Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite 2016 6/30/2018 6:28 PM

Published byBritney Stephens Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 6/30/2018 6:28 PM"— Presentation transcript:

1 Microsoft Ignite 2016 6/30/2018 6:28 PM Prevent unwanted and embarrassing leakage with Azure Information Protection M318 Andrew “Macca” McMurray Principal Program Manager Mail: Microsoft Corporation Twitter: @MaccaOz WOW: Automatisier – 108 Pandaren Hunter – Horde on Khaz’Goroth © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Enterprise Mobility + Security
The Microsoft vision Identity Driven Security Users Devices Apps Data Managed Mobile Productivity Comprehensive Solution

3 Enterprise Mobility +Security
The Microsoft solution Azure Active Directory Microsoft Cloud App Security Manage identity with hybrid integration to protect application access from identity attacks Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Detect threats early with visibility and threat analytics Advanced Threat Analytics Azure Information Protection Protect your data, everywhere

4 Azure Information Protection

5 How much control do YOU have?
Unregulated, unknown How much control do YOU have? Hybrid data = new normal It is harder to protect Managed mobile environment Identity, device management protection On-premises Perimeter protection

6 The evolution of Information Protection
LABELING CLASSIFICATION Classify & Label ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & Respond

7 Azure Information Protection Full Data Lifecycle
CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classify & Label Protect Monitor & Respond

8 Classification + Automation + Protection + Reporting + Collaboration
Microsoft Ignite 2016 6/30/2018 6:28 PM Classification + Automation + Protection + Reporting + Collaboration © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Classification Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Classify Data – Begin the Journey
Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection IT admin sets policies, templates, and rules Confidential Restricted Personal Internal Public

11 Classification user experiences
6/30/2018 Classification user experiences Reclassification Manual Automatic Recommended © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Apply Labels based on classification
Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read Labels travel with the document, regardless of location FINANCE CONFIDENTIAL

13 Protection Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Protect data against unauthorized use
Corporate apps attachment FILE VIEW EDIT COPY PASTE Personal apps Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data

15 How Protection Works 6/30/2018
Usage rights and symmetric key stored in file as “license” License protected by customer-owned RSA key Use rights + Water Sugar Brown #16 Water Sugar Brown #16 ()&(*7812(*: PROTECT UNPROTECT Each file is protected by a unique AES symmetric Secret cola formula © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Rights Management Active Directory Key Vault
6/30/2018 How Protection Works LOCAL PROCESSING ON PCS/DEVICES Use rights + Azure RMS never sees the file content, only the license SDK ()&(*7812(*: Use rights + Rights Management Active Directory Key Vault File content is never sent to the RMS server/service Apps protected with RMS enforce rights Apps use the SDK to communicate with the RMS service/servers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Demo Azure Information Protection Microsoft Ignite 2016
6/30/2018 6:28 PM Demo Azure Information Protection © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Reporting Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Monitor and Respond Monitor use, control and block abuse MAP VIEW
Sue Bob Jane Sue Joe blocked in Ukraine Jane accessed from France Bob accessed from North America MAP VIEW Jane Competitors Jane access is revoked

20 Reporting Coming (very) Soon Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Collaboration Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Road to sharing data safely with anyone
Share internally, with business partners, and customers Bob Jane Internal user ******* External user Any device/ any platform Let Bob view and print Let Jane edit and print Sue File share SharePoint LoB

23 Azure Active Directory
6/30/2018 6:28 PM How Sharing Works Using Azure AD for authentication On-premises organizations doing full sync Azure Active Directory On-premises organizations doing partial sync Organizations completely in cloud Organizations created through ad-hoc signup …and all of these organizations can interact with each other. ADFS © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Partner Deployment Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Information Security Lifecycle
Create Store Collaborate Release Archive Document Lifecycle Templates SharePoint File Server Microsoft Office Intranet, , Printed Records Management Identify Protect Detect Respond Recover Information Security Threat-Scenarios & Classification Access Controls & Encryption Data Loss Prevention Rights Management Cyber Response Plan

26 Develop Threat Scenarios
Describe the scenario Current and future risks? Monitor user activity Enable restrictions How likely is it? Scan files Apply labelling Revoke Access What impact will it have Detect suspicious behaviour Define Business Rules Investigate Who is most interested Detect Respond Recover Identify Protect

