- Awesome, so I'll go ahead and get started this afternoon
to talk to you about protecting your sensitive information
in Office 365 with Data Loss Prevention.
My name is Mas Libman, I'm on the Office 365 Product Group
where I work on a variety of different solutions
that are intended to help you
protect your sensitive information,
keep it secure and ensure you have control
and visibility of that content as it roams into the cloud,
and as you store it and keep it safe in Office 365.
Now as most of you are at a security conference,
you probably have a lot of familiarity
with the fact that information,
it's difficult to control, it has a life of its own
and leaks ultimately happen.
And quite frequently, the leak of that sensitive information
happens in an inadvertent way,
meaning many times that sensitive information that you have
is inadvertently placed somewhere where it shouldn't be
or an uneducated user shares or uses it
in a way that they shouldn't have.
And so it's important that you have those controls
so that you can make sure that your users understand
when they should be using that sensitive information,
where it's safe to share.
And I'll show you a couple of ways that our DLP solution
can help empower your end users to keep that content secure.
And over the last year we've invested
in a variety of different capabilities within Office 365 DLP
from some additional insights that help assure
your content is safe, even if you don't know
where that content may reside,
it'll help inform you that that information
is stored up there.
We've also provided a bunch of different tools
to help you remediate incidents
as you find or discover them.
And then of course, we understand that
information doesn't just only live within Office 365,
it often roams outside of your circle of trust
and so it's important to make sure that
that information remains secure, even outside of Office 365.
Now that's where within Microsoft
we have the Microsoft Information Protection umbrella
of technologies and capabilities that we provide
that are intended to help you protect that information
as it roams and used across, whether it's
our Office cloud or a third party cloud
such as Box or what not.
For today, I'm gonna zoom in really quick here
to the Office 365 solution, and our integration with
Office Client applications
and how you can inform your users
about that information that they're sharing.
And actually rather than show you
a bunch of different slides and what not,
I'm actually gonna switch on over
and show you what an end-user experience looks like
when they're using sensitive information.
And I'm gonna go ahead and switch on over
to my Desktop here, where I'm logged in
as a User in Office 365.
And my organization has put into a place
a variety of different DLP policies
that are intended to help make sure I use that information
in a proper way, that it's compliant with my
organization's security requirements.
And so in this case, I have a OneDrive for Business folder.
I have a bunch of different sensitive information
that's been stored and shared in there.
And actually you can see on some of these
there's a little overlay icon
that indicates something of interest
relating to these different documents.
And if I select this document,
I can see that it's been shared with somebody outside my org
but it has this interesting icon on it.
This icon tells me,
hey there's a problem with this document.
It's subject to your organization's
sensitive information policy, and it tells me why.
Well it's been shared with people outside my organization
and it has credit card data in it.
Now in this case, my organization has put into place
a policy that makes sure credit card information
isn't shared improperly.
And in this way, not that when I'm in my,
in OneDrive as I share that content,
my organization's security policy
is now right in front of me
informing me about the impact of that policy,
where it's safe to share that information.
And in this case, we're just warning the user,
we're just telling them that that information
it may not be shared with the appropriate user
so that that user can take an educated decision
to un-share that content or to tell their admin
that it was an appropriate use
of that sensitive information.
Now of course, when a user shares that information
it's also a very powerful way.
Oops, didn't mean to open that document.
It's also a very powerful way for you to
help inform your users and help educate them
when their sharing of sensitive data,
their collaboration outside of your organization is secure.
So I'm gonna go ahead and just click a quick example here.
What I've taken is another file that I have in my OneDrive.
In this case it contains some transaction data
and some credit card data.
And I'm gonna go ahead and share it with an external user.
There we go.
Spelled incorrectly, but nonetheless
it's still an external user.
And here you can see right within this shared dialogue,
right within OneDrive,
there's a policy tip that's informing me
that the information that I'm trying to share,
it contains sensitive information,
I can't share it outside my organization.
And if I click that view tip,
I actually see that exact same information
that I saw previously on another document
that tells me why I can't share it.
In this case, I can't share it
because it contains credit card data.
And there's also some additional controls
that we give to the end user to help empower them
as they're sharing that sensitive information.
For example, they can report this as a false positive
so that your IT staff, your administrators
as they're managing the policies in your organization,
they understand that there may be an issue.
They want to go fine tune that policy
and un-exempt this particular case.
In this, there's also an ability
if the organization allows it,
for the user to override that block.
And so in this case what's happened is
is the admin put a policy in place that says,
"My users can't share sensitive information
"outside my org, except I'm gonna give them an out.
"I'm gonna let them override, but if they override
"they have to give me a business justification."
And so right here, in context
as I'm trying to share that information
I can actually type in the reason.
This is a business partner, so they need to see the info.
And then in realtime, I can override this policy.
