Designing a holistic, granular and effective Microsoft Purview Endpoint Data Loss Prevention solution to secure sensitive data exfiltration actions on Windows 10/11 and macOS devices can be a daunting task.

The key difficulty - and value! - lies in adapting your solution based on the actual usage patterns from the organization you're working with. To build a truly fit-for-purpose production solution with Endpoint DLP, you'll need to accomlish things like:
- Mapping various categories of cloud domains targeted by file uploads and content paste activities
- Identify network and local printers that are used commonly for print jobs involving sensitive information
- Understanding the often sprawling jungle of network shares used by employees and accounting for them
- Discover usage patterns of removable USB media across roles.. and more.

All of these tasks get exponentially more complex as the size of the organization grows. There is a way forward though: getting comfortable with KQL in Advanced Hunting and Log Analytics. I'll share and demonstrate how I routinely design and build Endpoint DLP data security solutions for organizations of all sizes using repeatable patterns and practices.

We'll also get into how I've found it essential to use Generative AI (doesn't have to necessarily be Copilot!) to speed up a few of the most demanding parts of the Endpoint DLP solution design process.

During the session, I'll share my favorite KQL queries and how to vary them to meet your requirements - and how to turn the information you get from them into practical solution design.

This session is useful for any IT pro, security architect and data security responsible looking to create or maintain a functional Endpoint Data Loss Prevention solution.

This session is focused on demos and real stories. It is built around how I go about designing real data security solutions for medium to large enterprises as a Purview MVP and data security architect.