There are many options to securing your content in Office 365. In this session we will walk through the solutions, features, and strategies that you can take with you to ensure your content is safe. We will walk through Classifications, Data Loss Prevention, Sharing, Conditional Access, and how all of these work together.
2. Platinum Sponsors
Gold Sponsors
Silver Sponsors
Thank You for being a part of
Office 365 & SharePoint
Saturday Nashville!
Office 365 & SharePoint Users Group
5. Overall security
Data Loss Prevention
Classifications
Securing SharePoint &
OneDrive in
Office 365
SharePoint Saturday Nashville
Sharing
Secure Score
As many demos as I can
6.
7. Data is shared more often
and more widely than ever.
Corporate
Public
Private cloud
Vendors SaaS
Ex-employees
Online
backup
Graphic
designer
Offshore
teams
Legal review
Agency
teams
Project
lead
Sales teams
Project
manager
Project
lead
Remote team
Personal
10. What can we do to ensure we are more secure?
How do we get started?
11. Identity
SSO
MFA
Groups
RBAC/PIM
Location
Trusted Location?
Conditional &
Limited Access
Device
Managed?
Domain Joined?
AAD Joined?
App/Service
Teams
Outlook
OneDrive
SharePoint
Content/Data
Sharing
DLP
ATP
AIP / Sensitivity
Retention
Visibility
Secure Score
Security Graph
Compliance Center
Threat Intelligence
CASB
SIEM
Alerts & Audit
Understand all areas to consider
Full credit https://twitter.com/xgokan
12. Identity
SSO
MFA
Groups
RBAC/PIM
Location
Trusted Location?
Conditional &
Limited Access
Device
Managed?
Domain Joined?
AAD Joined?
App/Service
Teams
Outlook
OneDrive
SharePoint
Content/Data
Sharing
DLP
ATP
AIP / Sensitivity
Retention
Visibility
Secure Score
Security Graph
Compliance Center
Threat Intelligence
CASB
SIEM
Alerts & Audit
Understand all areas to consider
Full credit https://twitter.com/xgokan
13. OneDrive is hosted on SharePoint
All files content is stored within SharePoint
Teams and Yammer files also on SharePoint
File controls shared across systems
Security across systems
Files in Office 365
15. Security & Compliance Administration
Get to know the admin center(s)
Centralized administration for controlling
your Microsoft 365 technologies
Splitting into
• security.microsoft.com
• compliance.microsoft.com
Protection.office.com is still used and you will still need it
16. Secure score – a place to get started
One place to understand your security
position and what features you have
enabled.
Learn what security features are available
to reduce risk while helping you balance
productivity and security.
18. Data Loss Prevention
Prevents sensitive data from leaking either inside or outside the organization while providing user education
and empowerment
Office 365 DLP is common across the enterprise
You can apply multiple policies to different stacks in Office 365 and identify such content as:
• Credit card numbers
• Social security numbers
• Health records
Built on sensitive information types
• You can create your own
Different than Exchange DLP – Based on search
19. Data Loss Prevention
Collection of predefined templates
Policies are synced to the content sources such as:
• SharePoint, OneDrive desktop office apps
Ensure you tune to handle false positives
Priority is important
DLP for Teams is more licensing
Roll out in test mode to start
Utilize the alerting and reporting
21. Sharing for OneDrive can be MORE restrictive but not LESS restrictive than SPO
If sharing turned off globally in SPO any shared links will stop working
Sharing Options
No external sharing
Only existing external users (sign-in required)
New and existing external users (sign-in required)
Anyone, including anonymous users (on by default)
Your SharePoint Online sharing
settings determine which OneDrive
sharing settings are available
Setting Sharing in OneDrive Admin
Center affects SPO
SharePoint & OneDrive external sharing
22. Default link type
Direct, Internal, Shareable
Default link permission
View or Edit
Limited external sharing by user
Only certain users in security group
The following settings apply to both SPO and OneDrive
