Presentation is loading. Please wait.

Presentation is loading. Please wait.

7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal.

Published byDominick Garrett Modified over 5 years ago

Similar presentations

Presentation on theme: "7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal."— Presentation transcript:

1 7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal Group Program Manager Senior Program Manager Lead © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 In the past, the firewall was the security perimeter
7/23/2018 6:01 PM In the past, the firewall was the security perimeter users devices apps data On-premises / Private cloud © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Now there’s fewer boundaries, more data, more complexity
7/23/2018 6:01 PM Now there’s fewer boundaries, more data, more complexity OPPORTUNITY On-premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 The lifecycle of a sensitive file
7/23/2018 6:01 PM The lifecycle of a sensitive file Data travels across various locations, shared Protection is persistent, travels with the data Data is monitored Reporting on data sharing, usage, potential abuse; take action & remediate Data is created, imported, & modified across various locations Data is detected Across devices, cloud services, on-prem environments Data is protected based on policy Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP action such as blocking sharing Sensitive data is classified & labeled Based on sensitivity; used for either protection policies or retention policies Retain, expire, delete data Via data governance policies © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Microsoft’s information protection solutions - Today
7/23/2018 6:01 PM Microsoft’s information protection solutions - Today Comprehensive protection of sensitive data across devices, cloud services and on-premises environments Devices OFFICE 365 CLOUD SERVICES, SaaS APPs & ON-PREMISES PCs, tablets, mobile Exchange Online, SharePoint Online & OneDrive for Business Highly regulated Azure SaaS & ISVs Datacenters, file shares Windows Information Protection Office 365 DLP Office 365 Advanced Data Governance Azure Information Protection (AIP) Microsoft Cloud App Security (MCAS) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Microsoft’s information protection solutions help you protect sensitive data throughout the lifecycle – inside and outside the organization

7 Microsoft’s approach to information protection
7/23/2018 6:01 PM Microsoft’s approach to information protection Comprehensive protection of sensitive data throughout the lifecycle – inside and outside the organization Detect Classify Protect Monitor Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 MICROSOFT’S INFORMATION PROTECTION SOLUTIONS
AZURE INFORMATION PROTECTION Classify, label & protect files – beyond Office 365, including on-prem & hybrid MICROSOFT CLOUD APP SECURITY Visibility into 15k+ cloud apps, data access & usage, potential abuse DETECT OFFICE 365 DLP Prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business OFFICE 365 ADVANCED SECURITY MANAGEMENT Visibility into Office 365 app usage and potential data abuse ISV APPLICATIONS Enable ISV partners to consume labels, apply protection MICROSOFT’S INFORMATION PROTECTION SOLUTIONS MONITOR CLASSIFY WINDOWS INFORMATION PROTECTION Separate personal vs. work data on Windows 10 devices and prevent work data from traveling to non-work locations OFFICE APPS Protect sensitive information while working in Excel, Word, PowerPoint, Outlook MESSAGE ENCRYPTION Send encrypted s in Office 365 to anyone – inside or outside of the company PROTECT OFFICE 365 ADVANCED DATA GOVERNANCE Apply retention and deletion policies to sensitive and important data in Office 365 CONDITIONAL ACCESS Control access to files based on policy, such as identity, machine configuration, geo location SHAREPOINT & GROUPS Protect files in libraries and lists

