Is "Endpoint DLP support for onboarded servers" feature corresponding for MIP Scanner?

Yusuf Buker 65 Reputation points
2024-03-12T19:07:51.6233333+00:00

Does enabling the 'Endpoint DLP support for onboarded servers' feature in Microsoft Purview eliminate the need for the MIP Scanner on on-prem file servers? What level of protection and automatic labeling for sensitivity labels can be expected for supported file servers with this feature enabled?

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,173 questions
{count} votes

Accepted answer
  1. ShaikMaheer-MSFT 38,441 Reputation points Microsoft Employee
    2024-03-21T17:22:45.5066667+00:00

    Hi Yusuf Buker,

    Thank you for posting query in Microsoft Q&A Platform.

    Enabling the 'Endpoint DLP support for onboarded servers' feature in Microsoft Purview does not eliminate the need for the MIP Scanner on on-prem file servers. The 'Endpoint DLP support for onboarded servers' feature in Microsoft Purview is designed to provide additional protection and automatic labeling for sensitive data on endpoints, such as laptops and desktops.

    The MIP Scanner is still required for on-prem file servers to scan and classify files based on sensitivity labels. The MIP Scanner can be used to automatically apply sensitivity labels to files based on their content, metadata, or location.

    With the 'Endpoint DLP support for onboarded servers' feature enabled, you can expect additional protection and automatic labeling for sensitive data on endpoints. This feature allows you to define policies to automatically label and protect sensitive data on endpoints, such as laptops and desktops. When a user creates or modifies a file on an endpoint, the file is automatically scanned for sensitive data, and if sensitive data is found, the file is labeled and protected according to the policy.

    However, it's important to note that this feature does not provide the same level of protection and automatic labeling for on-prem file servers as the MIP Scanner. The MIP Scanner is specifically designed to scan and classify files on on-prem file servers based on sensitivity labels, whereas the 'Endpoint DLP support for onboarded servers' feature is designed to provide additional protection and automatic labeling for sensitive data on endpoints.

    In summary, enabling the 'Endpoint DLP support for onboarded servers' feature in Microsoft Purview provides additional protection and automatic labeling for sensitive data on endpoints, but it does not eliminate the need for the MIP Scanner on on-prem file servers. The MIP Scanner is still required to scan and classify files based on sensitivity labels.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.