Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
What Are The Drone Anti-jamming Systems Technology?
Microsoft Information Protection: Your Security and Compliance Framework
1. MICROSOFT 365
VirtualMARATHON
May 27 &28, 2020
36 hours/2 days
MICROSOFT 365 VIRTUAL MARATHON
MicrosoftInformationProtection: Your Security and ComplianceFramework
Alistair Pugin
Head of Cloud – Tangent Solutions
@alistairpugin
Broughttoyouby:
TheGlobalMicrosoftCommunity&
M365Conf.com|#M365CONF
#M365VM
M365VirtualMarathon.com
2. MICROSOFT 365
VirtualMARATHON
May 27 &28, 2020
36 hours/2 days
Mark Your Calendars:
March 23-25,2021,MGM Grand Resort
Las Vegas, Nevada, USA
M365Conf.com
#M365CONF
TheSharePointConferenceisnowTheMicrosoft365CollaborationConference
#M365VM
M365VirtualMarathon.com
Broughttoyouby:
TheGlobalMicrosoftCommunity&
M365Conf.com|#M365CONF
4. Visit the Vendors Booth, Sessions and Watch the Videos
Submit Your Answers to Enter the Raffle
You need at least 5 correct answers then submit for a chance to win one of 3
(One in each Americas, APAC, EMEA)
ARE YOU READY FOR A RAFFLE?
WE ARE GIVING AWAY 3 OCULUS QUEST ALL IN ONE!
https://bit.ly/m365raffle
5. CONSIDER DONATING TO THE FOLLOWING CHARITY RELIEF FUNDS:
UNITED WAY: HTTPS://GIVE.UWKC.ORG/M365VM
INTERNATIONAL MEDICAL CORPS: HTTPS://BIT.LY/MEDICALCORPSFUND
10%OFFUNDSFROMSPONSORSGOTOSUPPORTCOMMUNITYRELIEF.
FORMOREINFORMATIONWRITETOINFO@M365VIRTUALMARATHON.COM
7. IN THE PAST, THE FIREWALL
WAS THE SECURITY PERIMETER
devices datausers apps
On-premises /
Private cloud
8. Data is exploding across the digital estate
Energy
systems
Supply
chains
Citizens
Sensors
Cloud
Mobile
devices
On-premises
Partners
Customers
Manufacturers
Marketplaces
Equipment
Vehicles
Smart cities
11. MICROSOFT CLOUD APP SECURITY
Visibility into 15k+ cloud apps, data access & usage,
potential abuse
AZURE SECURITY CENTER INFORMATION PROTECTION
Classify & label sensitive structured data in Azure SQL, SQL
Server and other Azure repositories
OFFICE APPS
Protect sensitive information while working in Excel, Word,
PowerPoint, Outlook
AZURE INFORMATION PROTECTION
Classify, label & protect files – beyond Office 365, including
on-premises & hybrid
OFFICE 365 DATA LOSS PREVENTION
Prevent data loss across Exchange Online, SharePoint Online,
OneDrive for Business
SHAREPOINT & GROUPS
Protect files in libraries and lists
OFFICE 365 ADVANCED DATA GOVERNANCE
Apply retention and deletion policies to sensitive and
important data in Office 365
ADOBE PDFs
Natively view and protect PDFs on Adobe Acrobat Reader
WINDOWS INFORMATION PROTECTION
Separate personal vs. work data on Windows 10 devices,
prevent work data from traveling to non-work locations
OFFICE 365 MESSAGE ENCRYPTION
Send encrypted emails in Office 365 to anyone
inside or outside of the company
CONDITIONAL ACCESS
Control access to files based on policy, such as identity, machine
configuration, geo location
Discover | Classify | Protect | Monitor
SDK FOR PARTNER ECOSYSTEM & ISVs
Enable ISVs to consume labels, apply protection
14. Scan & detect sensitive
data based on policy
Classify and label data
based on sensitivity
Apply protection actions,
including encryption,
access restrictions
15. LabelDiscover Classify
Sensitivity Retention
Data growing at exponential rate
Encryption
Restrict Access
Watermark
Header/Footer
Retention
Deletion
Records Management
Archiving
Sensitive data discovery
Data at risk
Policy violations
Policy recommendations
Proactive alerts
Comprehensive policies to protect and govern your
most important data – throughout its lifecycle
Unified approach to discover, classify & label
Automatically apply policy-based actions
