Emma Aubert

Information Protection CxP Team

http://aka.ms/MSFTSecDay2017

What do we mean by “Information Protection”?

MICROSOFT’S INFORMATION PROTECTION SOLUTIONS

help you protect sensitive data throughout its lifecycle – inside and outside the organization

IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER

devices datausers apps

On-premises

On-premises

What we hear …

“Our organization is moving to Office 365; We have to

identify & protect data before it leaves to the cloud”

“We need to prepare for EU-GDPR (or other) compliance,

and need to identify, monitor and protect PII”

“We have to educate our information workers to understand and adhere to the business information protection policy”

“We share information with external parties.

We have to control the way shared data is used”

I n f o r m a t i o n p r o t e c t i o n

Ensure documents and emails are seen only by authorized

people

Azure Information Protection

Office 365 Data Loss Prevention

Windows Information Protection

Microsoft Cloud App Security

Office 365 Advanced Security Mgmt.

Microsoft Intune

DOCUMENT

TRACKING

DOCUMENT

REVOCATION

Monitor &

respond

LABELINGCLASSIFICATION

Classification

& labeling

ENCRYPTION

Protect

ACCESS

CONTROLPOLICY

ENFORCEMENT

CLASSIFY DATA – BEGIN THE JOURNEY

SECRET

CONFIDENTIAL

INTERNAL

NOT RESTRICTED

IT admin sets policies, templates, and rules

PERSONAL

Classify data based on sensitivity

Start with the data that is most sensitive

IT can set automatic rules; users can complement it

Associate actions such as visual markings and protection

Reclassification

You can override a classification and optionally be required to provide a justification

Automatic

Policies can be set by IT Admins for automatically applying classification and protection to data

Recommended

Based on the content you’re working on, you can be prompted with suggested classification

User set

Users can choose to apply a sensitivity label to the email or file they are working on with a single click

Labels are metadata written to documents

Labels are in both clear text so that other

systems such as a DLP engine can read it

and a hash of policies, rules and user

information

Labels are persistent and travel with the

document

User awareness through visual labels

LABEL DATA BASED ON CLASSIFICATION

%##&$^#*!~@&

FINANCE

CONFIDENTIAL

%$^#*@&

VIEW

Protect data needing protection by

Encrypting data

Including authentication requirement and a definition of use

rights (permissions) to the data

Protection is persistent and travels with the data

PROTECT DATA AGAINST UNAUTHORIZED USE

EDIT COPY PASTE

Email attachment

FILE

ROAD TO SHARING DATA SAFELY WITH ANYONE

Share internally, with business partners, and customers

Bob

Jane

Internal user

*******

External user

*******

Any device/ any platform

Roadmap

Sue

File share

SharePoint

Email

LoB

MONITOR AND RESPOND

Monitor use, control and block abuse

Sue

Joe blocked in North America

Jane accessed from India

Bob accessed from South America

MAP VIEW

Jane blocked in Africa

JaneCompetitors

Jane access is revoked

Sue

Bob

Jane

MICROSOFT’S INFORMATION PROTECTION SOLUTIONS

Comprehensive protection of sensitive data across devices, cloud services and on-premises

environments

UNIFIEDNATIVE ANYWHERE

•

BETTER USER EXPERIENCE & INTEGRATION INTO OFFICE NATIVE CLIENTS

Now:

Delightful labeling experience – for everyone!

- Simplified interface for information labeling

- More robust content matching engine

Medium & Long term:

Integration into native Office clients:

- Starting with Word, Excel and PowerPoint for Mac

- Full Office for Mac

- Office web apps

- Office for iOS & Android

- Office for Windows

NATIVE

UNIFIED WITH OFFICE INFORMATION PROTECTION & AZURE AD POLICIES

Now:

Unified information types for Office DLP & AIP (80+ types)

Short term:

SharePoint sync client support for encrypted files

Enforcing Conditional Access for protected data

Medium & Long term:

Unified Information Protection policy for Office DLP & AIP

- Unify label management

- Unified labeling experience in Office clients & SPO/OD4B

- Unified classification policy

UNIFIED

CLASSIFY, LABEL AND PROTECT FILES ANYWHERE

Short term:

Classify, label and protect data at rest

Label and protect data across cloud applications

Medium & Long term:

Multi platform SDK for labeling and protection – anywhere

Central logs, analytics and reports

ANYWHERE

•

AZURE INFORMATION PROTECTION CLIENT

• Now• Office support (Word, Excel, PowerPoint, Outlook)

• AzIP for mobile app – enable protected files and mail consumption for non enlightened formats/apps

• Justification on reclassification

• Cloud based service

• Key management – MS managed, BYOK, HYOK (preview)

• Classification automation by content

• Secure Email

• Scanner

• Native labeling experience in Word,

PowerPoint & Excel on Mac, iOS, Android

and web apps

• Native labeling in Outlook on Mac, iOS,

Android and web apps

• DLP triggers based on labels

• Office 365 message encryption (GA)

• Azure Information Protection convergence to

80+ sensitive information types used in Office

365

• Azure Information Protection scanner for on-

premises file shares (preview)

• Microsoft Cloud App Security label and protect

Office files in cloud apps (preview)

H1 CY18H2 CY17

LOOKING AHEAD

GET STARTED TODAY!

Maximum

Results

Faster Deployment

HigherAdoption

Two great resources to help you get started:Customer Experience Team (CXP) aka.ms/aipyammerFastTrack fasttrack.microsoft.com

Also …

Fantastic Docs

Quick Start Guides

EMS Trials

5 STEPS PROGRAM

Best Practice - Start small, do it now, and move quickly

1. Classify Take simple steps, it generates high-impact quickly (ie.‘Do Not Forward’ for HR and Legal)

2. Label Test, phase the roll out, and learn – IT can’t know it all

3. Protect Control sensitive internal email flow across all PCs/Devices

4. Monitor ‘Share Protected’ files with business partners (B2B)

5. Respond Teach and enable users to revoke access

Use case definition

User Coms, help desk prep & refine use cased

User Coms, help desk prep & refine use cased

User Coms, help desk prep & refine use cased

3 Months

AIP CLASSIFICATION PROJECT HIGH LEVEL

Yammer @ https://www.yammer.com/AskIPteam

User voice @ https://msip.uservoice.com

Technical Documentation @ https://docs.microsoft.com

For questions email AskIPteam@Microsoft.com

IT Pro Blog @ https://aka.ms/AIPblogs

Download @ https://aka.ms/AIPclient

Product page @ https://www.microsoft.com/en-us/cloud-platform/azure-information-protection

Q&A

© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.