6. What we hear …
“Our organization is moving to Office 365; We have to
identify & protect data before it leaves to the cloud”
“We need to prepare for EU-GDPR (or other) compliance,
and need to identify, monitor and protect PII”
“We have to educate our information workers to understand
and adhere to the business information protection policy”
“We share information with external parties.
We have to control the way shared data is used”
7. I n f o r m a t i o n
p ro t e c t i o n
Ensure documents and emails
are seen only by authorized
people
Azure Information Protection
Office 365 Data Loss Prevention
Windows Information Protection
Microsoft Cloud App Security
Office 365 Advanced Security Mgmt.
Microsoft Intune
9. CLASSIFY DATA – BEGIN THE JOURNEY
SECRET
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies,
templates, and rules
PERSONAL
Classify data based on sensitivity
Start with the data that is most
sensitive
IT can set automatic rules; users can
complement it
Associate actions such as visual
markings and protection
10. Reclassification
You can override a
classification and
optionally be required to
provide a justification
Automatic
Policies can be set by IT
Admins for automatically
applying classification and
protection to data
Recommended
Based on the content you’re
working on, you can be
prompted with suggested
classification
User set
Users can choose to apply a
sensitivity label to the email or
file they are working on with a
single click
11. Labels are metadata written to documents
Labels are in both clear text so that other
systems such as a DLP engine can read it
and a hash of policies, rules and user
information
Labels are persistent and travel with the
document
User awareness through visual labels
LABEL DATA BASED ON CLASSIFICATION
%##&$^#*!~@&
FINANCE
CONFIDENTIAL
%$^#*@&
12. VIEW
Protect data needing protection by
Encrypting data
Including authentication requirement and a definition of use
rights (permissions) to the data
Protection is persistent and travels with the data
PROTECT DATA AGAINST UNAUTHORIZED USE
EDIT COPY PASTE
Email
attachment
FILE
13. ROAD TO SHARING DATA SAFELY WITH ANYONE
Share internally, with business partners, and customers
Bob
Jane
Internal user
*******
External user
*******
Any device/
any platform
Roadmap
Sue
File share
SharePoint
Email
LoB
14. MONITOR AND RESPOND
Monitor use, control and block abuse
Sue
Joe blocked in North America
Jane accessed from India
Bob accessed from South America
MAP VIEW
Jane blocked in Africa
Jane
Competitors
Jane access is revoked
Sue
Bob
Jane
15.
16.
17.
18.
19.
20.
21.
22. MICROSOFT’S INFORMATION PROTECTION SOLUTIONS
Comprehensive protection of sensitive data across devices, cloud services and on-premises
environments
UNIFIEDNATIVE ANYWHERE
•
23. BETTER USER EXPERIENCE &
INTEGRATION INTO OFFICE NATIVE CLIENTS
Now:
Delightful labeling experience – for everyone!
- Simplified interface for information labeling
- More robust content matching engine
Medium & Long term:
Integration into native Office clients:
- Starting with Word, Excel and PowerPoint for Mac
- Full Office for Mac
- Office web apps
- Office for iOS & Android
- Office for Windows
NATIVE
24. UNIFIED WITH OFFICE INFORMATION PROTECTION
& AZURE AD POLICIES
Now:
Unified information types for Office DLP & AIP (80+ types)
Short term:
SharePoint sync client support for encrypted files
Enforcing Conditional Access for protected data
Medium & Long term:
Unified Information Protection policy for Office DLP & AIP
- Unify label management
- Unified labeling experience in Office clients & SPO/OD4B
- Unified classification policy
UNIFIED
25. CLASSIFY, LABEL AND PROTECT
FILES ANYWHERE
Short term:
Classify, label and protect data at rest
Label and protect data across cloud applications
Medium & Long term:
Multi platform SDK for labeling and protection – anywhere
Central logs, analytics and reports
ANYWHERE
•
26. AZURE INFORMATION PROTECTION CLIENT
• Now
• Office support (Word, Excel, PowerPoint, Outlook)
• AzIP for mobile app – enable protected files and mail consumption for non enlightened formats/apps
• Justification on reclassification
• Cloud based service
• Key management – MS managed, BYOK, HYOK (preview)
• Classification automation by content
• Secure Email
• Scanner
27. • Native labeling experience in Word,
PowerPoint & Excel on Mac, iOS, Android
and web apps
• Native labeling in Outlook on Mac, iOS,
Android and web apps
• DLP triggers based on labels
• Office 365 message encryption (GA)
• Azure Information Protection convergence to
80+ sensitive information types used in Office
365
• Azure Information Protection scanner for on-
premises file shares (preview)
• Microsoft Cloud App Security label and protect
Office files in cloud apps (preview)
H1 CY18H2 CY17
LOOKING AHEAD
29. 5 STEPS PROGRAM
Best Practice - Start small, do it now, and move quickly
1. Classify Take simple steps, it generates high-impact quickly (ie.‘Do Not
Forward’ for HR and Legal)
2. Label Test, phase the roll out, and learn – IT can’t know it all
3. Protect Control sensitive internal email flow across all PCs/Devices
4. Monitor ‘Share Protected’ files with business partners (B2B)
5. Respond Teach and enable users to revoke access
30. Use case
definition
User Coms,
help desk
prep &
refine use
cased
User Coms,
help desk
prep &
refine use
cased
User Coms,
help desk
prep &
refine use
cased
3 Months
AIP CLASSIFICATION PROJECT HIGH LEVEL
31. Yammer @ https://www.yammer.com/AskIPteam
User voice @ https://msip.uservoice.com
Technical Documentation @ https://docs.microsoft.com
For questions email AskIPteam@Microsoft.com
IT Pro Blog @ https://aka.ms/AIPblogs
Download @ https://aka.ms/AIPclient
Product page @ https://www.microsoft.com/en-us/cloud-
platform/azure-information-protection