27 Threat Scenario Company Name Title: Name: Department: Date: …
Describe the potential scenario, for example: “Cabinet Comments are leaked to the press” Scenario description Instructions: Use the form on the right to explain the potential threat scenario Provide as much relevant information as possible Complete the check boxes below to explain what levels of information may be involved Risks and Likelihood Explain how realistic the scenario is, based on method and frequency of information exchanged Explain potential risks to personal safety if this scenario were to occur (if any) Risk to Personal Safety Classifications: Public Unclassified Protected Confidential Operational Impact What is the potential impact to daily operations if this system were compromised, taken offline, or data destroyed Provide a rough order of magnitude for the financial impact to recovering from this loss/breach (or use low/medium/high) Financial Value Reputational Damage Explain the potential impact to reputation and trust for your customers, partners, investors, and regulators DLM: For Official Use Only Sensitive Sensitive: Legal Sensitive Personal Sensitive: Cabinet What restrictions should be in place, for example: do not print, do not store on Portable Media, do not share with externally parties Mitigations Describe any known groups and other entities that may carry out this type of threat, or interested in the information Threat Actors

28 Deployment Planning Gradual enablement:
6/30/2018 6:28 PM Deployment Planning Gradual enablement: Flexible tools for policy enforcement that provide the right level of control Classification (AIP) Visual Labelling (AIP) Rights Management (RMS) Data Loss Prevention (DLP) Monitoring and Alerting (CAS/ASM) APPEND OVERRIDE ENCRYPT REVIEW CLASSIFY REDIRECT ALERT BLOCK © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 DLP Policies for Exchange Online

30 DLP Policies for CAS / ASM

31

32 Architectures Microsoft Ignite 2016 6/30/2018 6:28 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Topology optional Azure AD Azure Rights Management Azure Key Management Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort Authentication & collaboration Service supplied Key BYO Key Authorization requests via federation (optional) RMS connector AAD Connect ADFS

34 Regulated Environments
Topology for Regulated Environments optional Azure AD Azure Rights Management Azure Key Management Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort Hold your key on premises Authentication & collaboration Service supplied Key BYO Key Authorization requests via federation (optional) RMS connector AAD Connect ADFS Rights Management Hold-your-own Key Key Management

35 Getting started with key scenarios
Classification only Understand your data classification needs, enable the service and define a default policy so all documents are labelled. + Automation Define content based actions to automatically classify and label documents or make recommendations to users to confirm. + Protection For sensitive information, define protection policies that require authentication and enforce use rights. + Reporting Gain insights into the types of information you have, users that work with different sensitivity levels and trends in data creation. Securely share documents and with internal and external recipients. + Collaboration

36 Resources Follow @ https://twitter.com/TheRMSGuy
6/30/2018 6:28 PM Resources Technical For questions IT Pro Product © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 6/30/2018 6:28 PM Please evaluate this session for the chance to instantly win great prizes like Surface Pro 4 and the brand new Xbox One S! Your feedback is important to us! From your PC or Tablet visit My Ignite at © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Continue your Ignite learning path
6/30/2018 6:28 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings Head to the TechNet Eval Centre to download trials of the latest Microsoft products Visit Microsoft Virtual Academy for free online training visit © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Thank you Chat with me in the Speaker Lounge
6/30/2018 6:28 PM Thank you Chat with me in the Speaker Lounge © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite 2016 6/30/2018 6:28 PM"

Similar presentations

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Pat Fetty – Principal PM Manager Securing your mobile assets with Microsoft Intune WIN33 1.

Pat Fetty – Principal PM Manager Securing your mobile assets with Microsoft Intune WIN33 1.
The Secure Productive Enterprise Azure Information Protection Training

The Secure Productive Enterprise Azure Information Protection Training
Microsoft Virtual Academy

Microsoft Virtual Academy
ActiveSync & DLP management in Exchange Online

ActiveSync & DLP management in Exchange Online
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,

2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Azure Information Protection

Azure Information Protection
Azure Information Protection

Azure Information Protection
Microsoft Virtual Academy

Microsoft Virtual Academy
Deployment Planning Services

Deployment Planning Services
Azure Rights Management

Azure Rights Management
Power BI for the Enterprise

Power BI for the Enterprise
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection
Microsoft Virtual Academy

Microsoft Virtual Academy
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services

Deployment Planning Services

Similar presentations

Ads by Google