risk: got anything to worry about? you probably don’t need to be here if
TRANSCRIPT
O365 ComplianceSara Manning DawsonSanjay Ramaswamy
OFC-B232
AGENDA
Risk, and how we can help
Data Compliance • Archive and Retention• EDiscovery
Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting
AGENDA
Risk, and how we can help
Data Compliance • Archive and Retention• EDiscovery
Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting
Risk: Got anything to worry about?You probably don’t need to be here if
The country you live in has no laws. Neither does the state, province, county, or municipality.
No one in your organization communicates with anyone, ever.
Every member of your organization is perfect. They know exactly what to do all the time, and do it.
..
“I want to make sure we’re doing the right thing”Help me respond to this lawsuit
Average number of active lawsuits for $1B+ companies: 147$1M Average per case cost to find and cull evidence
I’m regulated. Help me know and show we are doing the right thing
Help me enforce internal policiesStandards of Business Conduct, Confidentiality, Financial Integrity, Anti-Corruption…
10%28%
62%
Size of Regulated Orgs<50
50-1000
> 1000
28%72
%
Regulated?
No
Yes
PIIHIPAA, PCI DSSGramm-Leach-Bliley
Also ITAR, NASD, UK FSA, ABI, ISO9001, Sarbanes Oxley, Magdelina, FINRA,, SEC, DODD FRANK
Subpoenas
Regulations
and Law
Internal Policy
Bring the data homeIngestion
Migrations from third party stores, more formats
Go Big, Go Fast, UnifyOne Compliance Centre,
Scale,
Compliance RoadmapBuilt in (not bolt on) Compliance for Office
In-Place Archiving
Unified Experience
Extensible Platform
In-PlaceImmutability and in-place
search, preservation, deletion
eDiscovery and Compliance
Immutable
ExchangeLync
File shares
Immutable
SharePoint
Bloomberg
Immutable
Exchange Lync
3rd Party Archives
File SharesImmutable
SharePoint
Immutable
Exchange
Immutable
SharePoint
eDiscovery and Compliance
EncryptAudit Archive Discover DLP Preserve
eDiscovery and Compliance
EncryptAudit Archive Discover DLP Preserve
eDiscovery and Compliance
EncryptAudit Archive Discover DLP Preserve Delete
How we plan to get there
Build compliance into Exchange and SharePoint
Index or Ingest to extend beyond these workloads
Unify compliance experience and configuration across the suite
Exchange
SharePoint
OthersTraditional
Archive
eDiscovery and Compliance eDiscovery and Compliance
EncryptAudit ArchiveDiscover DLP PreserveDelete
BloombergImmutable
Exchange Lync
3rd Party Archives
…Immutable
SharePoint
AGENDA
Risk, and how we can help
Data Compliance • Archive and Retention• EDiscovery
Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting
Today: Archive
Exchange In-Place Archive
Outlook OWA
Retain folder hierarchy
Primary
Immutable
Deletions
Inbox
Purges
Versions
Audits
Deleted Items
…
Archive
Immutable
Deletions
“Inbox”
Purges
Versions
Audits
…
User A
… …
Today: MRM to Delete risky or unnecessary data
Specify default policies and tags available for users to classify their folders or items
Exchange Deletion Policies SharePoint Document Deletion Policies
Define central policies
Assign policies to Site Collection Templates or individual Site Collections
Today: Preservation to keep important data
Exchange Preservation SharePoint Preservation
Exchange Preservation Architecture
Mailbox
Recoverable Items
Deletions
(1) Message delivered
Deleted Items
Inbox
…(2) Message deleted by User
(3) Message eliminated by User
(4) Messagepurgedby userOr Deleted ItemRetention Period expires for that item
Depending on Hold type, items are preserved or
removed
Mailbox
Recoverable Items
Deletions
(1)Message delivered
Deleted Items
Inbox
…(2) Messagedeleted byUser(3) Message eliminatedby User
(4) Message purgedby user Versions
PurgesGone forever
Versions
Purges
DiscoveryHolds
Audits
Delete Hold
Lync Preservation User A Mailbox
Recoverable Items
Deletions
Deleted Items
Inbox
Versions
Purges
DiscoveryHolds
Server side archiving
All Lync modalities captured (PC, mobile, web, OWA)
User A on hold
Hold state synced
Lync archives content into Exchange mailboxes when user is on Hold
Includes instant messaging and meeting content
Preserve data belonging to users no longer with the companyFully available for eDiscoveryAvailable for free! 2 simple steps to an Inactive Mailbox:1. Place mailbox on Hold (Litigation or In-Place)2. Remove user from Office 365
• Mailbox is now an Inactive mailbox