9 Detect Classify Classify Protect Protect Monitor 7/23/2018 6:01 PM
Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 7/23/2018 6:01 PM Detect and Classify sensitive information across cloud services & on-premises Demo: Admin © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 7/23/2018 6:01 PM Detect and Classify sensitive information across cloud services & on-premises Demo: Microsoft only © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 7/23/2018 6:01 PM Detect and Classify sensitive information across cloud services & on-premises Demo: Hybrid © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 7/23/2018 6:01 PM Detect and Classify sensitive information across cloud services & on-premises Demo: Forcepoint © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 7/23/2018 6:01 PM In summary © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Detect sensitive information
7/23/2018 6:01 PM a CLOUD & SaaS APPS Detect sensitive information ON PREMISES No matter where it’s created, modified or shared © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Business-lead policies & rules; configured by IT
7/23/2018 6:01 PM Classify information based on sensitivity Business-lead policies & rules; configured by IT Automatic classification Policies can be set by IT Admins for automatically applying classification and protection to data Recommended classification Based on the content you’re working on, you can be prompted with suggested classification HIGHLY CONFIDENTIAL CONFIDENTIAL PERSONAL Manual reclassification You can override a classification and optionally be required to provide a justification GENERAL PUBLIC User-specified classification Users can choose to apply a sensitivity label to the or file they are working on with a single click © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Sensitivity labels persist with the document
7/23/2018 6:01 PM Sensitivity labels persist with the document Document labeling – what is it? Metadata written into document files Travels with the document as it moves In clear text so that other systems such as a DLP engine can read it Used for the purpose of apply a protection action or data governance action – determined by policy Can be customized per the organization’s needs FINANCE CONFIDENTIAL © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Protect sensitive information across cloud services & on premises
7/23/2018 6:01 PM Protect sensitive information across cloud services & on premises Data encryption built into Azure & Office 365 Revoke app access File-level encryption and permissions Policy tips to notify and educate end users DLP actions to block sharing Visual markings to indicate sensitive documents Control cloud app access & usage Retain, expire or delete documents © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 DLP policy to limit document sharing
7/23/2018 6:01 PM Protection example: DLP policy to limit document sharing Across Office client applications – mobile, desktop & tablets Restrict or block sharing – internally or externally Policy tips to warn end users © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Protect sensitive data across your environment
7/23/2018 6:01 PM Protect sensitive data across your environment Cloud & on-premises File encryption Permissions and rights-based restrictions DLP actions to prevent sharing Policy tips & notifications for end-users Visual markings in documents Control and protect data in cloud apps with granular policies and anomaly detection Data retention, expiration, deletion Devices Drive encryption Remote wipe Business data separation © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Detect Classify Protect Monitor 7/23/2018 6:01 PM
Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Monitor information protection events for greater control
7/23/2018 6:01 PM Monitor information protection events for greater control Policy violations Anomalous activity Document access & sharing End-user overrides False positives App usage Visibility Tune & revise policies Quarantine user Integrate into workflows & SIEM Revoke access Quarantine file Take Action © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Monitor DLP and data governance events
7/23/2018 6:01 PM Monitor DLP and data governance events Know when policy is violated Incident report s alert you in real time when content violates policy See the effectiveness of your policies Built in reports help you see historical information and tune policies Integrates with other systems Leverage the Activity Management API to pull information into SIEM and workflow tools © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Monitor document sharing & access
7/23/2018 6:01 PM Monitor document sharing & access Distribution visibility Analyze the flow of personal and sensitive data and detect risky behaviors. Access logging Track who is accessing documents and from where. Access revocation Prevent data leakage or misuse by changing or revoking document access remotely. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Looking ahead H1 CY18 H2 CY17 TechReady 23 7/23/2018 6:01 PM
While representing intended plans, capabilities and target dates are subject to change Office 365 message encryption (GA) Azure Information Protection convergence to 80+ sensitive information types used in Office 365 Azure Information Protection scanner for on- premises file shares (preview) Microsoft Cloud App Security label and protect Office files in cloud apps (preview) Native labeling experience in Word, PowerPoint & Excel on Mac, iOS, Android and web apps Native labeling in Outlook on Mac, iOS, Android and web apps DLP triggers based on labels H1 CY18 H2 CY17 © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 You can get started today
Apply governance labels for data retention and deletion Sensitivity labels using Azure Information Protection plug-in View protected Word, Excel & PowerPoint documents on Windows, Mac, iOS and Android View protected Outlook s on Windows, Mac, iOS and Android Protect Word, Excel & PowerPoint documents on Windows and Mac Protect Outlook s on Windows and Mac Shared developer platform for 3rd-party solutions (e.g. DLP vendors) …and more

27 Get started Today! Use Office 365 DLP to protect your Office 365 and documents Use Office 365 Advanced Data Governance for data governance, retention & expiration Use Azure Information Protection to protect beyond Office 365 – on the supported versions of Office, Windows and mobile devices Use Windows Information Protection for your Windows 10 devices and Intune Mobile Device Management & Mobile App Management policies for iOS and Android devices

28 Information Protection related sessions
Date / Time Keep what you need and don’t horde everything with intelligent data governance in Office 365 Tues, 9:00am-10:15am Protecting complete data lifecycle using Microsoft information protection capabilities Tues, 10:45am-12:00pm Elevating your security with Office 365 clients Tues, 4:30pm-5:45pm Discover what’s new in Azure Information Protection and learn about the roadmap and strategy Weds, 9am-10:15am Protect sensitive information with Office 365 DLP Weds, 10:20am-10:40am Accelerate Azure information protection deployment and adoption Weds, 12:30pm-1:45pm Understanding best practices in classifying sensitive data as part of your information protection strategy Weds, 2:00pm-2:45pm Deploying and managing Windows Information Protection Weds, 4:00pm-5:15pm Extending classification, labeling and protection to third-parties with Azure Information Protection Weds, 5:05pm-5:25pm Encryption key management strategies for compliance Thu, 10:15am-11am Protect your sensitive s through encryption and rights management capabilities in Office 365 Thurs, 2:00pm-2:45pm Understanding advanced concepts in getting the most out of Office 365 Data Loss Prevention Fri, 9:00am-10:15am

29 Please evaluate this session
Tech Ready 15 7/23/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 7/23/2018 6:01 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal."

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
Deployment Planning Services

Deployment Planning Services
Azure Information Protection

Azure Information Protection
Deployment Planning Services

Deployment Planning Services
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Accelerate Azure Information Protection Deployment and Adoption

Accelerate Azure Information Protection Deployment and Adoption
Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner

Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.

5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services

Deployment Planning Services
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Do more with Microsoft Word and Office 365

Do more with Microsoft Word and Office 365
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365

Similar presentations

Ads by Google