Share via

MCAS, MIP, Intune and Defender

Hansrajsing Nundoo 20 Reputation points
2024-08-26T11:03:50.8533333+00:00

With reference to Microsoft Cloud App Security (MCAS) and Microsoft Information Protection (MIP) are the ran locally on Windows 10 and Windows 11 machines, or it applies to SharePoint and OneDrive (cloud platforms) only?

Can you share the list of all document types which can be monitored using these 2 solutions.

In Microsoft 365 Business Premium, will there be the need for any additional module or add-on to use Microsoft Endpoint Manager (Intune) to its full extent.

In Microsoft 365 Business Premium, will there be the need for any additional module or add-on to use Data Loss Prevention to its full extent.

Are Microsoft Endpoint Manager (Intune), Data Loss Prevention Module and Microsoft Defender for Office 365 administered from one single administration portal, or distinct one

The Azure Information Protection (AIP) tool can label and protect documents locally on Windows machines. We would appreciate if you could please share some more information on the way documents are labelled.

  • Would the AIP tool be locally installed on the Windows Machines?
  • Would all current documents (already created) be labelled with the AIP tool, or would it be just new documents that are created after the installation of the AIP Tool?
  • Should there be a process or operation that needs to be done, to have already created documents labelled on the AIP Tool?
  • If there is a process to be carried out, kindly advise how the process needs to be carried out?

For the Microsoft Defender for Business:

  • Is it an agent that needs to be installed locally on the various Windows Machines?
  • Does it act as an Antivirus/Antimalware protection?
  • Does it cater for Windows Servers 2008, 2012, 2016?
  • How is the reporting and notification done?

Do all these tools, have agents that need to be installed? For example, how does Microsoft Endpoint Manager (Intune) monitor and lock USB Access, CD Drive Access on individual Windows Machines.

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
538 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,160 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
417 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,048 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
142 questions
0 comments
Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 89,296 Reputation points Microsoft Employee
    2024-08-28T10:45:54.4366667+00:00

    @Hansrajsing Nundoo - You may check out the below articles to under how Microsoft Information Protection (MIP) works. How documents are labelled and tracked.

    https://learn.microsoft.com/en-us/purview/mip-easy-trials

    https://learn.microsoft.com/en-us/purview/sensitivity-labels

    And also checkout the video which covers: Using Purview Information Protection to secure sensitive business data in the era of AI

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZhoumingDuan-MSFT 13,085 Reputation points Microsoft Vendor
    2024-08-27T02:49:07.8966667+00:00

    @Hansrajsing Nundoo, Thanks for posting in Q&A.

    Since Microsoft Intune Plan 1 and Microsoft Entra ID are both included in Microsoft 365 Business Premium, so there is no additional module or add-on to use Microsoft Intune and Data Loss Prevention.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/licenses#microsoft-intune

    https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection

    For Intune to manage device and monitor and lock USB Access, CD Drive Access on individual Windows Machines, you need to first enroll devices into Intune, then you may need to install company portal to get policies and apps to manage devices.

    https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device

    For AIP, MIP and MCAS, since I am not familiar with these products, I cannot provide more useful information, but I have added relevant tags, please wait to see other support to help.

    For Defender for Business, please follow the link below to contact support to get more help.

    https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide

    Hope above information can help and thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.