Read more at: http://aka.ms/inactivembx
Inactive Mailboxes
Preserves DL expansion info In-Place, at message send point in timeDL expansion info fully available for eDiscoveryRemoves the need to journal to third party archives Now available in Office 365, and in upcoming Exchange Server 2013 CU7Partners now integrating with this featureRead more at: http://technet.microsoft.com/en-us/library/dn770225(v=exchg.150).aspx
Announcing: In-Place DL Expansion
• Ingestion• Public Folder Hold• Unified Preserve/Delete
experiences• And more…
Future: Archiving
AGENDA
Risk, and how we can help
Data Compliance • Archive and Retention• EDiscovery
Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting
Identify and Preser
ve
Search and
Process
Review
Produce
eDiscovery Overview
Volume Relevance
147 Average number of active lawsuits for $1B+ companies
$1M Average per case cost of eDiscovery
Today: Multi-Mailbox Search in EAC
• Built on FAST mailbox indices• Provides Search, Hold and Export
Today: Discovery in Sharepoint
Preserve data for legal purposes
Support for eDiscovery across Exchange, Lync and SharePoint
Search and export data
Add mailboxes, SharePoint sites and file shares
Hold Capabilities
22
Mailbox: John Doe
Mailbox: Jane Doe
Mail Items Query: SpaceX
Conversations Query: SpaceX
Site: SpaceX
Site: Owner: John Doe
Content: Query: SpaceX
Attorney Discovery Center
Hold: “SpaceX”
Exchange 2013
Lync 2013
SharePoint 2013
Easy: download from SharePoint, Exchange, and file shares whether on premises or in Office 365 all at once
EDRM XML Support: growing industry standard for data interchange, import into popular review tools
Take it offline: Native files, PSTs, pages as .MHT, lists and feeds as .CSV
Export Capabilities
EDiscovery Demo
• Scale and Performance• Search and Comply
Future: Discovery
FFO/EOP
UCC – eDiscovery console
Policy Store
Policy WebService
Policy cmdlet
eDiscovery Results Sync Process
Policy DAL
eDiscovery cmdlets
eDiscovery DAL
Workload (Exchange)
Backend Backend
Arbitration Mailbox
(per tenant policy store)
eDiscovery Results Store
(per tenant)
eDiscovery Results Service
Policy Sync Service
Backend 1
Backend N
DAR Exchange
Search Tasks
3rd Party Data Sources
…
Federated Query Infra
Workload (Sharepoint)
Backend Backend
Policy Store(per tenant policy store)
eDiscovery Results Store
(per tenant)
eDiscovery Results Service
Policy Sync Service
Backend 1
Backend N
DAR SPSearch Tasks
Discovery Store (Aggregated result counts,
metadata, case management etc)
AGENDA
Risk, and how we can help
Data Compliance • Archive and Retention• Ediscovery
Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting
Content analysisGet ContentRegex AnalysisFunction AnalysisAdditional EvidenceVerdict
Policy TipsOutlook and OWA
Document FingerprintingProtect intellectual property like patents, company confidential information, and other standardized form content
DLP in O365
Recognized Content Country
PII Financial Health
France
EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
US HIPPA, UK Health Service,Canada Health Insurance card
GermanyEU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC,Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
Canada PIPED Act,Social Insurance, Drivers License
Credit Card, Swift Code
US US State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Australia Drivers License, Passport, Social Insurance
Credit Card, Bank Account, Swift CodeBeyond Regulations and Law:• Prevent inappropriate content from entering or leaving• Limit the interaction between specific recipients and senders (ethical firewall, school
bully).• Apply disclaimers to messages as they leave
Encryption in O365
OME
IRM (RMS)Prevents sensitive information from being printed, forwarded, or copied by unauthorized people inside the organization
S/MIMESign and encrypt messages to users using certificates
Encrypt messages to any SMTP address
Office 365 Message Encryption
Exchange Online
Policy detection and Enforcement
Tenant configuratio
n
O365 User Internet UserSend
Microsoft account/Organization
Account
Mail Reading Portal
Deliver
Post
Microsoft Intune
Mobile Device Management for Office 365
Built-In
Device Management
Conditional Access
Selective Wipe
Built-InMicrosoft Intune
Application Management
LoB app
User-centric approach
Conditional AccessBefore mobile devices can access Office 365 data, they must be enrolled and healthy.
