Getting started with Endpoint Data Discovery policies

NOTE  Depending on the Absolute product licenses associated with your account, Endpoint Data Discovery (EDD) policies may not be available.

Endpoint Data Discovery policies control the collection of information about the file content stored on your Windows and Mac devices. You can set an EDD policy to scan the files on a device's hard drive for confidential or at-risk content. Scan results are reported in EDD reports and a Match Score A computed value indicating the number of content matches detected on a device during an Endpoint Data Discovery (EDD) scan. Depending on the context, the value shown for Match Score may apply to a file, a policy rule, or a device. is assigned to the results. You can review these reports to identify at-risk devices, and then initiate remedial actions to secure the content.

NOTE  For more information about working with Endpoint Data Discovery policies, visit the Learning Hub. To access the Learning Hub, click on the quick access toolbar and then click Resources > Learning Hub. Also see the Endpoint Data Discovery FAQ.

You can activate EDD policies on devices running a supported version of the Windows or Mac operating system. To see EDD scan results in the console, each device's Absolute agent must be regularly connecting to the Absolute Monitoring Center.

The DAR component A lightweight software component of the Absolute agent that detects at-risk data stored on a Windows or Mac device during an EDD scan. The DAR component is deployed on a device only when the device is associated with a policy group in which the Endpoint Data Discovery policy is activated. of the Absolute agent is responsible for silently scanning the files stored on your devices to detect content that is confidential or at risk. When you activate an EDD policy, the component is activated on each device after the next successful agent connection to the Absolute Monitoring Center. A full scan of each device is then performed. During the scan, the DAR component opens each file on the hard drive, scans its content for specific pieces of information, encrypts that information and uploads it to the database using a secure connection. A full scan may take a few hours or a few days to complete, depending on the scan configuration and the size of the device's hard drive.

Policies include a set of predefined EDD rules that you can apply during an EDD scan. You can use these rules to detect the following types of content:

The criteria used to detect this content is defined using expressions and algorithms.

You can also create custom EDD rules to find confidential or at-risk file content that is not detected by the predefined rules but is of particular interest to your organization.

NOTE  For Windows devices using OneDrive Files On-Demand, only synchronized files are scanned. The EDD component does not download unsynchronized files to the device during an EDD scan. For Mac devices using OneDrive Files On-Demand, a limitation of the Mac platform prevents the EDD component from scanning any files in the OneDrive folder.

By default, the Global Policy Group includes a preconfigured EDD policy, which is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups and activate each policy group's EDD policy, as required.

During an EDD scan, the agent's DAR component detects all file content that matches an EDD policy rule. You can view the details about these matches in the following reports:

You can also view this information on the Endpoint Data Discovery pages for each device.

EDD report information includes the details about the content that generated the match, the name and location of the file, and a Match Score A computed value indicating the number of content matches detected on a device during an Endpoint Data Discovery (EDD) scan. Depending on the context, the value shown for Match Score may apply to a file, a policy rule, or a device.. You can use these details to identify the devices that may require remedial action to secure the at-risk data stored in files on their hard drives.