SlideShare a Scribd company logo

Deep dive into Microsoft Purview Data Loss Prevention

Download as PPTX, PDF
Drew Madelung
Drew Madelung

Are you protecting your data at rest and in transit? In this session we will go through all the different types of DLP in Microsoft Purview including endpoint, Exchange, Teams, SharePoint, OneDrive, and more. We will discuss the configuration options, why it is important, and the best practices to get started while going through a collection of demos. You will leave this sessions with a deeper understanding of the technology and how it can impact your employee's experience

Technology
1 of 47
365EduCon Chicago – 2023 Drew Madelung Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung Email : drew.madelung@protiviti.com Twitter : @dmadelung Website: drewmadelung.com Associate Director – M365 Cloud Applications
What is Microsoft Purview Safeguarding your data Improve risk and compliance Deep dive into Microsoft Purview Data Loss Prevention 365EduCon Chicago 2023 #365EduCon Understand & govern your data Demos on Demos
Data usage is evolving and complex, moving outside of the traditional borders of business OS OS
93% of data within an organization is dark Year over year, the amount of data available doubles Organizations lack visibility into their data OS OS
OS OS The landscape is fragmented, creating risks
We live in a hybrid technology environment of organizations are multi-cloud 90% find it hard to manage fragmented compliance and risk related solutions 80% 80% of decision makers have purchased multiple products to meet compliance and data- protection needs
Microsoft Purview Microsoft Purview is a comprehensive set of solutions which help organizations govern and protect data across their multi-cloud, multi-platform data environment, while meeting the compliance requirements they are subject to.
Purview brings together solutions
Purview branding simplification Azure Purview portal Microsoft Purview Governance Portal Azure Purview Data Map Microsoft Purview Data Map Azure Purview Data Catalog Microsoft Purview Data Catalog Azure Purview Data Insights Microsoft Purview Data Estate Insights Microsoft 365 compliance center Microsoft Purview Compliance Portal Microsoft Information Governance Microsoft Purview Data Lifecycle Management Records Management in Microsoft 365 Microsoft Purview Records Management Microsoft Information Protection Microsoft Purview Information Protection Office 365 Data Loss Prevention Microsoft Purview Data Loss Prevention Insider Risk Management Microsoft Purview Insider Risk Management Communication Compliance Microsoft Purview Communication Compliance Compliance Manager Microsoft Purview Compliance Manager Core eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Standard) Advanced eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Premium) Basic Audit in Microsoft 365 Microsoft Purview Audit (Standard) Advanced Audit in Microsoft 365 Microsoft Purview Audit (Premium)
Microsoft Purview Understand & govern data Manage visibility and governance of data assets across your environment Safeguard data, wherever it lives Protect sensitive data across clouds, apps, and devices Improve risk & compliance posture Identify data risks and manage regulatory compliance requirements Microsoft ecosystem Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
Classification - General Safeguarding your data with DLP
Purview Data Loss Prevention • Cloud native with built-in protection in Microsoft 365 apps, services, and windows endpoints - no on-premise infrastructure or agents needed • Balance protection and productivity with granular policy controls and manage DLP policies all workloads from a single location • Leverage classification and user activity insights to better inform DLP polices and benefit from an integrated incident management
What if you don’t? • Data Breaches • Financial loss • Reputation Damage • Regulatory Non-Compliance Implementing effective DLP measures is crucial to safeguard sensitive data and mitigate these risks. • Loss of Intellectual Property • Employe Errors & Insider Threats • Loss of Customer Data & Trust
Do you have a strategy? Do you know where your business critical and sensitive data resides and what is being done with it? Do you have control of this data as it travels inside and outside of your organization? Are you using multiple solutions to classify, label, and protect this data?
Top data security risks Data security incidents are widespread 83% of organizations experience more than one data breach in their lifetime1 Malicious insiders account for 20% of data breaches, adding to costs $4.18M Average cost of data breach with a malicious insider2 Organizations are struggling with a fragmented solution landscape 80% of decision makers purchased multiple products to meet compliance and data protection needs3
Demo
DLP lifecycle • WHY • What tech • Culture Plan • Services • Policies • Actions Build • Test mode • Metrics • Update Deploy • Logs • False Positives • False Negatives Tune • Communicate • Deploy • Validate Enable • Alerts • Responses • Refine Monitor
