Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in SharePoint and Teams with DLP, IRM, and AIP

Published bySándor Kocsis Modified over 4 years ago

Similar presentations

Presentation on theme: "Security in SharePoint and Teams with DLP, IRM, and AIP"— Presentation transcript:

1 Security in SharePoint and Teams with DLP, IRM, and AIP
Tim Beamer, Senior Microsoft Solution Architect, Logicalis

2 Agenda Introduction Identify Setup Monitor Block End User Education
DLP vs IRM vs AIP Identify Engine Setup s Policies Monitor DLP Queries DLP Policies Block Permissions End User Education Policy Tips Limitations IRM AIP Q&A

3 The “good old days”…NOT
Files in file shares (NTFS permissions) Move the file? Lose the permissions! the file? Lose the permissions! SharePoint “Secure” the doc library with permissions No notification of sensitive information Policies “I didn’t know…” A policy with no enforcement mechanism is useless!

4 What’s in the toolbox? DLP IRM AIP Inspect – Detect – Act Tooltips
Define permissions Encrypt – regardless of destination AIP Define data classification Inspect content and act based on classification May include modifications of permissions

5 What is data loss prevention?
Introduction What is data loss prevention?

6 What is DLP? Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside your organization DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk

7 Data Loss Prevention in SharePoint Find that information before it’s too late!
Search for sensitive content in your existing eDiscovery Center, keeping content in place and enabling you to search in real time. Credit Card Numbers, SSN, Bank Account Numbers, Passports (100 total information types!) Define once and protect across Exchange, SharePoint, Teams and OneDrive! NOTE: If you have document libraries with Search disabled, DLP will NOT work in them

8 Data Loss Prevention in SharePoint
Identify Monitor Protect End User Education

9 How does SharePoint find this information?
Identify How does SharePoint find this information?

10 DLP Processing in SharePoint
Content Sources Crawler Content Processing Index Query Unified Policy Processing Tasks Policy Definitions

11 Sensitive Information Evaluation
16 digits dddd-dddd-dddd-dddd dddddddddddddddd CVN, CVV2, CID Visa, MasterCard, Amex Expiration Date Card Holder

12 Sensitive Information Evaluation (regex)
A DLP policy is 85% confident that it's detected this type of sensitive information if, within a proximity of 300 characters: The functionFunc_credit_cardfinds content that matches the pattern. One of the following is true: A keyword fromKeyword_cc_verificationis found. A keyword fromKeyword_cc_nameis found. The functionFunc_expiration_datefinds a date in the right date format. A DLP policy is 65% confident that it's detected this type of sensitive information if, within a proximity of 300 characters:

13 Sensitive Information Evaluation (regex)

14 Requirements to make it work!
Setup Requirements to make it work!

15 Configure the search service application
Prerequisites Configure the search service application Crawl the location of the conflicting documents Configure outgoing Your users need to have an address in their profile

16 Compliance Policy Center:
Site Collections EDiscovery Center: A site to manage the preservation, search, and export of content for legal matters and investigations Compliance Policy Center: A site to manage compliance and retention policies

17 Monitor

18 EDiscovery Center

19 Found it!

20 EDiscovery Center - Excel Reports

21 DLP Policy Demo

22 End User Education

23 In Context Information
Blocked documents are visible directly in the document library (Demo)

24 Perfection doesn’t exist!
Limitations Perfection doesn’t exist!

25 Information Rights Management
IRM allow enterprises to define, implement & track information usage “policies”. A “policy” defines : WHO can use the information People & groups within and outside of the organization can be defined as rightful users of the information WHAT can each person do Individual actions like reading, editing, printing, distributing, copy-pasting, screen grabbing etc. can be controlled WHEN can they use it Information usage can be time based e.g. can only be used by Mr. A till 28th Sept OR only for the 2 days WHERE can they use it from Information can be linked to locations e.g. only 3rd floor office by private/public IP addresses

26 Configure RMS for Office 365

27 Configure RMS for Office 365

28 Configure RMS for Office 365

29 Enable in SharePoint Online

30 Enable in a Document Library

31 Secure a document

32 Azure Information Protection

33 AIP AIP – P1 USER is responsible for applying the correct label AIP – P2 Combine the capabilities of DLP and IRM Content inspection can apply the label automatically

34 DEMO

35 Schedule a Security Focused CIE
Call to action Schedule a Security Focused CIE Hands-on session We can deliver at our office or yours (need Wi-Fi and Power) Engage with Security Practice to define data classification, labels, risk, and required protections

36 Q&A Thank you!

Download ppt "Security in SharePoint and Teams with DLP, IRM, and AIP"

Similar presentations

Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.

Question : Why do F1 cars have the biggest brakes ? Answer : Because they need to go the fastest.
2 DLP helps to identify monitor protect sensitive data through deep content analysis.

2 DLP helps to identify monitor protect sensitive data through deep content analysis.
General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc.

General Business Secure Information Sharing in SharePoint 2010 Antonio Maio Senior Product Manager, Titus Inc.
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.

Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.
Microsoft Ignite /17/2017 2:11 PM

Microsoft Ignite /17/2017 2:11 PM
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
THE NEW WAY TO WORK TOGETHER Share 4 CreateControlProtect Create and organize content easily with the help of relevant discovered information Manage.

THE NEW WAY TO WORK TOGETHER Share 4 CreateControlProtect Create and organize content easily with the help of relevant discovered information Manage.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.

Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Demos Sharing a document B2B Protected email with Policy Tips Departmental Templates Mac Outlook Protected PDF OneDrive / SharePoint Document Tracking.

Demos Sharing a document B2B Protected with Policy Tips Departmental Templates Mac Outlook Protected PDF OneDrive / SharePoint Document Tracking.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.

Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.

Secure outsourcing: Possibility or oxymoron ?? Vishal Gupta CEO.
Developing Policy and Procedure Management System إعداد برنامج سياسات وإجراءات العمل 8 Safar 1428 26 February 2007 HERA GENERAL HOSPITAL.

Developing Policy and Procedure Management System إعداد برنامج سياسات وإجراءات العمل 8 Safar February 2007 HERA GENERAL HOSPITAL.
THE NEW WAY TO WORK TOGETHER Share 4 CreateControlProtect Create and organize content easily with the help of relevant discovered information Manage.

THE NEW WAY TO WORK TOGETHER Share 4 CreateControlProtect Create and organize content easily with the help of relevant discovered information Manage.

Similar presentations

Ads by Google