1. A user downloads the public OneDrive app on a personal iPad
2. The user is shown a page that directs them to enroll the iPad
3. The user steps through the enrollment process
4. The OneDrive app is now MDM enabled
5. The user is able to access their OneDrive data
Built-InQ1 2014
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Conditional access control flow
Office 365Users on their devices Azure AD Conditional access control
Report device compliance
Enroll device, evaluate & enforce compliance with
device management policies
Microsoft Intune
Authenticate user and device
IT Admin
Configure device mgmt. and conditional access
policies
Configure device mgmt. and conditional access
policies
Device Polices• Control what mobile devices can connect
to Office 365 Data• Set device configuration policies such as
pin lock• Enforce data encryption on devices
Admin Controls• Built-In management in console and PowerShell• Configure device policies by groups• Product level granular control• Block non-compliant devices, or just report
Device Reporting• Device compliance reports• Mobile usage and trends in our
organization• API support
Device ManagementBuilt-In
Q1 2014
Demo
Device Management in O365
Today: Auditing in O365
Specify criteria such as users to search and then export audit logs
Choose from many reports such as admin actions and non owner access
Exchange Auditing SharePoint Auditing
Audit views, edits, deletes, and searches.
Configure per site collection
Demo
Directory Changes Reporting via Azure
• Unified Logs, Unified XP• Always On Auditing• Better Together: Search,
DLP, MDMFFO/EOP
UCC – Auditing console
Policy Store
Policy WebService
Policy cmdlet
Policy DAL
Workload (SharePoint)
Backend Backend
Policy Store (per tenant policy
store)
Policy Sync Service
Content FE
Content FE
SP Content Front End Node
Audit Storage (EXO)
Audit Long Term Storage
FFO/EOP
UCC – Auditing console
Reporting cmdlets
Reporting UX
Reporting Web Service
ContentBE
SQL
Workload (Exchange)
Backend Backend
Arbitration Mailbox (per tenant policy
store)Local Queue,
Uploader(per BE server)
Policy Sync Service
Backend 1
Backend N
Exchange Auditing Hook
Audit Upload Web Service
Local Queue,
Uploader(per BE server)
Future: Auditing
sharepoint activity individual reportsarchiving
reports
devices
data loss prevention
eDiscovery
retention
Compliance admin center
Jul 7: 9:45 pm
Jul 7: 2:35 pm
Jul 7: 1:00 pm
Jul 7: 10:00 am
Jul 7: 9:30 am
Jul 7: 9:00 am
Jul 6: 10:45 am
Jul 6: 2:45 pm
Jul 6: 9:45 pm
Jul 5: 9:45 pm
Jul 5: 2:35 pm
Jul 5: 1:00 pm
Jul 4: 10:00 am
Jul 4: 9:30 am
Viewed
Deleted
Viewed
Created
Shared
Updated
Shared
Viewed
Shared
Viewed
Deleted
Viewed
Created
Shared
ACTIONDATE
HR.xlsx
ssn.doc
foo.doc
foo.doc
apple.xls
bar.list
X.doc
ssn.doc
x.doc
HR.xlsx
ssn.doc
foo.doc
foo.doc
apple.xls
FILE
Bob Kirsten
Bob Kirsten
George Washington
Howard Gonzales
Isabel Monty
Jay Hammer
Laura Post
Matej Peter
Bob Kirsten
Bob Kirsten
Bob Kirsten
George Washington
Howard Gonzales
Isabel Monty
USER
User or group name File name Event
All search
From date
2014/07/01 11:00 AM
To date
2014/07/07 10:00 PM
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
activity log search Export results
om
om
3 users
Bob Kirsten
2 users
Laura Post
TARGET
sharepoint activity individual reportsarchiving
reports
devices
data loss prevention
eDiscovery
retention
Compliance admin center
