Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accelerate Azure Information Protection Deployment and Adoption

Published byApril Horn Modified over 6 years ago

Similar presentations

Presentation on theme: "Accelerate Azure Information Protection Deployment and Adoption"— Presentation transcript:

1 Accelerate Azure Information Protection Deployment and Adoption
5/16/ :12 AM BRK3017 Accelerate Azure Information Protection Deployment and Adoption Tom Moser - Sr. Program Manager Anthony Roman - Information Security Engineer (Quicken Loans) Chris Hall – Sr. Systems Engineer (Quicken Loans) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session Objectives and Takeaways
At the end of this session you should be better able to: Use best practices to implement classification and labeling Describe and deploy advanced CLP capabilities Determine where AIP fits in to data compliance efforts

3 Agenda Get started! Data Centric Protection Strategy (Is AIP DLP?)
5/16/ :12 AM Agenda Get started! Data Centric Protection Strategy (Is AIP DLP?) Develop Success Criteria Regulation and Compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 5/16/ :12 AM Get Started! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 What Can I Do Today? Start with the default labels Start small.
5/16/ :12 AM What Can I Do Today? Start with the default labels Start small. Define labels, define one use case, grow from there. Solving everything on day one will result in solving nothing. Use labels to define permissions, define rights by groups Work with desktop/mobile teams to package and deploy. Deployment is a pretty standard MSI with few options © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Use Standard, Approachable Labels
5/16/ :12 AM Use Standard, Approachable Labels Labels should resonate with user thought patterns Label names should not use jargon, standards, or other acronyms PII, PCI, HIPAA, LBI, MBI, HBI, BBQ, WTH These may be classes of Confidential or Highly Confidential Information Internal is not a classification. It’s a scope* *What if it’s Internal – External Approved? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Create Sub-Labels for Key Departments
5/16/ :12 AM Create Sub-Labels for Key Departments Define boundaries by risk of internal consumption Engineering drawing vs. Salary information Define boundaries by need for external consumption Rights policies permit domain based external sharing External PR, Legal, HR firms may need to securely collaborate Question each new ask for a different sub-label What’s the risk of an internal user seeing this data? Does it enable an approval external organization to collaborate? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Used Scoped Policies Help to keep interface uncluttered
5/16/ :12 AM Used Scoped Policies Help to keep interface uncluttered Avoid crossover. CEO shouldn’t have label for every team in the company. Too many choices = wrong choice Too many choices = no choice © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Encourage the Correct Behavior
5/16/ :12 AM Encourage the Correct Behavior Automation is great, but overuse or misclassification will frustrate users and generate helpdesk calls Recommend first. Evaluate success. Use automatic later. Mandatory labeling might be frustrating, but required © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Automate the Really Important Stuff
5/16/ :12 AM Automate the Really Important Stuff Build AIP automation policies Built in rules detect easy items Regex can tackle more complex information © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Enhance Existing DLP Capabilities
5/16/ :12 AM Enhance Existing DLP Capabilities Labeled data helps reduce false negatives We assume Confidential or Highly Confidential data is properly labeled DLP engines can take action to restrict flow, provide notification, etc. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Monitor MCAS has native AIP support
5/16/ :12 AM Monitor MCAS has native AIP support Any service that can read metadata can find the labels Learn where classified data is flowing and act if desired © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Customer Profile: Quicken Loans

14 5/16/ :12 AM I’m Not Buying It © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Back in My Day We had DLP and we liked it!
5/16/ :12 AM Back in My Day We had DLP and we liked it! “Why do I need AIP with my product installed?” –DLP Vendor* Users will find some way around DLP, accidentally or intentionally *Actual Quote © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Today – Data Centric Protection
5/16/ :12 AM Today – Data Centric Protection Classify, Label, and Protect at creation Protected data, even if it avoids DLP, is protected External data, outside DLP control, is still protected Audit what, who, when, where, how after egress © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Microsoft’s approach to information protection
5/16/ :12 AM Microsoft’s approach to information protection Comprehensive protection of sensitive data throughout the lifecycle – across devices, apps, cloud services and on-premises Detect Classify Protect Monitor Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Enterprise Grade Partner and Support
5/16/ :12 AM Enterprise Grade Partner and Support Do you trust that your security partner will still exist in 6/12/24 months? What happens if they’re acquired and completely change strategy? Microsoft has a long history of well-defined support policies and software/service lifecycles © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Your Requirements are a Priority
5/16/ :12 AM Your Requirements are a Priority Hosting Requirements What are encryption/log requirements? Public, private, or hybrid cloud? Compliance More certifications and compliance coverage than any other cloud provider. Detailed information at the Microsoft Azure Trust Center © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Demo