And what's actually happened on the backend
is there's a report that gets generated,
there's an audit trail that's available
that will inform my admin that somebody overrode my policy.
But at the same time, me as an end user
I'm empowered to go continue to do my job.
I'm not confused or don't understand
why I can't go share that information.
I don't have to go Help Desk
and incur all the costs related to
calling a Help Desk technician
and having somebody investigate the issue.
All of that end-to-end is right now encapsulated
and empowering your end user,
so they no longer have that confusion
around why that may not be the case.
And you as an IT admin, have the control
to say when your users can share that information
or when are they allowed to override or not.
And what's really powerful about Office 365 DLP
and those policy tips, is they're uniform and consistent
regardless of where the user is sharing that data.
So now I'm gonna switch over, I'm that same user.
I've got some sensitive information
I've prepared to send to somebody.
And in this case I have it all pre-canned
to kind of help package this up.
But here you can see, I have an email message.
I've placed a bunch of credit card data already in it.
And right here at he top I can see a similar notification.
This time it's packaged in a way
that's consistent with Outlook, Outlook's UI
kind of the way they show notifications to a user.
But the information here is all the same.
And so for example, I can see the reason I can't share this
is because it contains credit card information
and I have the same ability to report it as a false positive
that it appears in your Admin reports and everywhere else,
so that you have visibility to when those happen.
And similarly, I can actually override this.
And as before, right within context of my email application.
And this is a consistent experience
whether you're in Outlook or Word or PowerPoint or Excel.
The user has a consistent way
that they can sort of interact with the system,
understand how they're being protected
but also empower them to continue to
share that sensitive data.
So is another business partner.
So once I click override, again that gets recorded.
I can send that message and now it'll arrive
to my intended recipients, and I can go upon my merry way.
Now behind the scenes, as DLP is running
if you're an end user and you happen to take an action that
impacts a policy in your organization,
you do have a way, those notifications
don't just live within the applications.
There's actually email notifications
that help inform your users.
And I have an example here that actually just got triggered
when I shared that sensitive information.
And I'm gonna go ahead and see if I can open that up for you
full screen, so you can see the detail there.
And in this case, this is actually very similar
to the one that we use inside of Microsoft,
where our IT staff has customized the message
with just normal standard HTML
that you can use to customize this message.
But they've used it to really provide the end user
with a contextual experience about the violation
as well as sort of geared to Microsoft,
or in this case Contosso's organizational policies.
Links to find more information
about the policies and what not.
But what's super cool about these notification messages
is of course that we have some built-in templatized data
that you can use to insert into those messages,
so that your users have a little bit more context
about this actual violation,
it's not just a blank template that everybody gets.
So you can see in this case, the same message that I saw
right in OWA, right in Outlook, right in SharePoint
where this message was sent to people
outside the organization, it contains sensitive information,
credit card data and actually a copy of the message
has been attached to this.
So if I did something wrong,
if I want to go investigate it further
I can crack it open and take a look right away.
Now that's sort of the end user experience
when they're using sensitive information
that's been protected in Office by Office 365 DLP.
Now I'm gonna switch on over
and show you what that admin experience looks like.
And I'm starting off from what is
the Office 365 Security and Compliance Center.
Now if you open up the,
what we collectively call the Waffle over here
you'll see that there is a security and compliance icon.
Now this is your one stop shop for all things
related to security and compliance in Office 365
as well as Microsoft 365.
And so what I've done,
I've actually customized this homepage
so it's geared to me as a DLP admin
and the things that I care about.
I have a couple of different insights into some alerts
that may have been happening in my organization.
Unfortunately as a test tenant, or a demo tenant
I haven't generated enough hits
to make those graphs look terribly exciting,
but ultimately these will inform me about
what is the activity of DLP in my organization.
How many messages or documents are getting protected?
How many users are overriding them
or indicating that it was a false positive?
And I can drill in to each of those and really find out
specifically about what and why that information was shared,
and make sure it was an appropriate use.
Now to make all that happen
you first have to create a DLP policy.
So what I've done here is I've zoomed in,
I'm in the DLP node in the Security and Compliance Center.
And here I have a bunch of different policies
and many of these are actually the ones
that were protecting the content that I just showed you
a couple of minutes earlier in SharePoint and OneDrive.
I'm gonna go ahead and create a new policy
so you can understand at least
some of the controls that we have there.
Now within DLP we provide about 85, 90
built-in sensitive types for common kinds of PII data,
financial data, things like credit cards,
social security numbers, IP addresses and what not.
A whole bunch of different data types
for common kinds of sensitive information.
And then we package those into a template.
So for example, if you have a given financial regulation
or medical, or privacy related regulation or control
that you want to put in place,
we've made it an easy starting point
for you to go ahead and start to protect that data.
