Microsoft Purview Endpoint DLP is a cloud-based data protection service designed to help businesses identify and protect their data on macOS. It monitors and controls data transfers from endpoints, such as laptops and desktops, ensuring sensitive information is safeguarded

To configure Endpoint DLP on macOS requires multiple steps (Onboard macOS devices into Microsoft 365 overview | Microsoft Learn).

This article provides some guidance how to address the DLP status “unhealthy”, even if the macOS device appears in Purview.

The command “mdatp health” brought the following status back in the Terminal:

In the observed case Microsoft Purview (Setting – Device onboarding) was able to list the device under onboarding correctly, however, the “Valid User” was still not available.

The expected screen would look like:

A detailed check with the command “mdatp health –details data_loss_prevention” brought up that the only the upn is unavailable.

The onboarding in Microsoft Defender can be done in several ways, but usually the device need to be registered if you want to access corporate resources.

Note: In this scenario, the macOS devices were managed by Microsoft Intune.

The issue here was caused by an error in the registration process. The company portal showed that the machine is not registered:

From the company portal a retry can be used to run the registration again.

This helped to get the device having proper access rights to cloud resources and a valid DLP registration.