2. Thanks to our sponsors
• Each sponsor stamp will opt you into sponsor raffle prize and mailings
• Collect 7 or more sponsor stamps on your Badge to be eligible for the
Xbox One X
• Hand entire Badge/ ribbon back into registration desk at end of day to
enter the prize draw
• Badges drawn at 5.15pm in Trinobantes (if you are drawn and do not
have the pre-requisite stamp/s….. You’ll lose!)
3. Social
• Tweet on #spscambridge OR #sqlsatcambridge
• We have Giant Jenga, Giant Connect 4, Giant Kerplunk and Sack races!
• Post event, join us for a SharePint/ SQLPint from our bar
• Don’t forget to thank Sponsors, Volunteers and Speakers!
• The event doors will close at 6.30pm
5. Agenda
First hour
• Introduction
• Alert dashboard
• Data governance labels
• Data governance policies
Second hour
• Data loss prevention
• Threat management
• Search & Investigation
6. Expectation management slide
Scope:
Office 365 Security & Compliance Center
Licenses:
An Office 365 E5 trial tenant is used
Not part of the show *)
Mobile Device Management or Intune
Microsoft Cloud App Security
Azure Active Directory
Azure Information Protection
*) But we do know about these things, so don’t hesitate to ask after the session
8. Alert dashboard
1. Set alerts for specific actions, for
example:
a) Accessing specific files
b) Administrative actions
c) Sharing information
9. Alert dashboard – hands on
1. Go to the Alert dashboard
2. Create a new alert policy for files shared
from the SharePoint site
3. Use your demo e-mail address
4. Share a file from the SharePoint site
5. An alert will be send, but be patient
10. Data governance labels
1. Labels are used to tag content
2. Nearly all Office 365 content can be tagged
3. Tagging is either manually or automatically
4. Labels show up in SharePoint and Outlook
5. You can use the tags for retention, search, data
loss prevention and permissions (soon)
11. Data governance labels – hands on
1. Go to the Classifications section
2. Create a label with these properties:
a) Retain for 7 months;
b) Delete automatically
c) Trigger based on when it was labelled
3. Publish this label to the SharePoint site
4. Auto-apply this label to Exchange based on U.K.
Financial data
5. Check if the label is available in the SharePoint
site
12. Data governance policies
1. Policies designed to retain or remove
content
2. Enable the site-hold in SharePoint
3. Work in the background without user
intervention
4. Specific rules when policies and/or labels
conflict
13. Data governance policies – hands on
1. Go to the Data Governance section
2. Create a new retention policy which:
a) deletes contents;
b) 1 year after last modification
c) in OneDrive for Business
14. Permissions security & compliance
1. Multiple roles
2. Tenant admin does not indicate that you
are compliance admin!
15. End of session 1 – take a break
Session 2 will start at 11:25 am
Subjects are:
• Data loss prevention
• Threat management
• Search & Investigation
16. Data loss prevention - 1
1. Data loss prevention is based on search
2. You can create a policy based on
sensitive information types, specific
keywords or labels
3. You have multiple options, including
restricting access to content
17. Data loss prevention – 1 – hands on
1. Go to the data loss prevention section
2. Create a new policy for:
a) files matching “U.K. Financial data”
b) stored in OneDrive for Business
c) shared inside of the organisation
d) At minimum 2 instances need to be
detected
3. This policy should show a policy tip:
“Please be carefull with these types of
documents” and send an e-mail to the
owner of the OneDrive.
18. Data loss prevention – 2 – hands on
1. Go to the data loss prevention section
2. Create a new policy for:
a) files stored in SharePoint
b) with the label you created earlier
c) shared outside of the organisation
d) At minimum 2 instances need to be
detected
3. This policy should:
a) show a policy tip: “Please be careful
with these types of documents”
b) send an e-mail to the owner of the
OneDrive and an incident report
c) restrict access to the file
d) not be overwritten
19. Threat management
1. Use this section to get an indication of
threats
2. Also use this to enabled Advanced
Threat Protection (E5 licenses required)
20. Threat management – hands on
1. Go to the Policy section
2. Add an example link to the list of
blocked URL’s
3. Block access to this URL on Office Online
21. Search and investigation
1. You can either search for content or
activities
2. Search is also used for eDiscovery and
data subject requests
3. You can export reports and the content
itself (if permitted)
4. Auditlog search is very powerful and can
be used in addition to alerts
22. Search and investigation – hands on
1. Go to the Content search section
2. Create a new search policy which
searches for the keyword “Security*” in
all SharePoint sites
3. Restrict this search to the SharePoint site
4. Go to the Audit log search section
5. Create an audit log search for
downloaded files
6. Create an alert policy based on this
search