Enable Data Theft Prevention

With Endpoint Cloud's Data Theft Prevention feature, you can set devices to revoke file access if they fail to connect with Endpoint Cloud within a certain time frame. To revoke a device, Endpoint Cloud removes the encryption certificate from the device.

While a device is revoked, it cannot be used to access protected data.

You can enable or disable the Data Theft Prevention feature on a Policy. When Data Theft Prevention is enabled, all devices that use the Policy will need to connect with Endpoint Cloud regularly or they will be revoked.


Before you enable the DLP features, make sure that Active Directory Certificate Services have been set up.

The Data Theft Prevention feature is only available if the local file encryption feature is enabled for the Policy. (It uses the encryption certificate that is generated when local file encryption is used).

To enable or disable Data Theft Prevention:

  1. Display the Policy Editor for the Policy that you want to change (click Policies and then click on the Policy).

    The Policy Editor is displayed automatically when you create a new Policy.

  2. Click the DLP tab.
  3. Use the Data Theft Prevention slider to enable or disable Data Theft Prevention (green is enabled, grey is disabled).


    A prompt appears, reminding you to set up Active Directory Certificate Services (AD CS). It is best practice to set up AD CS before enabling DLP. Click OK to close the prompt.

  4. Use the Revoke if device is disconnected for days setting to define how long Endpoint Cloud will wait before locking out a device. 
  5. Click Save or Save and Close to confirm.