Microsoft Purview Device Onboarding – Part 5 – Cloud Build

[ad_1]

Reading Time: 3 minutes

If you missed the previous parts, here they are:

Part 1: Introduction to Microsoft Purview
Part 2: Microsoft Purview Portal
Part 3: Microsoft Purview Roles and Scopes
Part 4: Turn on audit logs in Microsoft Purview

In this blog post, I’ll walk you through the step by step process of onboarding devices into Microsoft Purview. This may be a key action for organisations that want to extend data protection, compliance, and visibility beyond cloud services such as to user endpoints like laptops and desktops. By onboarding devices, you can use Microsoft Purview to apply policies such as Data Loss Prevention (DLP), monitor sensitive data activity, and ensure consistent governance across your digital estate.

Services such as Endpoint data loss prevention (Endpoint DLP) and insider risk management (covered later) require that devices be onboarded so that they can send monitoring data to Microsoft Purview.

I’ve been exploring how Endpoint DLP works on devices, and it’s been eye opening to see how it helps track when sensitive items are accessed or shared. It gives me a clearer picture of how data is being used and lets me put guardrails in place to help prevent risky behavior. I’ll explore these features later in this blog post series.

If Windows 10/11 devices are already onboarded to Microsoft Defender for Endpoint (MDE), they’ll show up in the managed list automatically, no extra steps needed. Onboarding through the Microsoft Purview portal also brings them into Defender for Endpoint, which is handy. At the time of writing this post, it’s also possible to onboard Windows Server 2019 and 2022.

However, if Defender for Endpoint isn’t the antivirus you’re using, the application is rolled out as part of the onboarding process and configured in passive mode, meaning it doesn’t actively block threats or interfere with the existing protection. Instead, it quietly collects telemetry and shares threat insights, allowing Defender for Endpoint to monitor behavior without causing conflicts or performance issues.

Let’s go through the steps to enable onboarding of devices in Microsoft Purview

Access the Microsoft Purview portal at purview.microsoft.com
Click Settings from the left pane

3. Expand Device onboarding and click Devices

4. Click Turn on device onboarding

5. Click ok

Turn on device onboarding
When you turn this on, any devices that already onboarded to Microsoft Defender for Endpoint (MDE) will appear in the device list here. Regardless of whether you already have onboarded devices, you’ll be able to onboard new ones from the “Onboarding” page.

6. Click ok again

7. After a brief period, devices with Microsoft Defender for Endpoint installed start showing up in the Purview portal.

If you’re not using Microsoft Defender for Endpoint (MDE), you can still onboard your Windows and macOS devices by selecting Onboarding from the left pane. There are a several deployment methods available.

As mentioned earlier in this post, Defender for Endpoint will be installed alongside your existing antivirus or anti-malware product, but it will remain in passive mode.