Planning DLP Plan Identify Stakeholders: Determine who within the organization needs to be involved, including IT, legal, compliance, and business representatives. Define Objectives: Clearly outline the goals and objectives of the Purview DLP deployment, including what types of data you need to protect and WHY. Regulatory Compliance: Identify and understand relevant data protection regulations and compliance requirements for your organization or industry. Data Classification: Develop a data classification scheme to categorize data by sensitivity that can be used within DLP policies to identify and protect your most sensitive data. Budget and Resources: Allocate the necessary budget and resources for the Purview DLP deployment. Implementation Plan: Map starting state to end state and how to test, train, deploy, and operationalize. Policy Framework: Begin outlining the DLP policy framework including key scenarios, such as financial data exfiltration, which will be developed further in the next phases.
Planning DLP Policies • What: Office documents • Who: Everyone • Where: OneDrive, SharePoint, Teams • Conditions: HIPAA template • Actions: Restrict access and trigger alert "We're a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA that are stored in OneDrive/SharePoint and to protect against that information being shared in Teams chat and channel messages and restrict everyone from sharing them with unauthorized third parties". A good practice is to describe a policy with intent in words. Plan
Planning DLP Policies What sensitive items are most important to start your first policy? • PII/PHI • PCI • GDPR Where are your sensitive items and what business process are they in? • Exchange email • SharePoint sites • OneDrive accounts • Teams chat and channel messages • Windows 10, 11 and macOS Devices • Microsoft Defender for Cloud Apps • On-premises repositories Location is a KEY driver for constructing your policy Plan
Building DLP Policies Location Supports Admin Units Include/Exclude scope Data state Additional prerequisites Exchange Yes - Distribution groups - Security groups - Non-mail enabled security groups - Dynamic distribution lists - Microsoft 365 groups (Group members only, not the group as an entity) data-in-motion No SharePoint No Sites data-at-rest data-in-use No OneDrive Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-at-rest data-in-use No Teams chat and channel messages Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-in-motion data-in-use No Microsoft Defender for Cloud Apps No Cloud app instance data-at-rest Yes Devices Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-in-use data-in-motion Yes On-premises repositories (file shares and SharePoint) No Repository data-at-rest Yes Power BI No Workspaces data-in-use No Build
Building DLP Policies • Conditions that when matched, trigger the policy • Actions to take when the policy is triggered • User notifications to inform your users when they're doing something that triggers a policy and help educate • User Overrides when configured by an admin, allow users to selectively override a blocking action • Incident reports that notify admins and other key stakeholders when a rule match occurs • Additional options which define the priority for rule evaluation and can stop further rule and policy processing Rules are the key to DLP policies. A policy contains one or more rules. Rules are executed sequentially, starting with the highest-priority rule in each policy. Build
Building DLP Policies DLP Rule Conditions: Conditions are where you define what you want the rule to look for and the context in which those items are being used. • Content contains • SITs, Labels, Trainable Classifiers • Big differences between location • Email supports the most • OD/SPO similar • Teams limited • Device includes service domains • Combine conditions with AND/OR DLP Rule Actions: Actions occur after conditions are met and depend on the locations that have been selected. • EXO/OD/SPO/Teams • Restrict access or encrypt the content in Microsoft 365 locations • Block everyone or only external • Just email supports more (i.e. encryption) • Audit/Block actions on devices (i.e. print) • Power BI limited to alerts/notifications Build
Building DLP Policies DLP user notifications through emails and in- context policy tips: Dependent on location again • Emails can only be sent to individuals • Can show up in Outlook, Office clients, M365 services • Notifications can use parameters like %%AppliedActions% and emails can be HTML based • Only the policy tip from the highest priority, most restrictive rule will show • Not all SITs support policy tips Build
Building DLP Policies User overrides Allow users to bypass, with justification, so they can continue their work • Set per rule • Requires block to be set in policy • Good when initially rolling out for false positive identification • Require business justification is logged for audit • Report false positive is also logged for audit Build
