3. System glitches Malicious intentOops! 39% 24% 37% 97% avoidable! Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide

4. Data Loss Prevention in Exchange Helps to identify monitor protect sensitive data through deep content analysis Identify Protect Monitor End user education

5. Available in Exchange Online A3/A4 G3/G4 E3/E4 Available in Exchange Server 2013 Requires an Exchange Enterprise Client Access License (CAL) with services http://office.microsoft.com/en- us/exchange/microsoft-exchange- server-licensing-licensing-overview- FX103746915.aspx Note: Can be used with Exchange 2010 with limited functionality

7. Policy distribution Contextual policy education DLP policy configuration Backend policy evaluation Audit & incident data generation Admin Information workers DLP system walkthrough

8. DLP Policy Enforcement Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention ALERT CLASSIFY ENCRYPT APPENDOVERRIDE REVIEW REDIRECT BLOCK

10. XML configuration that define policy objectives Built atop of Exchange transport rules Management and deployment Exchange standard interfaces – Web and PowerShell Content to monitor User action Mail flow actions contains Credit cards EU debit cards

11. Transport rule conditions DLP specific action – Policy Tip Exceptions DLP specific condition Transport rule actions

14. Countr y PIIFinancialHealth US US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Australia Drivers License, Passport, Social InsuranceCredit Card, Bank Account, Swift Code

15. Integrated into Exchange Transport Rule (ETR) engine Runs in categorizer during OnResolvedMessage Integrated as a new ETR Predicate Performs text extraction for body & attachments followed by classification Can be combined with any existing Predicates & Actions Text extraction Transport rule agent Classification

16. Content analysis process Examples Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 Get Content 4485 3647 3952 7352  a 16 digit number is detected RegEx Analysis 1.4485 3647 3952 7352  matches checksum 2.1234 1234 1234 1234  does NOT match Function Analysis 1.Keyword Visa is near the number 2.A regular expression for date (2/2012) is near the number Additional Evidence 1.There is a regular expression that matches a check sum 2.Additional evidence increases confidence Verdict

18. Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors... Get Template Content 1.Condensed representation of the hashed template content 2.Stored as a custom sensitive information type Create Fingerprint CONFIGURATIO N CLASSIFICATION RULE with FINGERPRINT 1.Add fingerprint to policy rules together with other conditions 2.Map to desired actions Refernce in Policy Rule

19. Fabrikam Patent Form Tracking Number 12345 Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy... Get Email Content 1.Temporary in memory representation 2.Used for comparson with source fingerprint created at config time Create Fingerprint 1.Compare the two fingerprints 2.Evaluate a ’containtment coefficient’ to declare a matcb Verdict RUNTIME POLICY RULES REFERENCES TO PREVIOUSLY GENEATED FINGERPRINTS FINGERPRINT GENERATION Evaluation + verdict

20. Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors... Get Template Content 1.Condensed representation of the template content 2.Document is not stored 3.Stored as a sensitive information type Create Fingerprint Fabrikam Patent Form Tracking Number 12345 Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy... Get Email Content 1.Temporary in memory representation 2.Used for comparson with source fingerprint created at config time Create Fingerprint 1.Compare the two fingerprints 2.Evaluate a ’containtment coefficient’ to declare template contained in email content Verdict CONFIGURATIO N RUNTIME CLASSIFICATION RULE with FINGERPRINT GENERATION Evaluation + verdict

21. b-Bit Minwise Hashing INPUT TEXTThis is a test. I love DLP and Fingerprinting. STEP 1 Break into Shingles of length 2 This isIs aa testtest II LoveLove DLPDLP andAnd Fingerprinting 64 bit hash value of the shingle (e.g., This is  1010101010101110100111000111) Hash 1 (universal hash function) Hash 2 (hash function with random dispersion) STEP 2 Convert to a 64 bit value (hash it!) STEP 3 Map the 64 bit value randomly to 1024 other 64 bit values STEP 4 Reduce each 64 bit value to a 16 bit value (LSB Mask) Apply a 16 bit mask

22. Empower users to manage their compliance Contextual policy education Doesn’t disrupt user workflow Can work even when disconnected Admin customizable text and actions Outlook OWA User education

25. Deep content analysis engine 46 OOB sensitive information types 40 OOB DLP Templates Support for 3rd party defined DLP policy templates Policy Tips in OWA and Mobile OWA Advanced Document Fingerprinting in Exchange, Outlook, and OWA 5 new OOB sensitive information types Policy Tips in Outlook 2013 Contextual user education and empowerment Incident management Rich reporting

26. Classification integration with SharePoint through FAST index demoed at SPC keynote [Feb]

27. Q&A

28. Appendix

30. Audit data Classification Rule details

31. Comprehensive view of DLP policy performance Downloadable excel workbook Drill into specific departures from policy to gain business insights

33. Customizing Your DLP Deployments Identify Protect Monitor End user education Custom policy templates Tuning of built-in types Custom sensitive types Real-time incident reports Policy rule reports Policy audit mode Flexible policy authoring system Rich policy conditions and actions End-user false positive reporting Configurable end-user education content

34. Plan Start with built-in templates to assist meeting your business or regulatory requirements Customize policy rules, sensitive types and scope Target a pilot group of users Tune Set policies to test and notify modes Enable incident reports to assess impact of rules Tune based on false positive reports and hit rates Enable Switch policies to enforce mode Continue to tune based on report data trends

35. Customize Policy Tip messages Messages for notification, block and override can be customized. Customize link for user education Specify an internal URL with company policies around handling sensitive content. Custom classification rule names are displayed here.

36. Custom DLP content: Supplemental DLP policy templates Supplemental DLP classification rules Incident reports integration with custom workflows Custom agents for additional conditions and actions Custom reporting solutions E.g. MessageStats Business Insights from Dell

37. Exchange 2013 DLP introduction http://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspx http://technet.microsoft.com/en-us/library/jj150527.aspx DLP policy templates http://technet.microsoft.com/en-us/library/jj657730 Managing DLP policies http://technet.microsoft.com/en-us/library/jj673559 OOB DLP policy templates http://technet.microsoft.com/en-us/library/jj150530 Policy tips in Exchange 2013 http://technet.microsoft.com/en-us/library/jj150512 Supported file types http://technet.microsoft.com/en-us/library/jj674307 MessageStats Quick Guide http://mbidemo.quest.com/Insights/#page/home

38. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.