Hope you can clarfy my confusion.
When it comes to email protection what is the difference or advantage of DLP Prevent over DLP endpoint.
I can create email protection rules using DLP endpoint. Why would I use DLP prevent appliances ?
I can only think of one scenario when DLP agent is not installed on the endpoint . Then DLP Prevent make sense as does not relay on the agent. Is there anything apart of that adventage?
If you want to extend DLP to corporate email on a mobile device or want to monitor for webmail such as in O365 Outlook, OWA, etc, I don't believe the DLP Endpoint can be effective with those vectors, perhaps someone with more knowledge can correct me if I'm wrong.
You can monitor OWA and similar applications via DLP Endpoint - Web Protection Rule cover this webmail vector.
I did several use case with DLP Prevent for Example.
1) Combination McAfee Web Gateway (Reverse Proxy) and DLP Prevent -> scanning data, which users want to copying out of company. (If you have internal Sharepoint on public ip etc.)
2) DLP Prevent and Microsoft Exchange Active Sync -> If you want monitor mail traffic from cell phones etc.
3) DLP Prevent and Skype for Bussiness -> Skype is really complicated application and you can monitor traffic just using DLP Prevent.
We are trying to block OWA (copy/paste ) using DLP Endpoint Web Rule but is does not work. Only if you upload a file containing the criteria we set. Same rule works for gmail and outlook.live. Does it need any special configuration for OWA?
Hi @PetrosT ,
Thank you for writing in here.
DLPE 11.0.500 and above web post rule blocks the file uploads to OWA.
For copy and paste operations you would need to use Clipboard protection rules.
To provide better help we advise you to paste possible screenshots of your rules and the copy paste destination in OWA where it is not working and gmail where it is working.
And also provide us the version of DLP you are using and the OS version and EPO version.