "<result>Null</result>"
else
echo "<result>$defender</result>"
fi
But we recently found out that mdatp has some nice flags, like --field. With this you can specify what info you want to see of a certain field such as:
mdatp health --field healthy
That will be a bit cleaner to put into an EA.
Hi @VintageMacGuy I was able to get DLP via Purview deployed through Defender and we have a existing Defender deployment. I would agree the instruction from Microsoft on not very clear for those in our situation.
There is a setting within the Defender Default settings profile to turn on Data Loss Prevention. To enable this, you have to add the Feature setting and then once added, you can add the DLP setting and then set to enable.
Next you need two PPPC payloads, one for Full Disk access for com.microsoft.dlp.daemon and one for Accessibility access for com.microsoft.dlp.daemon.
The computer may then also require a reboot but this should then enable DLP.