Date: Jul 6: 10:45 am
User: Laura Post
Action: Shared
Service: SharePoint
Entity: X.doc and
others
External Access: Yes
Classification: HBI
User Type: User
Modified Property: N/A
Details: N/A
Laura shared X.doc and 19 other docs with an external user
Jul 7: 9:45 pm
Jul 7: 2:35 pm
Jul 7: 1:00 pm
Jul 7: 10:00 am
Jul 7: 9:30 am
Jul 7: 9:00 am
Jul 6: 10:45 am
Jul 6: 2:45 pm
Jul 6: 9:45 pm
Jul 5: 9:45 pm
Jul 5: 2:35 pm
Jul 5: 1:00 pm
Jul 4: 10:00 am
Jul 4: 9:30 am
Viewed
Deleted
Viewed
Created
Shared
Updated
Shared
Viewed
Shared
Viewed
Deleted
Viewed
Created
Shared
ACTIONDATE
HR.xlsx
ssn.doc
foo.doc
foo.doc
apple.xls
bar.list
X.doc
ssn.doc
x.doc
HR.xlsx
ssn.doc
foo.doc
foo.doc
apple.xls
FILE
Bob Kirsten
Bob Kirsten
George Washington
Howard Gonzales
Isabel Monty
Jay Hammer
Laura Post
Matej Peter
Bob Kirsten
Bob Kirsten
Bob Kirsten
George Washington
Howard Gonzales
Isabel Monty
USER
User or group name File name Event
All search
From date
2014/07/01 11:00 AM
To date
2014/07/07 10:00 PM
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
activity log search Export results
om
om
3 users
Bob Kirsten
2 users
Laura Post
TARGET
In the Cloud? Compliance is easy•HIPAA Business Associate Agreement (HIPAA BAA) •FISMA authority to operate (ATO) from a federal agency•FERPA use and disclosure restrictions related to student data •EU model clause addressing international transfers of data•CJIS Security Policy 5.2 requirements met for CA and TX law enforcement•DPA (Data Processing Agreement) to address the privacy, security, and handling of customer data
Supporting Customer
Compliance
• ISO 27001: First major business productivity public cloud service to have implemented ISO 27001 mgmt. controls
• SAS 70 Type I and Type II attestation
O365Accreditations
• Protecting Against Government Snooping: http://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/protecting-customer-data-from-government-snooping.aspx
• Transparency Advocacy: https://www.reformgovernmentsurveillance.com/ • DC Ops Auditing• Numbers of govt requests for data
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/02/03/providing-additional-transparency-on-us-government-requests-for-customer-data.aspx
• Law enforcement requests report: http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
Transparency and Government
Snooping
“We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we challenge it in court. “
OFC-B230 Overview of Security in O365
Track resources
OFC-B312 Data Loss Prevention in O365
OFC-B334 Office365 Compliance and Privacy
OFC-B330 Mobile Device Mgmt for O365
EM-B312 Mobile App Mgmt for O365
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
Developer Network
http://developer.microsoft.com
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
SAMPL
E
TechEd Mobile appPhone or Tablet
QR code
Evaluate this session
SAMPL
E
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Font infoFont, size, and color for text have been formatted for you in the Slide MasterThis template uses Segoe UI and Segoe UI Light, standard fonts included in Windows 7/8If you are running Windows 7 or 8, no fonts are needed. If you are running Windows Vista or earlier, you will need to install Segoe UI Light.
When connected to CorpNet, you can find Segoe UI here: \\showsrus\images\Corporate_Fonts\PC\Segoe UI\Segoe_UI_Font_family
Copy the .ttf fonts into your C:\Windows\Fonts folder