Demo
Deploying DLP Policies • All activity available in activity explorer as long as it’s not off • Start in test mode without policy tips • Move to test with policy tips for a pilot group • Admin tracks activities and views alerts • Update policies/rules/user notifications based on what was found in initial deployment A rushed deployment can negatively impact business processes Deploy
Tuning DLP policies Tune Initial tuning is crucial to ensure you really are identifying and protecting sensitive data • Utilize the activity explorer to investigate rule matches per policy • Use CloudAppEvents table if using Sentinel • Talk to your pilot users and ensure you use real documents with sensitive data to test
Enabling DLP Policies Enable • Send any communications identified notifying users • Ensure your policy documentation is updated and update the “Learn more” URL to point to it (EXO) • Implement plan to operationalize incident management • RACI & Permissions • Ensure you monitor activity initially after enablement to validate successful conditions Enablement is the pushing of policies to all users/devices requiring the policy
Monitoring DLP Policies Monitor • Continue to use activity explorer and the audit log or the CloudAppEvents table • Custom SITs with Regex or EDM can take a lot of monitoring and adjustments • Build knowledge articles for service desk when users see DLP actions/tips • Have a plan for exception management with approval process in place • Setup metrics or workbooks to show successes, overrides, etc by user/location • Microsoft Purview Advanced Rich Reports (MPARR) DLP policies are never complete!
Demo
Endpoint DLP Deeper Dive Available for Win 10/11 and macOS once onboarded into Purview. Can be done via defender, script, GPO, Intune, or SCCM which will start to return data in activity explorer. Just-in-time protection Candidate policy blocks all egress until policy evaluation completes successfully which can be new files or stale files. Available in Audit mode. Endpoint DLP settings • Advanced classification • File path exclusions for Windows/Mac • Setup evidence collections • Restricted apps and app groups • Unallowed Bluetooth apps • Browser and domain restrictions • Printer groups • Removable USB and Network share groups
Demo
Adaptive protection • Utilizes IRM to determine risk of a user i.e. admin account downloads excess info for a week = high • Continuously maintained • Lock down high-risk users while still allowing regular business • Allow PII to be sent because we NEED too but if you are at risk then block Automatically change DLP policies actions
Investigating alerts & incidents • DLP alerts currently in BOTH Defender and Purview portal but Defender is recommended • Utilize counts to prevent flood detection • KQL is your friend with advanced hunting • Grant minimal access – IP Analyst or View Only DLP Compliance Management
Demo
Other DLP stuff 3rd party DLP includes Box/Dropbox/Salesforce/GSuite/Citrix utilizing MDCA There is a Symantec DLP to Purview DLP converter EXO/Purview DLP policies work together but EXO takes precedence including policy tips New DLP analytics are in preview to help with insights for improvement On-premises DLP requires MIP scanner deployment Sensitivity labels can be used across services for DLP New Test-DlpPolicies cmdlet to see specific files per site that would trigger
Purview DLP Lessons from the field Chrome & Firefox Purview extension= good Build and name policies by service and they can’t be renamed - KISS Utilize Information Protection roles for RBAC MDEClientAnalyzer is… awesome for debugging Understand / vs /* for exclusions Exact Data Match (EDM) works! Policy tips are COMPLICATED between web/client Use variables like %%AppliedActions%% Ensure URLs open if using EndPoint DLP
Safeguarding data examples ` Block an email or document from being shared externally Utilize Exchange, SharePoint, and OneDrive DLP policies Stopping sensitive data sharing in Teams internally and externally Utilize Teams DLP policies, Sensitivity labels for containers, and for files with encryption Prevent a file from being copied from an endpoint to a non-approved location Utilize Endpoint DLP for Windows and macOS
It’s all integrated
Allows you to start without having it all figured out Allows for incremental improvements Eases information workers into the world of protection and retention Some protection and retention is better than nothing Utilizing a crawl-walk-run strategy
Where and how to start • Learn about the technical capabilities within the Purview DLP • Identify REAL scenarios or challenges that Purview DLP can solve • Assign Purview ownership by solution and get permissions setup • Identify competing DLP solutions with a solution rationalization • Build a Purview DLP roadmap aligned to your overall product, M365, or security roadmap
Questions? Email: drew.madelung@protiviti.com Twitter: @dmadelung Website: drewmadelung.com Slides: http://bit.ly/DrewSlides
Deep dive into Purview Data Loss Prevention