Anonymous access link permission
View, Edit & Upload or View Only
Anonymous access link expiration
Up to 2 years / 730 days
OneDrive email notifications
Prove account ownership timing
SharePoint & OneDrive external sharing settings
23. Turn on/off external sharing
Tenant, per group, per user
Turn on/off per workload
Teams, PowerBI, SharePoint
Allow guests to invite
Powered by Azure B2B
Guest access review
Domain allow/block
Different than SPO & OneDrive
Configured in Azure AD
Office 365 Group external sharing setting
25. Microsoft Information Protection
MICROSOFT CLOUD APP SECURITY
Visibility into 15k+ cloud apps, data access & usage,
potential abuse
AZURE SECURITY CENTER INFORMATION PROTECTION
Classify & label sensitive structured data in Azure SQL, SQL
Server and other Azure repositories
OFFICE 365 APPS
Protect sensitive information while working in Excel, Word,
PowerPoint, Outlook
AZURE INFORMATION PROTECTION
Classify, label & protect files – beyond Office 365, including
on-premises & hybrid
OFFICE 365 DATA LOSS PREVENTION
Prevent data loss across Exchange Online, SharePoint Online,
OneDrive for Business
SHAREPOINT & GROUPS
Protect files in libraries and lists
OFFICE 365 ADVANCED DATA GOVERNANCE
Apply retention and deletion policies to sensitive and
important data in Office 365
ADOBE PDFs
Natively view and protect PDFs on Adobe Acrobat
WINDOWS INFORMATION PROTECTION
Separate personal vs. work data on Windows 10 devices,
prevent work data from traveling to non-work locations
OFFICE 365 MESSAGE ENCRYPTION
Send encrypted emails in Office 365 to anyone
inside or outside of the company
CONDITIONAL ACCESS
Control access to files based on policy, such as identity, machine
configuration, geo location
Discover | Classify | Protect | Monitor
SDK FOR PARTNER ECOSYSTEM & ISVs
Enable ISVs to consume labels, apply protection
26. Sensitivity Labels vs Retention Labels
Sensitivity labels Retention labels
Description Labels to classify and protect emails,
documents, Sites, Groups
Labels to classify and preserve emails & documents in
O365 only – Exchange, SPOD, Groups
Label Settings
• Encryption
• Content Marking
• Endpoint DLP
• Conditional Access Controls*
• Retention
• Deletion
Label Persistence Yes No
27. AIP vs Unified
Investment being made to Unified
Uses similar back end
Can run both via a ‘migration’
AIP client 1.4x and 2.0x for Unified upgrade
AIP has extended features
29. What
Where 3rd party apps and services (MIP SDK)
How
Office 365 Windows Azure
Unified Labels with Microsoft Information Protection (MIP)
ISVs
Unified labels vision
30. LabelDiscover Classify
Sensitivity Retention
Data growing at exponential rate
Encryption
Restrict Access
Watermark
Header/Footer
Retention
Deletion
Records Management
Archiving
Sensitive data discovery
Data at risk
Policy violations
Policy recommendations
Proactive alerts
Comprehensive policies to protect and govern your
most important data – throughout its lifecycle
Unified approach to discover, classify & label
Automatically apply policy-based actions
Proactive monitoring to identify risks
Broad coverage across locations
Apply label
Unified approach
Monitor
32. No extra cost
Microsoft 365 E3 /P1
Microsoft 365 E5 / P2
Additional Costs
Full credit https://twitter.com/jussiroine
Licensing
33. Problems of security
Users need to access data from any device, location
End userData admin/Compliance admin
Increase in data leakage & theft
Challenge in training users on security policies
Bottomline: Protect data & have happy users
Who should I share and what kind of data?
Where can I save what kind of data?
What are my company policies and how
do I remember those?
Bottomline: Just need to get the work done
34. Advice
Complexity is the worst enemy of Security
Find balance between too much security and ensuring your content is secure
Educate your team
35. • xxxx
Help Contribute &
Stay Informed!
Microsoft Tech Community
https://techcommunity.microsoft.com
Microsoft 365 Roadmap
https://fasttrack.microsoft.com/roadmap
Security & Compliance Flipbook
https://teamworktools.azurewebsites.net/sec/