Proactive monitoring to identify risks
Broad coverage across locations
Apply label
Unified approach
Monitor
16. Customizable
Persists as container
metadata or file metadata
Readable by other systems
Determines DLP policy
based on labels
Extensible to partner solutions
Manual or Automated Labels
Apply to content or
containers
Label data at rest, data in use,
or data in transit
Enable protection actions
based on labels
Seamless end user experience
across productivity applications
CONFIDENTIAL
22. Classify and label
data in on-prem
repositories
Label and protect
Office files natively
across Windows,
Mac, iOS, Android
and Web Clients
Label and protect
sensitive SharePoint
Sites, Teams, Office
365 Groups, PowerBI
artifacts
Automatically label
and protect sensitive
files in SharePoint
Online and OneDrive
for Business
Extend protection
through Microsoft
Cloud App Security
to third party clouds
and SaaS apps
Automatically label
and protect sensitive
emails in Exchange
Online
Unified Label Management in Microsoft 365 Compliance center
On-prem SharePoint
Online
Non-Microsoft
Clouds and
SaaS apps
Exchange
Online
SharePoint Sites
Teams, Office 365
Groups
Office Apps
Across
Platforms
23. • Think about data as an important layer of an overall protection strategy.
• Be clear on how you are protecting your content vs. containers.
• Create policies considering each layers part in acting as sensors, gates or both.
• Enforce policy in places where protection matters; think ingress and egress points
ServiceDeviceIdentity Network
DataUser
25. Balance data security and productivity
Enforce conditional access to sensitive data
DLP actions to block sharing
Encrypt files and emails based on sensitivity label
Prevent data leakage through DLP policies based on
sensitivity label
Business data separation on devices
Secure email with encryption & permissions
Manually apply sensitivity label consistently across apps
applications and endpoints
Show recommendations and tooltips for sensitivity labels with
auto-labeling and DLP
Visual markings to indicate sensitive documents across apps and
services (e.g. watermark, lock icons, sensitivity column in SPO)
Co-author and collaborate with sensitive documents
Enable searching of encrypted files in SharePoint
Allow users to open and share encrypted pdf files in Edge in
addition to Adobe Acrobat Reader
27. Integrated tools leveraging intelligence to reduce risk
Simplify assessment of
compliance risk and posture with
actionable insights
Integrated protection and
governance of sensitive data across
devices, apps and cloud services
Intelligently respond to data
discovery requests by leveraging
AI to find the most relevant data
Compliance Manager
Service Trust Portal
Information
Protection &
Governance
Encryption
Search &
Discovery
Auditing
Access Control
28. Microsoft Compliance Score
Continuous assessments
Detect and monitor control effectiveness
automatically with a risk-based score
Recommended actions
Reduce compliance risks with actionable
guidance
Built-in control mapping
Scale your compliance efforts with built-in
mapping across regulations and standards
Simplify compliance and reduce risk
Compliance Score is a dashboard that provides your Compliance Score and a summary of
your data protection and compliance posture. It also includes recommendations to improve
data protection and compliance. This is a recommendation, it is up to you to evaluate and
validate the effectiveness of customer controls as per your regulatory environment.
Recommendations from Compliance Manager and Compliance Score should not be
interpreted as a guarantee of compliance.