I'm gonna go ahead and choose the HIPAA template
that we recently updated, just to show you
some of the ways that these policies work.
So in this case I can see
that this policy is gonna look for PII data
as well as medical terms,
and help inform me and help keep that data protected.
That's a very common way
for HIPAA information to get shared.
I'm trying to dismiss this wonderful, there we go.
That's a common way for HIPAA information to get shared.
HIPAA isn't a strongly typed ID,
it's not like a credit card number
where you can send that number through a checksum
and make sure it's actually a credit card number.
So we use a combination of different heuristics
to really match that data, and make sure it's
a medical document or something
that's likely subject to HIPAA.
Now when you turn on a DLP policy,
you get to decide where you want to protect that content.
By default we make it easy for you to protect everywhere,
but of course you can zoom in
and choose the specific locations.
You can choose to protect everybody in your email,
all the email in your organization
or you can scope that to specific groups
or exclude different groups.
And similarly for SharePoint and OneDrive,
you can choose to protect all of your organizations,
you can make this an org-wide policy
or you can apply this to certain users' OneDrive accounts,
or to specific SharePoint portals
that you use for external collaboration.
So you really have the fidelity here
to choose where that content is protected,
where that policy is running and protecting that content.
Now, not shown here, but something
that we're working heavily on
is of course additional workloads in Office.
For example, support for Teams, Skype conversations,
and a variety of different ways
that information gets shared.
Actually due to the way that Teams store its documents,
if it uses SharePoint and OneDrive on the backend,
so if you have a DLP policy in place
to protect those SharePoint sites
or those OneDrive locations, DLP is actually already
protecting that content that you're sharing over Teams.
Now once you've chosen
where you want that information to be shared,
you can choose the specific criteria
that this policy uses to detect that information.
So for example here I can see
that this is looking for PII terms and medical terms,
and if I click Edit, I can actually zoom in and see
the specific context that this policy is looking for.
The combinations of data,
the accuracy that it's looking for within that data.
Is this a loose match or is this a very high accuracy match?
And I can actually fine tune this if I'd like.
I can choose a different confidence level
if I'd like to have a much more stringent match
of for example, a social security number
or I could add additional types of sensitive data,
or I could even use labels
as another way for me to trigger content.
So now something that you're familiar with,
Azure Information Protection
where when you're offering documents
in Word, PowerPoint or Excel
and your users start labeling that content
as confidential, highly confidential, personal,
whatever your organization needs,
you'll be able to extend that and monitor for that
and actually put in additional controls in Office 365 DLP
so that you can assure that content
again, is shared in the proper places
and that you have visibility
into where and how it's being shared.
Now within the policies, you have a whole bunch of control
around what the specific criteria that you're looking for.
As I mentioned, you can create groups of different content.
In this case we're actually looking for any term
that's a PII identifier, in combination with a term that's
in one of our large dictionaries of medical terms.
And if we find that, we'll trigger a match for this policy.
And if I'd like, I could actually add
additional sensitive types, and really quick you can see
that we have a whole bunch of different ones
that we include out of the box.
And it's not letting me scroll at the moment.
And you can also upload and import
your own custom sensitive types.
So if you have your own business ID,
your own formatting of data, your own patent records
and different heuristics that you want to use,
you can import those into the system
and use them in combination with our sensitive types,
you can replace our sensitive types.
So you have the full flexibility there
to choose how you want that to be invoked.
Actually I'm gonna cancel out of these saves
so I can show you the next step.
Once you've configured a policy on the criteria,
the context when you want this trigger to apply.
In this case, I'm only going to tell my users
when they're sharing this data outside.
I don't want to nag them or bother them
when they're just using it in a day-to-day
and they haven't been sharing it.
And now I can choose what is that interface
that I want my users to see.
Do I want to educate them
and tell them about this organization's policies?
That's through this, the policy tip.
And I can fully customize who sees that policy tip
as well as what appears in the policy tip.
You can customize the email text that I showed you earlier
as well as that tip that appears right in the UI
in Outlook, in OWA, in SharePoint
so you can give them a very appropriate message
based upon the language your organization uses
and the way you talk about your sensitive data.
You can of course turn on additional controls,
you can send admin alerts
so that your admin can be notified
when sensitive information has been shared.
And you can choose who receives that alert
as well as what appears in the alert.
So in this case we've included
all of the different sensitive information that's included,
but you can fine tune what type of PII data
do you want your tiered investigators to look at.
Do you want to give them a copy
of the content that was shared
or do you just want to tell them a little bit about
the sensitive information
that may have been in that document?
And then of course, last but not least
you can choose to put in those enforcement blocks.
Block the user from sharing the content,
don't let them share it.
And that's where for example,
here you can choose what is the scope of who gets blocked.
Do I want to block them from sharing with anyone
or just people outside my organization?
Do I want to empower them to override that?