21 Regulation and Compliance
5/16/ :12 AM Regulation and Compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Compliance Framework Inventory: What’s important and where’s it live?
Secure: What action can we take to protect the identified information? Audit: How can we investigate, or prevent, misuse? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Identify In-Scope Data
5/16/ :12 AM Identify In-Scope Data Unstructured* data resides in many places File Shares, SharePoint, Exchange, OneDrive, etc. Leverage scanner/scripting to discover existing data and to classify and label Start with user-driven protection today! The problem doesn’t get any better by waiting. Users applying labels now reduces future scanning work. Label data drives security and monitoring efforts. *Structured data is out of scope © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 5/16/ :12 AM Secure In-Scope Data Apply AIP protection at creation for authorized users only Apply AIP protection to discovered items Leverage CASB and DLP rules to block unauthorized actions in addition to AIP protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 5/16/ :12 AM Monitor In-Scope Data Two facets of monitoring: Compliance reporting and breach reporting/remediation Labels make reporting on breach much easier What type of data was stolen? Was protection in place on stolen information? Labels make compliance reporting easier What type of data lives where? How is access to this information restricted and controlled? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 AIP is Just a Piece of the Puzzle
5/16/ :12 AM AIP is Just a Piece of the Puzzle First and third-party services still required DLP and CASB integration, SharePoint, Exchange, etc. Identity-bound protection requires strong identity MFA, Azure AD Identity Protection Workstation Protections WIP, Credential Guard, application whitelisting, etc. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 In review: session objectives and takeaways
Tech Ready 15 5/16/2018 In review: session objectives and takeaways Leverage best practices to implement classification and labeling Describe and deploy advanced CLP capabilities Determine exactly where AIP fits in to data compliance efforts Get started! Talk your customer off the “solve it all” ledge and start simple. Identify one or two easy use cases and begin POC. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Information Protection related sessions
Date / Time Keep what you need and don’t horde everything with intelligent data governance in Office 365 Tues, 9:00am-10:15am Protecting complete data lifecycle using Microsoft information protection capabilities Tues, 10:45am-12:00pm Elevating your security with Office 365 clients Tues, 4:30pm-5:45pm Discover what’s new in Azure Information Protection and learn about the roadmap and strategy Weds, 9am-10:15am Protect sensitive information with Office 365 DLP Weds, 10:20am-10:40am Accelerate Azure information protection deployment and adoption Weds, 12:30pm-1:45pm Understanding best practices in classifying sensitive data as part of your information protection strategy Weds, 2:00pm-2:45pm Deploying and managing Windows Information Protection Weds, 4:00pm-5:15pm Extending classification, labeling and protection to third-parties with Azure Information Protection Weds, 5:05pm-5:25pm Encryption key management strategies for compliance Thu, 10:15am-11am Protect your sensitive s through encryption and rights management capabilities in Office 365 Thurs, 2:00pm-2:45pm Understanding advanced concepts in getting the most out of Office 365 Data Loss Prevention Fri, 9:00am-10:15am

29 Session resources Blog 1 Blog 2 Blog 3 Blog 4
5/16/ :12 AM Session resources Blog 1 Blog 2 Blog 3 Blog 4 Microsoft Ready content can be found at © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Please evaluate this session
Tech Ready 15 5/16/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 5/16/ :12 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Accelerate Azure Information Protection Deployment and Adoption"

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner

Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services

Deployment Planning Services
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Understanding your collaboration options in Office 365

Understanding your collaboration options in Office 365
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
Microsoft Ignite 2016 7/18/2018 8:30 PM BRK2065

Microsoft Ignite /18/2018 8:30 PM BRK2065

Similar presentations

Ads by Google