Hope you can clarfy my confusion.
When it comes to email protection what is the difference or advantage of DLP Prevent over DLP endpoint.
I can create email protection rules using DLP endpoint. Why would I use DLP prevent appliances ?
I can only think of one scenario when DLP agent is not installed on the endpoint . Then DLP Prevent make sense as does not relay on the agent. Is there anything apart of that adventage?
If you want to extend DLP to corporate email on a mobile device or want to monitor for webmail such as in O365 Outlook, OWA, etc, I don't believe the DLP Endpoint can be effective with those vectors, perhaps someone with more knowledge can correct me if I'm wrong.
You can monitor OWA and similar applications via DLP Endpoint - Web Protection Rule cover this webmail vector.
I did several use case with DLP Prevent for Example.
1) Combination McAfee Web Gateway (Reverse Proxy) and DLP Prevent -> scanning data, which users want to copying out of company. (If you have internal Sharepoint on public ip etc.)
2) DLP Prevent and Microsoft Exchange Active Sync -> If you want monitor mail traffic from cell phones etc.
3) DLP Prevent and Skype for Bussiness -> Skype is really complicated application and you can monitor traffic just using DLP Prevent.