Do I want to trust them that they know what they're doing
but I don't want to get in their way?
And of course.
What constraints do you want to put around that override?
Do you want to require a business justification?
Do you want to make it easy
if they happen to report it as a false positive?
You can automatically override that.
And ultimately when you,
these controls are what enforces that experience
as they're in Word, PowerPoint, Excel,
all the different Office client applications.
But at the same time, we always have server-side
analysis and enforcement.
So even if your users happen to be in a version of Outlook
that doesn't have our policy tip enforcement,
or they happen to figure out a way
that they think to bypass our system,
our service is always running,
always checking for those different things
and informing you when that detection may have occurred.
Now when you turn on a policy
you have a couple of different controls that you can choose.
One of the really powerful tools that we have
is our Test Mode, and what's great about this
is you can actually turn on this policy
and get a what if, what would I, how bad is the situation,
where is that sensitive information getting shared,
without impacting anybody, without blocking sharing,
without starting to warn users about
something that they're not ready to contend with.
So you can put this into Test Mode
and really get a sense of what is the lay of the land.
And then slowly turn on that enforcement
and that protection as you fine tune the policy
and you scope it to the exact
types of matches that you want.
Now before we wrap up here,
I just want to switch on over and show you
what some of that admin experience looks like.
So you as an admin, as your users are sharing that data
and as I mentioned earlier there's a,
I shared some sensitive information
that triggered an alert that my admin wanted to know about.
There's a couple of different ways
that those can appear in the experience.
And I'm trying to open one right now.
So for example.
Just trying to find the notification that I wanted.
So in this example, I've taken some content.
This happened a couple of months ago
but ultimately this is similar to what you would see
when a user shares content, you'll get an alert
and it'll tell them about that information,
about the information that was shared.
All the context around where it was shared,
the location that it was shared from,
the type of data that was in it.
And so all that information is now available
in this email alert, so that you can
understand if it was an appropriate use of that information
or if it was perhaps a violation
and you should go follow up with the user
and go investigate.
Now if you happen to have our alerting feature,
you can also turn on DLP triggers for those alerts,
and what will happen then is
for example, if your admin will receive
a slightly different way that those notifications happen.
For example, in this case you'll notice that the
formatting of this email looks a little bit different.
There's slightly different information that's available.
I can see that there was a DLP policy match,
it was a low severity, this triggered my policy
because it had some sensitive data
but I need to go click investigate
to go find out a little bit more about that.
And what's great about that is that
it brings you into the Security and Compliance Center.
And I'm gonna go ahead and show you where that takes you.
And what you'll get is,
it'll take you right into the alert in Office 365
in the Security and Compliance Center,
about that given violation,
about the content that was shared
as well as what actions were taken,
what was the severity of the alert.
And there's some actions that you can now take.
You can start to investigate it, you can track it,
you can state oh this was a false positive.
And so you can now record that if it comes up again,
you can go see that this was a false positive
and that's all recorded and available for you,
available for you to track over time.
So if you happen to come back to this document,
come back to this investigation
you'll see right in the text here
there's some comments that I've left about that.
And again, if you're on the alerting dashboard
you'll see there's a variety of different ways
that the alerts are surfaced.
You have some customized ways
to really surface the fact that
these events are happening in your organization.
And we have a rich set of reports
that show you that activity.
And I'm just gonna click on in very quickly
and show you what that looks like.
Now this is the reporting homepage
which shows all of the different reports
across the Security and Compliance Center.
I'm gonna zoom into the policy match report that I have here
and what this will show me here in a moment
is an activity graph.
What were the types of activities and actions
and different policy violations
that may have occurred in my organization?
And I have the ability to scope this to a specific policy
so I can investigate a very unique, different circumstance.
I can scope this to specific surfaces or different actions.
So for example, I can scope this
to only the cases where the messages were blocked
or where the user overrode the violation.
And then of course we have what are called
insights and recommendations.
So in this case, one of the insights has noticed
that there's a repeat user
that's been violating this policy.
I can actually click in, and this is gonna tell me
a little bit more about well who is this user, me.
And I've been repeatedly violating this policy,
I may want to go take a look and investigate,
make sure that they're educated
on our organization's policies.
And again, we have a variety of different
insights and recommendations that we're surfacing here.
This is just one example, and there's a whole bunch
that we have coming on our roadmap.
I'm about at time here, so I think I'll wrap up.
I will be at the Information Protection booth
that's right behind me here, from about three to six
both today and tomorrow, if you'd like to drop on by,
have some specific questions about Office 365 DLP
or how we interact across the Azure and Microsoft ecosystem.
By all means, come on by and great to hear your questions
and hear your feedback.
Thanks.
For more infomation >> Gutfeld on whether CNN's news makes you sick - Duration: 6:02. 
Không có nhận xét nào:
Đăng nhận xét