Protect your Data in the

Hybrid Work Era with

Microsoft Information
Protection
Agenda
1. Data protection realities & Microsoft approach
2. Ensuring the correct data classification
3. Keep data secure while keeping up productivity
4. Next steps to get started
5. Q&As
Data protection is top of mind

Work happening everywhere

The volume and types of data are growing

Lots of tools

Complexity of security breaches

Risk of non-compliance with growing regulations

 Protecting and governing
#1 sensitive data is the biggest
concern in complying with
regulations1

of organizations fear
63% data leak/spillage during

Data protection realities the pandemic2

of organizations no longer
88% have confidence to detect and
prevent loss of sensitive data3

1. Microsoft GDPR research, 2017

2. Microsoft COVID Security Priorities Survey 2020
3. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018
The Microsoft approach
to information protection & governance

Know Protect Prevent Govern

your data your data data loss your data

What data do I have? How do I protect the data? How can I protect data with How can I retain or delete
people working from home? data?
Where does the data reside? What data is at risk?
How can I protect data when
people collaborate with external
users?

Protect and govern data wherever it lives

Know your data

Ensuring correct data

classification
Microsoft Information Protection
Defender
for Cloud
Apps

AIP
Scanner
MIP
Data Classification
Service
AZURE
Android

iOS

MacOS
Sensitivity Labels PurView ADLS SQL DB Azure Files

Windows
Public Confidential
Blobs Cosmos DB
General …

Sensitive Information Types

Out of Box Custom Trainable Classifiers S3

o Credit Card o RegEx o Sample Content
o SSN o Dictionary o Test
o License o Fingerprint o Validate
o More o EDM o Publish
What is a label?

Tag that is customizable,

readable by other systems,
and persistent.

It becomes the basis for applying and enforcing data

protection policies.

In files and emails, the sensitivity label

is persisted as document metadata
CONFIDENTIAL
In SharePoint Online, the sensitivity
and retention label is persisted as
container metadata
Flexible classification options

Business-lead policies & rules;

Automatic classification configured by IT

Policies can be set by IT Admins for automatically

applying classification and protection to data

HIGHLY
Recommended classification CONFIDENTIAL
Based on the content you’re working on, you can be
prompted with suggested classification CONFIDENTIAL
PERSONAL

Manual reclassification
Users can override a classification and optionally be GENERAL
required to provide a justification
PU BLIC

User-driven classification
Users can choose to apply a sensitivity label to the
email or file they are working on with a single click
User-driven labeling experiences built into Office applications

Consistent and easy for users

Apply and update labels while working
in Office apps – Word, PowerPoint, Excel
and Outlook

Built-in
Integrated natively into Office apps; no
plug-ins or add-ons required for latest
Office 365 apps.

Broad platform support

Available today: Mac, iOS and Android
public preview via Office Insider.
Outlook mobile available today
Native manual labeling in Office apps across all platforms

Project Obsidian Update Status

Project Obsidian Update.pdf

Multiple classification methods

Built-in
200+ information types provided out
of the box to get started

Flexible
Use regex, keywords, and exact data
match for data identification

Organized
Based on attributes on documents
Trainable classifiers
Leverage machine learning to automatically classify unique data

Built-in
Resume, source code, offensive
language provided out-of-box

Build-your-own
Train the system to look for specific
types of data

Integrated
Attach to sensitivity and retention
labels with associated policies
Protect your data

Keeping data secure

while keeping up
productivity
The importance of encryption

Added layer of defense in depth

Encrypt data at rest and in transit

Make data unreadable to unauthorized parties

Office 365 Message
Encryption
Easily send protected messages with Office 365 Message
Encryption
Flexible encryption
options
Protect
Mitigates risk of unintended
disclosure through encryption and
rights protection

Control Apply sensitivity

Leverage automatic policies or ad labels
hoc end-user controls, for emails
shared inside or outside the
organization

Compliance
Meet compliance obligations that
require encrypting data or Recipients can
read protected
encryption key control messages using
consumer
identities
Easily read protected
emails on any device
Sensitivity labels on
groups and sites
The Microsoft approach
to information protection & governance

Know Protect Prevent Govern

your data your data data loss your data

What data do I have? How do I protect the data? How can I protect data with How can I retain or delete
people working from home? data?
Where does the data reside? What data is at risk?
How can I protect data when
people collaborate with external
users?

