Microsoft Purview | Endpoint Data Loss Prevention: New Allow and Off modes for each activity

Before this rollout, Microsoft Endpoint data loss prevention (Endpoint DLP) supports Audit only, Block, and Block with override on the Create policy page in Microsoft Purview | Endpoint DLP. This rollout will add two new modes: Off and Allow.

This message is associated with Microsoft 365 Roadmap ID 480731.

When this will happen:

General Availability (Worldwide): We will begin rolling out early March 2025 and expect to complete by mid-March 2025.

How this will affect your organization:

The two new modes are:

• Off: Endpoint DLP will not trigger events or Alerts and will not trigger notifications. You can use this enforcement mode to configure restrictions for a specific group.
• Allow: Endpoint DLP will not trigger Alerts and will not trigger notifications but will trigger events in Activity explorer.

In Microsoft Purview, the new Allow and Off enforcement modes on the Create policy page for Endpoint DLP:

The new modes will be available by default for admins to configure.

What you need to do to prepare:

You will need these prerequisites to use the new modes:

1. All prerequisites in Onboard Windows devices into Microsoft 365 overview | Microsoft Learn
2. A Defender Antimalware client version higher than 4.18.25010. To find the version of Microsoft Defender (Windows Defender) Antimalware, follow these steps:
   1. Open Windows Security.
   2. Click on the Settings gear icon.
   3. Look for the About link.
   4. The About page contains the version information for the Windows Defender components.

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.