Adriatics Tech Summit
30/03/2026, Congress Center Hotel Hills
Ilidža, Bosnia and Herzegovina
Supercharge your Endpoint DLP solution design with Advanced Hunting and GenAI
defender
kql
purview
advanced-hunting
genai
Designing a holistic, granular and effective Microsoft Purview Endpoint Data Loss Prevention solution to secure sensitive data exfiltration actions on Windows 10/11 and macOS devices can be a daunting task.
The key difficulty - and value! - lies in adapting your solution based on the actual usage patterns from the organization you're working with. To build a truly fit-for-purpose production solution with Endpoint DLP, you'll need to accomlish things like:
- Mapping various categories of cloud domains targeted by file uploads and content paste activities
- Identify network and local printers that are used commonly for print jobs involving sensitive information
- Understanding the often sprawling jungle of network shares used by employees and accounting for them
- Discover usage patterns of removable USB media across roles.. and more.
All of these tasks get exponentially more complex as the size of the organization grows. There is a way forward though: getting comfortable with KQL in Advanced Hunting and Log Analytics. I'll share and demonstrate how I routinely design and build Endpoint DLP data security solutions for organizations of all sizes using repeatable patterns and practices.
We'll also get into how I've found it essential to use Generative AI (doesn't have to necessarily be Copilot!) to speed up a few of the most demanding parts of the Endpoint DLP solution design process.
During the session, I'll share my favorite KQL queries and how to vary them to meet your requirements - and how to turn the information you get from them into practical solution design.
This session is useful for any IT pro, security architect and data security responsible looking to create or maintain a functional Endpoint Data Loss Prevention solution.