32. Data Subject Requests
Data Privacy tab within the Compliance Center
GDPR dashboard with GDPR toolbox, guidance and quick
access to top tasks
Data Subject Requests portal to manage DSRs for Office
365 content
Create your Data Subject Request
Search across Office 365 content
Refine your search with labels, keywords and other conditions
Review and export the content of your search
34. Scan & detect sensitive
data based on policy
Classify and label data
based on sensitivity
Apply protection actions,
including encryption,
access restrictions
35. WHERE WE WERE
• Collect data out of Office 365
and export to 3rd party tools
Search
& export
WHERE WE ARE NOW
• Single eDiscovery process across
Office 365 and non-Office 365
• Minimize the data you export
out of Office 365
Advanced
eDiscovery:
Analytics,
search &
tagging
WHERE WE’LL BE IN Q1 CY 2019
• Custodian management
• Document review and redact
• Enhanced search
• Enhanced processing
• Early intelligence
Solutions
for ECA &
investigations
36. Reduce risk with archiving and holds
on data in place
Reduce cost with advanced analytics
Review and annotate prior to export
Solutions beyond litigation, including
DSRs, Investigations and more
Search Across Locations
Other 1st Party
apps, …
SharePoint Online,
OneDrive for
Business, Teams,
Groups, etc.
Exchange Online
Non-Office 365 Data
File shares, sites and other apps
37. Deep crawling and indexing
Deep processing (e.g. much higher size limits, file types, …)
to extract and index text & metadata
Pre-collection analytics
Scope content to be collected within a case, and tune
queries to minimize collection volumes
Collection into document working sets
Manage static sets of documents within a case, that can be
independently searched, analyzed, shared, and acted upon.
Support additional Office 365 workloads &
content types
First class support for Teams, Yammer, Planner, Forms,
Stream, …
Defensible process
Static working sets, transparency (e.g. error reporting, item
level auditing, …) and additional controls (e.g. error
remediation, …)
38. Custodian notifications
Manage legally required workflows around
notifications to custodians and their
acknowledgments
Manage custodians and legal holds
Add and remove custodians into a case, and apply
legal holds to their data in-place if needed
Custodian intelligence
Identify shared data e.g. SharePoint sites / Teams
that custodians had access to or were active on.
Identify likely custodians based on AD criteria.
39. Organize and minimize
Use near duplicate detection to organize the data
and email threading to reconstruct email
conversations from unstructured data
Increase productivity
Use predictive coding to train the system to find
likely relevant documents and reduce what’s sent
to review
Recognize
Use Themes to understand the topics represented
in the data set
ML based content classification
Let the system identify potential high value content
such as attorney client privilege or offensive
language
40. Native, near-native and text viewer
Built in document viewers for Microsoft & Non-
Microsoft file types, viewing options so users can fully
understand a document, and easy navigation for
search hits within a document
Annotations and redactions
Manual annotations and redactions, with automated
redactions for sensitive content
Document level insights
Information panels e.g. Duplicates & Near-duplicates,
Email threads & family, Conceptually similar, History,
‘Who Knows This’, Metadata & properties, … etc.
Document coding, screening & approvals
Tag documents with issue coding, automated privilege
screening, and multi-level approval workflows, …
42. Scan & detect sensitive
data based on policy
Classify and label data
based on sensitivity
Apply protection actions,
including encryption,
access restrictions
49. Top 5 benefits
of adopting
Microsoft
Information
Protection
Existing AIP customers
should move their labels
and policies to M365
Compliance center. Here
are the top 5 benefits of
adopting MIP
Classify and label documents manually and automatically
in Web apps (Word, Excel, PowerPoint) and Outlook for
web access.
Co-author and search label and protected documents on
the Web
Start using labels across Microsoft Teams, SPO sites,
Groups and PowerBI
Leverage the new know your data tools – unified analytics,
content and activity explorer
Build your own trainable classifiers with machine learning
and use it to protect content with sensitivity labels.
01
02
03
04
05
50. New Microsoft 365 Specialized Workspaces
security.microsoft.com compliance.microsoft.com
51. Resources
Learn more about Azure Information Protection
Intro to Microsoft Cloud App Security (video)
Overview of Office 365 Data Loss Prevention (DLP)
Protect your enterprise data using Windows Information
Protection
Blog: Information protection capabilities in preview
Blog: Consistent labeling and protection in Office 365 and Azure
Information Protection
Blog: Information Protection SDK Preview
Blog: New GDPR sensitive information types
Blog: Office 365 Message Encryption updates
52.
53. MICROSOFT 365
VirtualMARATHON
May 27 &28, 2020
36 hours/2 days
THANK YOU FOR JOINING US!
