Information Protection updates in Microsoft 365


– Coming up, whether you’re concerned about protecting the security and privacy of your company data due
to regulatory requirements or the need to protect
intellectual property, we look at the latest updates
from Permission Protection in Microsoft 365 that help
you more easily discover all your data to identify the
most sensitive information and apply the right automated
classification and labeling with the appropriate controls. And take advantage of our
risk containment capabilities including post reach threat
reduction when important data is exposed on your endpoints. Microsoft Information
Protection is a family of complimentary solutions to
help you discover, classify, protect, and monitor your
sensitive information wherever it lives,
whether it’s on premises, on devices, or in the Cloud. As an admin, you can easily set up the right sensitivity
labels for the organization. We give you a comprehensive solution comprising sensitive data discovery, automated classification and labeling across your file servers,
office applications and other web apps and services that leverage a common
classification engine. We simplify your ability to
set policy and specific actions against your labels. As a user, you can easily select and apply the appropriate
sensitivity labels based on the type of information
you are working with. Freeing you up to stay
productive and collaborative because you know that the
right protection is applied to your documents and emails. Delivering a consistent experience across your productivity apps and devices, whether you’re labeling files
or viewing protected files, has been a big area of investment for us. We are making classification
and labeling the sensitive data ubiquitous across our platforms,
files, apps, and services. For example, here is my document
on Microsoft Word on Mac, and here is what it looks like
on Microsoft Word on my iPad and on my Android phone. As you can see, the labeling
experience is consistent across devices. Now, beyond Office apps, we
also support a broad array of common file types, and
we now natively support viewing labeled and protected PDF files in Adobe Acrobat Reader. Of course, our Information
Protection capabilities even extend to non-Microsoft
Cloud services, such as Salesforce and
G Suite and much more. This is all made possible via
our information protection SDK that’s used today by
Microsoft apps and services, and a variety of partner
applications and services to support our hybrid customers. Any information protection strategy is only as good as your
ability to discover and understand the
sensitivity of the landscape across your organization. Most organizations are largely unaware of how much sensitive data
exists, where it lives, and what’s happening to it. The good news for admins is
that we have greatly simplified your ability to discover sensitive
data in your environment, helping you define and implement
your protection policies. The Azure Information
Protection scanner runs against your on-premises
SharePoint servers and other file servers. Our integration with
Microsoft Cloud App Security enables you to inspect
files in cloud services. So we have you covered. Whether you are fully moved to the cloud or are in the midst of your journey. Now let me show you this in action. I’ll start by walking you
through our discovery report. In this screen, you can
see that we have discovered 209 information types
against my file repository where we’ve already run the IP scanner. Drilling deeper into the
file repository view, you can get an aggregate view
of all information types, see the exact files that were scanned, and what exactly did we
discover in each file. You can generate a similar
report of content scanned by Microsoft Cloud App Security as well. In this example, you can
see that MCAS has discovered sensitive files with PII data on Box. Here’s another file with PCI information, and here’s another one
with Credit Card Match. Now beyond discovery and recommendations, we have made a number of
updates to the IP scanner. For example, we recently
announced the public preview of configuration UI that allows you to manage multiple profiles. Here, I will choose the U.S. West profile. In this profile I have set
the schedule to be always, which means continuous scan. I have configured three repositories, one SharePoint server
and two file servers. Also, I have chosen enforce
mode in order to label and protect all discovered files. This really helps our
deployments be more centralized, manageable, and scalable. Now, lets move back to reporting. Once you configure your labels,
use them with Office apps, AIP Client, AIP Scanner, etc. You want to get a unified
view of the overall usage across your organization. Now let me walk you through
what a typical user report will look like. Here you can see label
activity, protection activity, how many users are active,
how many devices are active, what types of labels have been
applied in an organization, like confidential, general,
or highly confidential, and using which application,
like AIP scanner, or Microsoft Outlook. You can also get detailed
reports on the activities from the latest users
in your organization. You can choose a particular filter, let’s say the highly confidential label, and then filter your activity
to just that particular label. Now, if you click on any of the rows here, that will show up, you
can also drill in further. Now we not only give you
the ability to report on and track your sensitive
data, but also offer you the ability to contain
risks around oversharing of this data. A good example of this
is protecting information on your Windows Endpoints. Windows now understands sensitivity labels and can enforce policy to
prevent the inappropriate copying or sharing of information
to non-compliant locations on the devices. As you can see here, I
have this document labeled as highly confidential. Because it’s highly confidential, when I try to copy paste
this content over to Gmail, Windows will warn me,
suggesting that this content is Word content and if
I copied it to Gmail then my company will track this action. Similarly here when I try to
download a sensitive document from Box to my unmanaged
device, you can see that MCAS will block this operation. One of the coolest recent
additions has been the integration of sensitive data awareness into the Windows Defender Security Center. Incidents raised in Windows
Defender Security Center now include a data-sensitivity attribute. As you can see in this report,
your security analyst can now prioritize their instant
response by choosing to focus on alerts with
highly-confidential sensitivity and can go further deep into the incident and specific machines. Also, you can run an
advanced hunting query to understand which sensitive
files exist on which machines. So that was a quick overview of the latest Information
Protection capabilities from Microsoft 365. To learn more, check out the link shown. Thanks for watching. (upbeat music)

Leave a Reply