Recommended

CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Chirag Patel
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?Albert Hoitingh
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 

Recommended

CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedAlbert Hoitingh
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Chirag Patel
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?Albert Hoitingh
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMDrew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 ComplianceDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Nikki Chapple
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint ManagerGeorge Grammatikos
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best PracticesCommunity IT Innovators
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
 

More Related Content

What's hot

Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMDrew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptxChrisaldyChandra
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Nikki Chapple
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint ManagerGeorge Grammatikos
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Radhakrishnan Govindan
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Dock 365
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 

What's hot (20)

Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & Sensitivity
 

Similar to Deep dive into Microsoft Purview Data Loss Prevention

Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss PreventionaMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss PreventionAlbert Hoitingh
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplaceSiddick Elaheebocus
 
SPUnite17 Information Management and Data Governance in Office365
SPUnite17 Information Management and Data Governance in Office365SPUnite17 Information Management and Data Governance in Office365
SPUnite17 Information Management and Data Governance in Office365NCCOMMS
 
Information management and data governance in Office 365
Information management and data governance in Office 365Information management and data governance in Office 365
Information management and data governance in Office 365Joanne Klein
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsDrew Madelung
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareKonverge Technologies Pvt. Ltd.
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceJoanne Klein
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...zoheirop
 
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...Jasper Oosterveld
 
Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Drew Madelung
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionAujas Networks Pvt. Ltd.
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfSymptai Consulting Limited
 

Similar to Deep dive into Microsoft Purview Data Loss Prevention (20)

Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss PreventionaMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
 
SPUnite17 Information Management and Data Governance in Office365
SPUnite17 Information Management and Data Governance in Office365SPUnite17 Information Management and Data Governance in Office365
SPUnite17 Information Management and Data Governance in Office365
 
Information management and data governance in Office 365
Information management and data governance in Office 365Information management and data governance in Office 365
Information management and data governance in Office 365
 
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity LabelsSecuring SharePoint, OneDrive, & Teams with Sensitivity Labels
Securing SharePoint, OneDrive, & Teams with Sensitivity Labels
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...
espc2023-protectandgovernyoursensitivedatawithmicrosoftpurviewinmicrosoftteam...
 
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
 
Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
 
Andy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep dive
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
 

More from Drew Madelung

Introduction to Microsoft Syntex
Introduction to Microsoft SyntexIntroduction to Microsoft Syntex
Introduction to Microsoft SyntexDrew Madelung
 
Deploying & Managing OneDrive
Deploying & Managing OneDriveDeploying & Managing OneDrive
Deploying & Managing OneDriveDrew Madelung
 
Deploying Viva Topics
Deploying Viva TopicsDeploying Viva Topics
Deploying Viva TopicsDrew Madelung
 
How to Successfully Manage OneDrive for Business
How to Successfully Manage OneDrive for BusinessHow to Successfully Manage OneDrive for Business
How to Successfully Manage OneDrive for BusinessDrew Madelung
 
What's New with OneDrive
What's New with OneDriveWhat's New with OneDrive
What's New with OneDriveDrew Madelung
 
Getting started with with SharePoint Syntex
Getting started with with SharePoint SyntexGetting started with with SharePoint Syntex
Getting started with with SharePoint SyntexDrew Madelung
 
Intro to Shared Channels
Intro to Shared ChannelsIntro to Shared Channels
Intro to Shared ChannelsDrew Madelung
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and TeamsWhat's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and TeamsDrew Madelung
 
Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Drew Madelung
 
Microsoft Ignite 2021 Recap
Microsoft Ignite 2021 RecapMicrosoft Ignite 2021 Recap
Microsoft Ignite 2021 RecapDrew Madelung
 
How to successfully manage OneDrive
How to successfully manage OneDriveHow to successfully manage OneDrive
How to successfully manage OneDriveDrew Madelung
 
What's new with OneDrive - July 2021
What's new with OneDrive - July 2021What's new with OneDrive - July 2021
What's new with OneDrive - July 2021Drew Madelung
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointDrew Madelung
 
Wisconsin SharePoint User Group - November 2020 - Ignite News
Wisconsin SharePoint User Group - November 2020 - Ignite NewsWisconsin SharePoint User Group - November 2020 - Ignite News
Wisconsin SharePoint User Group - November 2020 - Ignite NewsDrew Madelung
 
M365 Records Management Community Webinar
M365 Records Management Community WebinarM365 Records Management Community Webinar
M365 Records Management Community WebinarDrew Madelung
 
Enabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointEnabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointDrew Madelung
 
Following the Evolution of Office 365 Groups to Microsoft 365 Groups
Following the Evolution of Office 365 Groups to Microsoft 365 GroupsFollowing the Evolution of Office 365 Groups to Microsoft 365 Groups
Following the Evolution of Office 365 Groups to Microsoft 365 GroupsDrew Madelung
 
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint SitesSensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint SitesDrew Madelung
 
Review of the new Managed Metadata experience in SharePoint Online
Review of the new Managed Metadata experience in SharePoint OnlineReview of the new Managed Metadata experience in SharePoint Online
Review of the new Managed Metadata experience in SharePoint OnlineDrew Madelung
 
Getting Started with Site Designs and Site Scripts - SPSChi
Getting Started with Site Designs and Site Scripts - SPSChiGetting Started with Site Designs and Site Scripts - SPSChi
Getting Started with Site Designs and Site Scripts - SPSChiDrew Madelung
 

More from Drew Madelung (20)

Introduction to Microsoft Syntex
Introduction to Microsoft SyntexIntroduction to Microsoft Syntex
Introduction to Microsoft Syntex
 
Deploying & Managing OneDrive
Deploying & Managing OneDriveDeploying & Managing OneDrive
Deploying & Managing OneDrive
 
Deploying Viva Topics
Deploying Viva TopicsDeploying Viva Topics
Deploying Viva Topics
 
How to Successfully Manage OneDrive for Business
How to Successfully Manage OneDrive for BusinessHow to Successfully Manage OneDrive for Business
How to Successfully Manage OneDrive for Business
 
What's New with OneDrive
What's New with OneDriveWhat's New with OneDrive
What's New with OneDrive
 
Getting started with with SharePoint Syntex
Getting started with with SharePoint SyntexGetting started with with SharePoint Syntex
Getting started with with SharePoint Syntex
 
Intro to Shared Channels
Intro to Shared ChannelsIntro to Shared Channels
Intro to Shared Channels
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and TeamsWhat's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
 
Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...Everything you need to know about external sharing in OneDrive, SharePoint, a...
Everything you need to know about external sharing in OneDrive, SharePoint, a...
 
Microsoft Ignite 2021 Recap
Microsoft Ignite 2021 RecapMicrosoft Ignite 2021 Recap
Microsoft Ignite 2021 Recap
 
How to successfully manage OneDrive
How to successfully manage OneDriveHow to successfully manage OneDrive
How to successfully manage OneDrive
 
What's new with OneDrive - July 2021
What's new with OneDrive - July 2021What's new with OneDrive - July 2021
What's new with OneDrive - July 2021
 
Sensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePointSensitivity for Groups, Teams, and SharePoint
Sensitivity for Groups, Teams, and SharePoint
 
Wisconsin SharePoint User Group - November 2020 - Ignite News
Wisconsin SharePoint User Group - November 2020 - Ignite NewsWisconsin SharePoint User Group - November 2020 - Ignite News
Wisconsin SharePoint User Group - November 2020 - Ignite News
 
M365 Records Management Community Webinar
M365 Records Management Community WebinarM365 Records Management Community Webinar
M365 Records Management Community Webinar
 
Enabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointEnabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePoint
 
Following the Evolution of Office 365 Groups to Microsoft 365 Groups
Following the Evolution of Office 365 Groups to Microsoft 365 GroupsFollowing the Evolution of Office 365 Groups to Microsoft 365 Groups
Following the Evolution of Office 365 Groups to Microsoft 365 Groups
 
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint SitesSensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
 
Review of the new Managed Metadata experience in SharePoint Online
Review of the new Managed Metadata experience in SharePoint OnlineReview of the new Managed Metadata experience in SharePoint Online
Review of the new Managed Metadata experience in SharePoint Online
 
Getting Started with Site Designs and Site Scripts - SPSChi
Getting Started with Site Designs and Site Scripts - SPSChiGetting Started with Site Designs and Site Scripts - SPSChi
Getting Started with Site Designs and Site Scripts - SPSChi
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Deep dive into Microsoft Purview Data Loss Prevention

  • 1. 365EduCon Chicago – 2023 Drew Madelung Deep dive into Microsoft Purview Data Loss Prevention
  • 2.
  • 3. Drew Madelung Email : drew.madelung@protiviti.com Twitter : @dmadelung Website: drewmadelung.com Associate Director – M365 Cloud Applications
  • 4. What is Microsoft Purview Safeguarding your data Improve risk and compliance Deep dive into Microsoft Purview Data Loss Prevention 365EduCon Chicago 2023 #365EduCon Understand & govern your data Demos on Demos
  • 5. Data usage is evolving and complex, moving outside of the traditional borders of business OS OS
  • 6. 93% of data within an organization is dark Year over year, the amount of data available doubles Organizations lack visibility into their data OS OS
  • 7. OS OS The landscape is fragmented, creating risks
  • 8. We live in a hybrid technology environment of organizations are multi-cloud 90% find it hard to manage fragmented compliance and risk related solutions 80% 80% of decision makers have purchased multiple products to meet compliance and data- protection needs
  • 9. Microsoft Purview Microsoft Purview is a comprehensive set of solutions which help organizations govern and protect data across their multi-cloud, multi-platform data environment, while meeting the compliance requirements they are subject to.
  • 11. Purview branding simplification Azure Purview portal Microsoft Purview Governance Portal Azure Purview Data Map Microsoft Purview Data Map Azure Purview Data Catalog Microsoft Purview Data Catalog Azure Purview Data Insights Microsoft Purview Data Estate Insights Microsoft 365 compliance center Microsoft Purview Compliance Portal Microsoft Information Governance Microsoft Purview Data Lifecycle Management Records Management in Microsoft 365 Microsoft Purview Records Management Microsoft Information Protection Microsoft Purview Information Protection Office 365 Data Loss Prevention Microsoft Purview Data Loss Prevention Insider Risk Management Microsoft Purview Insider Risk Management Communication Compliance Microsoft Purview Communication Compliance Compliance Manager Microsoft Purview Compliance Manager Core eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Standard) Advanced eDiscovery in Microsoft 365 Microsoft Purview eDiscovery (Premium) Basic Audit in Microsoft 365 Microsoft Purview Audit (Standard) Advanced Audit in Microsoft 365 Microsoft Purview Audit (Premium)
  • 12. Microsoft Purview Understand & govern data Manage visibility and governance of data assets across your environment Safeguard data, wherever it lives Protect sensitive data across clouds, apps, and devices Improve risk & compliance posture Identify data risks and manage regulatory compliance requirements Microsoft ecosystem Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
  • 14. Purview Data Loss Prevention • Cloud native with built-in protection in Microsoft 365 apps, services, and windows endpoints - no on-premise infrastructure or agents needed • Balance protection and productivity with granular policy controls and manage DLP policies all workloads from a single location • Leverage classification and user activity insights to better inform DLP polices and benefit from an integrated incident management
  • 15. What if you don’t? • Data Breaches • Financial loss • Reputation Damage • Regulatory Non-Compliance Implementing effective DLP measures is crucial to safeguard sensitive data and mitigate these risks. • Loss of Intellectual Property • Employe Errors & Insider Threats • Loss of Customer Data & Trust
  • 16. Do you have a strategy? Do you know where your business critical and sensitive data resides and what is being done with it? Do you have control of this data as it travels inside and outside of your organization? Are you using multiple solutions to classify, label, and protect this data?
  • 17. Top data security risks Data security incidents are widespread 83% of organizations experience more than one data breach in their lifetime1 Malicious insiders account for 20% of data breaches, adding to costs $4.18M Average cost of data breach with a malicious insider2 Organizations are struggling with a fragmented solution landscape 80% of decision makers purchased multiple products to meet compliance and data protection needs3
  • 18. Demo
  • 19. DLP lifecycle • WHY • What tech • Culture Plan • Services • Policies • Actions Build • Test mode • Metrics • Update Deploy • Logs • False Positives • False Negatives Tune • Communicate • Deploy • Validate Enable • Alerts • Responses • Refine Monitor
  • 20. Planning DLP Plan Identify Stakeholders: Determine who within the organization needs to be involved, including IT, legal, compliance, and business representatives. Define Objectives: Clearly outline the goals and objectives of the Purview DLP deployment, including what types of data you need to protect and WHY. Regulatory Compliance: Identify and understand relevant data protection regulations and compliance requirements for your organization or industry. Data Classification: Develop a data classification scheme to categorize data by sensitivity that can be used within DLP policies to identify and protect your most sensitive data. Budget and Resources: Allocate the necessary budget and resources for the Purview DLP deployment. Implementation Plan: Map starting state to end state and how to test, train, deploy, and operationalize. Policy Framework: Begin outlining the DLP policy framework including key scenarios, such as financial data exfiltration, which will be developed further in the next phases.
  • 21. Planning DLP Policies • What: Office documents • Who: Everyone • Where: OneDrive, SharePoint, Teams • Conditions: HIPAA template • Actions: Restrict access and trigger alert "We're a U.S. based organization, and we need to detect Office documents that contain sensitive health care information covered by HIPPA that are stored in OneDrive/SharePoint and to protect against that information being shared in Teams chat and channel messages and restrict everyone from sharing them with unauthorized third parties". A good practice is to describe a policy with intent in words. Plan
  • 22. Planning DLP Policies What sensitive items are most important to start your first policy? • PII/PHI • PCI • GDPR Where are your sensitive items and what business process are they in? • Exchange email • SharePoint sites • OneDrive accounts • Teams chat and channel messages • Windows 10, 11 and macOS Devices • Microsoft Defender for Cloud Apps • On-premises repositories Location is a KEY driver for constructing your policy Plan
  • 23. Building DLP Policies Location Supports Admin Units Include/Exclude scope Data state Additional prerequisites Exchange Yes - Distribution groups - Security groups - Non-mail enabled security groups - Dynamic distribution lists - Microsoft 365 groups (Group members only, not the group as an entity) data-in-motion No SharePoint No Sites data-at-rest data-in-use No OneDrive Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-at-rest data-in-use No Teams chat and channel messages Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-in-motion data-in-use No Microsoft Defender for Cloud Apps No Cloud app instance data-at-rest Yes Devices Yes - Distribution groups - Security groups - Non-mail enabled security groups - Microsoft 365 groups (Group members only, not the group as an entity) data-in-use data-in-motion Yes On-premises repositories (file shares and SharePoint) No Repository data-at-rest Yes Power BI No Workspaces data-in-use No Build
  • 24. Building DLP Policies • Conditions that when matched, trigger the policy • Actions to take when the policy is triggered • User notifications to inform your users when they're doing something that triggers a policy and help educate • User Overrides when configured by an admin, allow users to selectively override a blocking action • Incident reports that notify admins and other key stakeholders when a rule match occurs • Additional options which define the priority for rule evaluation and can stop further rule and policy processing Rules are the key to DLP policies. A policy contains one or more rules. Rules are executed sequentially, starting with the highest-priority rule in each policy. Build
  • 25. Building DLP Policies DLP Rule Conditions: Conditions are where you define what you want the rule to look for and the context in which those items are being used. • Content contains • SITs, Labels, Trainable Classifiers • Big differences between location • Email supports the most • OD/SPO similar • Teams limited • Device includes service domains • Combine conditions with AND/OR DLP Rule Actions: Actions occur after conditions are met and depend on the locations that have been selected. • EXO/OD/SPO/Teams • Restrict access or encrypt the content in Microsoft 365 locations • Block everyone or only external • Just email supports more (i.e. encryption) • Audit/Block actions on devices (i.e. print) • Power BI limited to alerts/notifications Build
  • 26. Building DLP Policies DLP user notifications through emails and in- context policy tips: Dependent on location again • Emails can only be sent to individuals • Can show up in Outlook, Office clients, M365 services • Notifications can use parameters like %%AppliedActions% and emails can be HTML based • Only the policy tip from the highest priority, most restrictive rule will show • Not all SITs support policy tips Build
  • 27. Building DLP Policies User overrides Allow users to bypass, with justification, so they can continue their work • Set per rule • Requires block to be set in policy • Good when initially rolling out for false positive identification • Require business justification is logged for audit • Report false positive is also logged for audit Build
  • 28. Demo
  • 29. Deploying DLP Policies • All activity available in activity explorer as long as it’s not off • Start in test mode without policy tips • Move to test with policy tips for a pilot group • Admin tracks activities and views alerts • Update policies/rules/user notifications based on what was found in initial deployment A rushed deployment can negatively impact business processes Deploy
  • 30. Tuning DLP policies Tune Initial tuning is crucial to ensure you really are identifying and protecting sensitive data • Utilize the activity explorer to investigate rule matches per policy • Use CloudAppEvents table if using Sentinel • Talk to your pilot users and ensure you use real documents with sensitive data to test
  • 31. Enabling DLP Policies Enable • Send any communications identified notifying users • Ensure your policy documentation is updated and update the “Learn more” URL to point to it (EXO) • Implement plan to operationalize incident management • RACI & Permissions • Ensure you monitor activity initially after enablement to validate successful conditions Enablement is the pushing of policies to all users/devices requiring the policy
  • 32. Monitoring DLP Policies Monitor • Continue to use activity explorer and the audit log or the CloudAppEvents table • Custom SITs with Regex or EDM can take a lot of monitoring and adjustments • Build knowledge articles for service desk when users see DLP actions/tips • Have a plan for exception management with approval process in place • Setup metrics or workbooks to show successes, overrides, etc by user/location • Microsoft Purview Advanced Rich Reports (MPARR) DLP policies are never complete!
  • 33. Demo
  • 34. Endpoint DLP Deeper Dive Available for Win 10/11 and macOS once onboarded into Purview. Can be done via defender, script, GPO, Intune, or SCCM which will start to return data in activity explorer. Just-in-time protection Candidate policy blocks all egress until policy evaluation completes successfully which can be new files or stale files. Available in Audit mode. Endpoint DLP settings • Advanced classification • File path exclusions for Windows/Mac • Setup evidence collections • Restricted apps and app groups • Unallowed Bluetooth apps • Browser and domain restrictions • Printer groups • Removable USB and Network share groups
  • 35. Demo
  • 36. Adaptive protection • Utilizes IRM to determine risk of a user i.e. admin account downloads excess info for a week = high • Continuously maintained • Lock down high-risk users while still allowing regular business • Allow PII to be sent because we NEED too but if you are at risk then block Automatically change DLP policies actions
  • 37. Investigating alerts & incidents • DLP alerts currently in BOTH Defender and Purview portal but Defender is recommended • Utilize counts to prevent flood detection • KQL is your friend with advanced hunting • Grant minimal access – IP Analyst or View Only DLP Compliance Management
  • 38. Demo
  • 39. Other DLP stuff 3rd party DLP includes Box/Dropbox/Salesforce/GSuite/Citrix utilizing MDCA There is a Symantec DLP to Purview DLP converter EXO/Purview DLP policies work together but EXO takes precedence including policy tips New DLP analytics are in preview to help with insights for improvement On-premises DLP requires MIP scanner deployment Sensitivity labels can be used across services for DLP New Test-DlpPolicies cmdlet to see specific files per site that would trigger
  • 40. Purview DLP Lessons from the field Chrome & Firefox Purview extension= good Build and name policies by service and they can’t be renamed - KISS Utilize Information Protection roles for RBAC MDEClientAnalyzer is… awesome for debugging Understand / vs /* for exclusions Exact Data Match (EDM) works! Policy tips are COMPLICATED between web/client Use variables like %%AppliedActions%% Ensure URLs open if using EndPoint DLP
  • 41. Safeguarding data examples ` Block an email or document from being shared externally Utilize Exchange, SharePoint, and OneDrive DLP policies Stopping sensitive data sharing in Teams internally and externally Utilize Teams DLP policies, Sensitivity labels for containers, and for files with encryption Prevent a file from being copied from an endpoint to a non-approved location Utilize Endpoint DLP for Windows and macOS
  • 43. Allows you to start without having it all figured out Allows for incremental improvements Eases information workers into the world of protection and retention Some protection and retention is better than nothing Utilizing a crawl-walk-run strategy
  • 44. Where and how to start • Learn about the technical capabilities within the Purview DLP • Identify REAL scenarios or challenges that Purview DLP can solve • Assign Purview ownership by solution and get permissions setup • Identify competing DLP solutions with a solution rationalization • Build a Purview DLP roadmap aligned to your overall product, M365, or security roadmap
  • 45.
  • 46. Questions? Email: drew.madelung@protiviti.com Twitter: @dmadelung Website: drewmadelung.com Slides: http://bit.ly/DrewSlides
  • 47. Deep dive into Purview Data Loss Prevention