DO YOU HAVE ANY QUESTIONS?
Speaker feedback
https://bit.ly/M365VMSpeakerFeedback
Eventfeedback
https://bit.ly/M365VMFeedback
Notas do Editor
This is the world that many of our customers are moving to in their digital transformation. And when it comes to being compliant in the intelligent cloud, intelligent edge era, we really have to consider what is our digital estate? How do we think about where our most sensitive data is? How do we protect it? How do we find what’s most relevant? This is a little bit different now than it was 5 or 10 years ago. IT organizations now find themselves responsible for finding and protecting data across a wide spectrum of devices and environments. For example, user-owned mobile devices that access corporate data. It also includes systems and devices that your partners and customers use to access your information. And any one of these situations can be a point of compliance risk for your overall estate. That changes the game when it comes to compliance: You can no longer draw perimeters around your organization. This is the challenge that we all struggle with in compliance. And it's a challenge we at Microsoft think that we can uniquely fix.
11
EMS Overview
15
18
This slide is a combination of a framework on thinking about this + some practical advice. You apply this framework when thinking through how to apply policy to each label as part of your overall protection strategy.
For example -
- The data I am wanting to protect may reside in OneDrive. So there is 1 container. If I am using the sync client it may also exist in the device as 2nd container. You can decide to apply a sensor on the device that flags what type of labeled content exists on it. You may also enforce it to remain work content. In the OneDrive container you may also decide you don’t want certain types of content uploaded there. You can create that gate through DLP policy against the service.
If container protections aren’t enough for that content type. Think about automatic encryption of the content with certain labels.
Egress points are a great place to leverage label policies.
Once data is understood, labeled and classified, the benefits unlocked can improve security and compliance outcomes.
Services - Block or remove emails and attachments with sensitive labels (egress point)
Exchange transport rules for Exchange Online mailboxes
MCAS Content Inspection for AIP protected files stored in SPO or OneDrive
Office Message Encryption with EXO
Devices - Encrypt files with sensitivity labels (egress point)
MDATP on Windows 10 endpoints, apply Protection Policy based on documents tagged with sensitivity label
Intelligence - Auto-Classify content based on sensitivity
SCC ML Classifier model delivered through compliance solutions (such as auto-classification and DLP)
Apply policy and enforcement across all major egress points
Microsoft 365 is uniquely positioned to help you meet your compliance obligations. Our vision is centered around the idea of “built-in” compliance, providing integrated, intelligent tools for our customers to reduce risks. Our capabilities allow you to better assess your risk, govern and protect sensitive and business critical data, and respond to regulatory requests with intelligence and efficiency. Let’s dive into these areas and discuss the various capabilities we have in more detail.
New Data Subject Request management within Office 365 Security & Compliance Center
Key Messages: Find the information you need when you need it effectively and efficiently.
With more and more information stored in the cloud, ability to drill into, discover, reason over and respond to requests for that data are more important than ever.
Microsoft 365 provides a unique approach to address your discovery needs. Microsoft 365 provides provide rich built-in, suite wide search and discovery tools to reduce your risk and exposure of multiple copies of data in multiple places.
Identify custodians or shared locations, search based on conditions and keywords, and refine content with advanced analytics to de-duplicate, reduce threads and further minimize the responsive data set.
With a new update to Advanced eDiscovery, you can now review and redact content prior to export to ensure that only most relevant data is being shared, and that any business confidential pieces of that data are redacted in advance of any response.
This toolset can help reduce the costs of eDiscovery in your organization significantly. In fact, at Microsoft, while average data per custodian has grown 20x, the cost per custodian of eDiscovery has been reduced 85% with the use of the built-in capabilities.
And these tools are not only relevant to litigation but to a host of other scenarios as well including components of GDPR such as Data Subject Requests, investigations and internal policies, early case assessments and others.
Key capabilities of our solution to mention if appropriate:
Granular permissions
Case management
Put custodial and shared locations on hold and send communications to custodians (Coming soon)
Tenant wide Search
Refine with conditions and advanced analytics (Equivio capabilities)
Search & tag case documents for follow up
Export prepared load file
Key Messages: