Azure Information Protection Microsoft Ignite 2016 4/21/2018 4:06 PM BRK2127 Azure Information Protection Adam Hall Customer Success Lead Azure IP engineering Follow: @TheRMSGuy Mail: AskIPTeam@Microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Enterprise Mobility + Security The Microsoft vision Identity Driven Security Users Devices Apps Data Managed Mobile Productivity Comprehensive Solution
Enterprise Mobility +Security The Microsoft solution Azure Active Directory Microsoft Cloud App Security Manage identity with hybrid integration to protect application access from identity attacks Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Detect threats early with visibility and threat analytics Advanced Threat Analytics Azure Information Protection Protect your data, everywhere
Azure Information Protection
How much control do YOU have? Unregulated, unknown How much control do YOU have? Hybrid data = new normal It is harder to protect Managed mobile environment Identity, device management protection On-premises Perimeter protection
The evolution of Information Protection LABELING CLASSIFICATION Classify & Label ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & Respond
Azure Information Protection Full Data Lifecycle CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classify & Label Protect Monitor & Respond
Classification + Automation + Protection + Reporting + Collaboration Microsoft Ignite 2016 4/21/2018 4:06 PM Classification + Automation + Protection + Reporting + Collaboration © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Classification Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Classify Data – Begin the Journey Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection IT admin sets policies, templates, and rules Confidential Restricted Personal Internal Public
Classification user experiences 4/21/2018 Classification user experiences Reclassification Manual Automatic Recommended © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Apply Labels based on classification Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read Labels travel with the document, regardless of location FINANCE CONFIDENTIAL
Protection Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Protect data against unauthorized use Corporate apps Email attachment FILE VIEW EDIT COPY PASTE Personal apps Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data
How Protection Works 4/21/2018 Usage rights and symmetric key stored in file as “license” License protected by customer-owned RSA key Use rights + Water Sugar Brown #16 Water Sugar Brown #16 aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu ()&(*7812(*: PROTECT UNPROTECT Each file is protected by a unique AES symmetric Secret cola formula © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Rights Management Active Directory Key Vault 4/21/2018 How Protection Works LOCAL PROCESSING ON PCS/DEVICES Use rights + Azure RMS never sees the file content, only the license SDK aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + Rights Management Active Directory Key Vault File content is never sent to the RMS server/service Apps protected with RMS enforce rights Apps use the SDK to communicate with the RMS service/servers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Demo Azure Information Protection Microsoft Ignite 2016 4/21/2018 4:06 PM Demo Azure Information Protection © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Reporting Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Monitor and Respond Monitor use, control and block abuse MAP VIEW Sue Bob Jane Sue Joe blocked in Ukraine Jane accessed from France Bob accessed from North America MAP VIEW Jane Competitors Jane access is revoked
Logs & Reporting More Soon Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Collaboration Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Road to sharing data safely with anyone Share internally, with business partners, and customers Bob Jane Internal user ******* External user Any device/ any platform Let Bob view and print Let Jane edit and print Sue File share SharePoint Email LoB
Azure Active Directory 4/21/2018 4:06 PM How Sharing Works Using Azure AD for authentication On-premises organizations doing full sync Azure Active Directory On-premises organizations doing partial sync Organizations completely in cloud Organizations created through ad-hoc signup …and all of these organizations can interact with each other. ADFS © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Architectures Microsoft Ignite 2016 4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Topology optional Azure AD Azure Rights Management Azure Key Management Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort Authentication & collaboration Service supplied Key BYOK Authorization requests via federation (optional) RMS connector AAD Connect ADFS
Regulated Environments Topology for Regulated Environments optional Azure AD Azure Rights Management Azure Key Management Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort Hold your key on premises Authentication & collaboration Service supplied Key BYOK Authorization requests via federation (optional) RMS connector AAD Connect ADFS Rights Management HYOK Key Management
Getting started with key scenarios Classification only Understand your data classification needs, enable the service and define a default policy so all documents are labelled. + Automation Define content based actions to automatically classify and label documents or make recommendations to users to confirm. + Protection For sensitive information, define protection policies that require authentication and enforce use rights. + Reporting Gain insights into the types of information you have, users that work with different sensitivity levels and trends in data creation. Securely share documents and email with internal and external recipients. + Collaboration
Check out more sessions: 4/21/2018 4:06 PM Check out more sessions: Tuesday: BRK2127 Adopt a comprehensive identity-driven solution for protecting and sharing data securely – 9am THR2107 Collaborate securely using Azure Information Protection – 12:05 pm Wednesday: THR2108 Ensure comprehensive protection of your data with Azure Information Protection – 11:05 am BRK3095 Learn how classification, labeling, and protection delivers persistent data protection – 12:30 pm BRK2128 Protect and share data with anyone securely using Azure Information Protection – 4 pm Friday: BRK3323 Meet Azure Information Protection customers and learn about their success stories – 9:15 am (General Motors) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Keep going… Try Enterprise Mobility + Security for free, today: www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial See Microsoft Cloud App Security in action https://www.microsoft.com/en-us/cloud-platform/cloud-app-security-trial Evaluate and try Microsoft Advanced Threat Analytics now www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics Explore Identity + Access Management www.microsoft.com/en-us/cloud-platform/identity-management Learn more about Azure Information Protection www.microsoft.com/en-us/cloud-platform/information-protection Discover new MDM and MAM solutions with Microsoft Intune www.microsoft.com/en-us/cloud-platform/mobile-device-managementlink Check out new Desktop virtualization capabilities www.microsoft.com/en-us/cloud-platform/desktop-virtualization
Please evaluate this session 4/21/2018 4:06 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
4/21/2018 4:06 PM © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.