implementing-endpoint-dlp-controls

Featured

Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Endpoint DLP Controls ## When to Use Use this skill when: - Deploying endpoint DLP to prevent sensitive data (PII, PHI, PCI) from leaving the organization - Configuring content inspection rules for email attachments, USB transfers, and cloud uploads - Implementing Microsoft Purview DLP or Symantec DLP endpoint policies - Meeting compliance requirements for data protection (GDPR, HIPAA, PCI DSS) **Do not use** for network DLP (inline proxy-based) or cloud-only DLP (CASB). ## Prerequisites - Microsoft 365 E5 or standalone Microsoft Purview DLP license - Microsoft Purview compliance portal access (compliance.microsoft.com) - Sensitive Information Types (SITs) defined for organization data - Endpoint onboarded to Microsoft Purview (via Intune or SCCM) ## Workflow ### Step 1: Define Sensitive Information Types ``` Microsoft Purview → Data Classification → Sensitive info types Built-in SITs for common data: - Credit card number (PCI) - Social Security Number (PII) - Health records (HIPAA) - Passport number - Bank account number Custom SIT example (Employee ID): Pattern: EMP-[0-9]{6} Confidence: High Keywords: "employee id", "emp id", "staff number" ``` ### Step 2: Create DLP Policy ``` Microsoft Purview → Data loss prevention → Policies → Create policy Policy Configuration: 1. Template: Financial / Medical / PII (or custom) 2. Locations: Devices (endpoint DLP) 3. Conditions: - Content contains: Credit card numbers (min 5 instances) - OR Conte...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-data-loss-prevention-with-microsoft-purview

Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange Online, SharePoint, OneDrive, Teams, endpoint devices, and Power BI. The analyst configures sensitivity labels with encryption and content marking, creates DLP policies using built-in and custom sensitive information types with regex patterns, deploys endpoint DLP rules to control file operations on Windows and macOS devices, and monitors policy effectiveness through Activity Explorer and DLP alert management. Uses PowerShell cmdlets and the Microsoft Graph API for programmatic policy management. Activates for requests involving DLP policy creation, sensitivity label configuration, data classification, endpoint data protection, or Microsoft Purview compliance administration.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-cloud-dlp-for-data-protection

Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud DLP API to discover, classify, and protect sensitive data across cloud storage, databases, and data pipelines.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-usb-device-control-policy

Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.

13,115 Updated today
mukul975
AI & Automation Featured

configuring-windows-defender-advanced-settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

13,115 Updated today
mukul975
AI & Automation Solid

detecting-insider-data-exfiltration-via-dlp

Detects insider data exfiltration by analyzing DLP policy violations, file access patterns, upload volume anomalies, and off-hours activity in endpoint and cloud logs. Uses pandas for behavioral analytics and statistical baselines. Use when investigating insider threats or building user behavior analytics for data loss prevention.

13,115 Updated today
mukul975