Protect and govern data wherever it lives

Types of insider threats
The unintentional insider The negligent insider The malicious insider

The An
unintentional
employee might
insider is The
A negligent
negligentinsider
insider
might
is aware
use TheA malicious insider might
is intent
unintentionally
often unawaresend
of security
classified personal
of the security
web storage
practices
solutions
but on
delete
stealing
filesdata
at the
orlast
destroying
day of
information
protocols to
andanmight
external aschooses
he observes
to circumvent
the protocols
themas work infrastructure.
motivated by their
unintentionally
email recipient.
expose often ifredundant.
they are seen as resignation or might steal
information or foothold to unreasonable. secrets from the company.
attackers.
Insider Threat Incidents

Malicious
Insiders
14%

Stolen
Credentials
25%
Unintentional
and Negligant
Insiders
61%

Source: Ponemon Institute 2020 Cost of Insider Threats Report

Addressing risks to your information

Data Loss Prevention Insider Risk Management

Enforcing data loss prevention rules across
Identify and mitigate risks by a user
endpoints

Pivot Content User

Risk identification Transactional Correlated

Mitigation of risk Rule enforcement / User Education Collaborate across security, HR, legal

• Block printing of Word documents with Credit Cards, • Identify departing employees who are taking sensitive documents upon departure
Examples • Audit copying PDF files with label “Confidential” to USB, • Identify creative insider threat by correlating activities (collection>
• Warn w/ Override uploading of Office files with label “Sensitive” to Cloud obfuscation>exfiltration)
• Identify the vigilant insider threat involved in careful low-and-slow leak over days
Microsoft Information Protection
Defender
for Cloud
Apps

AIP
Scanner
MIP
Data Classification
Service
AZURE
Android

iOS

MacOS Sensitivity Labels PurView ADLS SQL DB Azure Files

Windows
Public Confidential
Blobs Cosmos DB
General …

Sensitive Information Types

Out of Box Custom Trainable Classifiers

S3
o Credit Card o RegEx o Sample Content
o SSN o Dictionary o Test
o License o Fingerprint o Validate
o More o EDM o Publish
Microsoft Data Loss Prevention
Defender
for Cloud
Apps

AIP
Scanner
MIP
Data Loss
Prevention
AZURE
Cloud Upload Android
App Control iOS
USB Drive MacOS Sensitivity Labels PurView ADLS SQL DB Azure Files

Network Windows
Public Confidential
Print
Blobs Cosmos DB
Clipboard General …

Sensitive Information Types

Out of Box Custom Trainable Classifiers

S3
o Credit Card o RegEx o Sample Content
o SSN o Dictionary o Test
o License o Fingerprint o Validate
o More o EDM o Publish
DLP Solution Overview

Comprehensive support across workloads

Azure
Exchange SharePoint, Teams Endpoint Non-Microsoft On-prem workloads
Online OneDrive Clouds and file shares
SaaS apps

Unified and integrated experiences

Guided Unified & flexible Integrated with Unified alerting & Integrated end-user
onboarding policy management MIP Remediation experiences
Unified, flexible policy management & enforcement

Configure policies across

devices, apps and services in
the Microsoft 365 Compliance
center

Rich flexibility in configuring

Lorem Ipsum (future locations)
rules and enforcement actions
Integrated with MIP classification & labels

200+ sensitive information types

40+ built-in policy templates for

common industry regulations and
compliance needs.

MIP Labels as conditions in DLP policy

Integrated end-user experiences

Built-in experiences in Office, Windows,

Edge, and other apps helps preserve user
productivity

Policy Tips help educate users when they

are about to violate a policy.

Supported across platforms: desktop,

web, and mobile apps.
Integrated end-user experiences

Built-in experiences in Office, Windows,

Edge, and other apps helps preserve user
productivity

Policy Tips help educate users when they

are about to violate a policy.

Available across platforms: desktop, web,

and mobile apps.
Protect sensitive files in the cloud
 Summary
Protect your data with Microsoft Information
Protection (MIP) and Data Loss Prevention (DLP): Professor convicted espionage
Back in 2010 a Finnish professor was arrested
 Apply sensitivity labels to documents and empower it as he was preparing to exchange sensitive
with auto labelling to empower users labelling data with Russian diplomats.*
documents.
By labelling and understanding data and applying
 Block sharing of classified documents with possibility granular access to it the risk involved is minimized.
of overriding while monitoring and logging of sharing. In this specific case the professor would be able to
copy the sensitive data, but the action
would be logged.
 Collaborate on classified data with internals and
externals while protecting it with MIP and DLP. By providing sensitivity
labels the classification
 Protect classified information with MIP providing only and appropriate
handling of data
access to authenticated users. becomes apparent.
This should not limit the
 Detect users copying sensitive information and use use but rather empower
templates to determine correct action. complaint data processing

* From PET publication “Er jeres forskning i fare?” 2021: Er jeres forskning i fare?
Next steps

1 2 3

Learn more Get started now Deploy leveraging

with a trial our Deployment
Visit MS Learn: Acceleration Guides
Reach out to your
• Microsoft Information Microsoft
Protection
Representative or
• Data Loss Prevention Partner for more
information
Thank you