Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Endpoint data loss prevention (endpoint DLP) extends the activity monitoring and protection capabilities of Microsoft Purview Data Loss Prevention (DLP) to sensitive items on Windows 10/11 devices. Once you onboard devices into the Microsoft Purview solutions, information about what users are doing with sensitive items is made visible in activity explorer. Then you can enforce protective actions on those items using data loss prevention policies.
After you install the Microsoft Purview extension for Chrome on a Windows 10/11 device, your organization can monitor attempts to access or upload a sensitive item to a cloud service in Google Chrome, and enforce protective actions via DLP.
Tip
Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.
Activities you can monitor and take action on
The extension enables you to audit and manage the following types of activities users take on sensitive items on devices running Windows 10/11.
| activity | description | supported policy actions | 
|---|---|---|
| file copied to cloud | Detects when a user attempts to upload a sensitive item to a restricted service domain through the Chrome browser | audit, block with override, block | 
| file printed | Detects when a user attempts to print a sensitive item from the Chrome browser to a local or network printer | audit, block with override, block | 
| file copied to clipboard | Detects when a user attempts to copy & paste information from a sensitive item in the Chrome browser into another app, process, or item. | audit, block with override, block | 
| file copied to removable storage | Detects when a user attempts to copy a sensitive item or information from the Chrome browser to removable media or USB device | audit, block with override, block | 
| file copied to network share | Detects when a user attempts to copy a sensitive item or information from the Chrome browser to a network share or mapped network drive. | audit, block with override, block | 
Note
Microsoft Purview Insider Risk Management requires that this extension be installed to monitor and take action on activities in the Chrome browser. For more information, see Learn about and configure Insider Risk Management browser signal detection.
Purview Chrome extension behavior
The DLPEngine caches all files for about 15 minutes by default to prevent repeated upload attempts. During the cache period, the file is blocked from being uploaded to any domain, so if you upload to an unallowed domain and then immediately to an allowed domain, the cached response may block the upload.
Tip
Microsoft recommends that you use Microsoft Edge if you need to upload files in quick succession.
Deployment process
- Get started with endpoint data loss prevention
- Onboarding tools and methods for Windows 10/11 devices
- Install the extension for Chrome on your Windows 10/11 devices
Note Command access for the user is a prerequisite for the Microsoft Purview Extension extension for Chrome to work. 
- Create and Deploy data loss prevention policies that restrict upload to cloud service, or access by unallowed browsers actions and apply them to your Windows 10/11 devices
Next steps
See Get started with the Microsoft Purview extension for Chrome for complete deployment procedures and scenarios.
See also
- Get started with Microsoft Purview extension for Chrome
- Learn about Endpoint data loss prevention
- Getting started with Endpoint data loss prevention
- Using Endpoint data loss prevention
- Learn about data loss prevention
- Create and Deploy data loss prevention policies
- Get started with Activity explorer
- Microsoft Defender for Endpoint
- Insider risk management