Successfully reported this slideshow.

Scottish Summit 2022 - Secure and manage your data in Microsoft Teams

0

Share

1 of 56
1 of 56

Scottish Summit 2022 - Secure and manage your data in Microsoft Teams

0

Share

Download to read offline

Collaboration is a crucial part of our daily work lives. Microsoft Teams made collaboration easier and the sky is the limit. In between all the applause and cheers, customers are starting to answer an important question: How can we secure and manage our data? Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to answer this question. You can expect real world advise around sensitivity & retention labels, DLP and managing external access.

Collaboration is a crucial part of our daily work lives. Microsoft Teams made collaboration easier and the sky is the limit. In between all the applause and cheers, customers are starting to answer an important question: How can we secure and manage our data? Jasper Oosterveld, Microsoft MVP & Modern Workplace Consultant, is going to answer this question. You can expect real world advise around sensitivity & retention labels, DLP and managing external access.

More Related Content

More from Jasper Oosterveld

Related Books

Free with a 30 day trial from Scribd

See all

Scottish Summit 2022 - Secure and manage your data in Microsoft Teams

  1. 1. #ScottishSummit2022 Secure and manage your data in Microsoft Teams Jasper Oosterveld Microsoft MVP & Modern Workplace Consultant
  2. 2. #ScottishSummit2022 Thank You to our Sponsors… Event Sponsor Platinum Sponsors
  3. 3. #ScottishSummit2022 Thank You to our Sponsors… Gold Sponsors Accessibility Event Lunch Data Analytics Data Quality
  4. 4. #ScottishSummit2022 Speaker Bio • Microsoft Teams • Compliance • Governance • Adoption “Try to be kind” Microsoft MVP & Consultant www.linkedin.com/in/jasperoosterveld www.jasperoosterveld.com @jasoosterveld
  5. 5. #ScottishSummit2022 Power of Microsoft Teams Chat Meetings Calling Apps & workflows Collaboration
  6. 6. #ScottishSummit2022 Business value Increase productivity Compliant & secure Central & integrated work experience Accelerate digital transformation
  7. 7. #ScottishSummit2022 Customer worries • Teams' explosion • Duplication • Purpose unclear • Findability • External access & sharing • Being safe and compliant
  8. 8. #ScottishSummit2022 External Access Managing external access while working with Microsoft Teams
  9. 9. #ScottishSummit2022 Risks • Guests get access to sensitive content (public channels). • Guests can download and leak sensitivity information.
  10. 10. #ScottishSummit2022 Before you enable external access • Define your internal policies for inviting and working with guests in Microsoft Teams.
  11. 11. #ScottishSummit2022 Managing the risks • Apply MFA for guests. • Apply sensitivity labels & DLP to protect sensitive content. • Apply Conditional Access for unmanaged devices.
  12. 12. #ScottishSummit2022 Managing external access • Block or allow specific domains. • Expiration policy. • Reauthentication (verification code). • Enable for specific teams. • Type of sharing link (new and/or existing).
  13. 13. #ScottishSummit2022 Reviewing external access • Azure Access Reviews (Azure AD P2) • Custom solution (for example: blog.atwork.at | Groups Governance Toolkit Part 5-External Guests). • 3rd party solution (for example: ShareGate & AvePoint).
  14. 14. #ScottishSummit2022 Being safe & compliant An introduction to the importance of a compliance strategy & implementation.
  15. 15. #ScottishSummit2022 Trends Data is exploding! 10x amount of data created and stored by 2025 (vs. 2016). The regulatory landscape is complex and shifting.​ COVID-19 caused an explosion in the usage of Microsoft Teams.
  16. 16. #ScottishSummit2022 Challenges 88% of organizations no longer have confidence to detect and prevent loss of sensitive data. >80% of corporate data is “dark” – it’s not classified, protected or governed. Protecting and governing sensitive data is biggest concern in complying with regulations. Source 1.Forrester. Security Concerns, Approaches and Technology Adoption. December 2018 2.IBM. Future of Cognitive Computing. November 2015 3.Microsoft GDPR research, 2017
  17. 17. #ScottishSummit2022 Risks High fines Reputational damage Go out of business
  18. 18. #ScottishSummit2022 Real world examples • "OLVG receives fine of 440,000 euros for unlawful access to sensitive information". • "Personal data of 65,000 civil servants on the street due to data leak at ministry. • "Over 100,000 resumes illegally downloaded at Employee Insurance Agency“.
  19. 19. #ScottishSummit2022 Three important questions 1. Do you know where your business critical and sensitive data resides and what is being done with it? 2. Do you have control of this data as it travels inside and outside of your organization? 3. Are you using multiple solutions to classify, label, and protect this data?
  20. 20. #ScottishSummit2022 Microsoft Purview Microsoft to the rescue 
  21. 21. #ScottishSummit2022 Microsoft Purview
  22. 22. #ScottishSummit2022 Purview Information Protection Broad coverage Discover Classify Protect Monitor Devices Apps Cloud services On-premises
  23. 23. #ScottishSummit2022 Information Classification Policy Non-business data, for personal use only. Company data specifically prepared and approved for public use. Company data intended for general use within and outside the organization (business partners). Sensitive company data that damages the company if it is shared with unauthorized people. Highly sensitive company data that causes damage to the company if it is shared with unauthorized people. Personal Public Internal Confidential Secret
  24. 24. #ScottishSummit2022 Information protection policy Personal “Non-business data, for personal use only.” No protection “Company data specifically prepared and approved for public use.” No protection “Company data intended for general use within and outside the organization (business partners).” No protection Internal Public
  25. 25. #ScottishSummit2022 Information protection policy “Sensitive company data that damages the company if it is shared with unauthorized people.” • Accessible for all Contoso employees (internal) & for authorized persons (external). • Example: HR & Finance “Highly secret company data that causes damage to the company if it is shared with unauthorized people.” • Accessible to authorized people per department. • Example: Board of Directors Confidential Secret
  26. 26. #ScottishSummit2022 Sensitivity labels Classifying and protecting your data & teams.
  27. 27. #ScottishSummit2022 Sensitivity labels: What? 1.Classify & protect sensitive information. 2.Classify Microsoft 365 Groups.
  28. 28. #ScottishSummit2022 Sensitivity labels: Why? Sensitive information • Protect sensitive information from unauthorized access by applying encryption. • The encryption continues to work regardless of the location of the sensitive information.
  29. 29. #ScottishSummit2022 Sensitivity labels: Why? Microsoft 365 Groups (Microsoft Teams) • Enforcing governance agreements: • Default privacy setting. • Enable or disable guest access. • Type of external sharing links. • Type of access with unmanaged devices.
  30. 30. #ScottishSummit2022 Sensitivity labels: How? • Applied manually (E3) or automatically (E5).
  31. 31. #ScottishSummit2022 Auto labels & sensitive info types • Pattern-based classifiers for sensitive content. • Out-of-the-box: • IBAN • Credit card • Social Security Number • Create your own: • PlayStation 6
  32. 32. #ScottishSummit2022 #ScottishSummit2022 Scenario • Megan works on the development of the PlayStation 6 (codename: Project Raven). • She wants to classify & protect the content related to the project. Megan Bowen Marketing specialist
  33. 33. #ScottishSummit2022 #ScottishSummit2022 Solution • Sensitivity label for file & e- mail. • Custom Sensitive Information Type (SIT) for PlayStation 6. • Auto classification connected to the SIT. Classify & protect Project Raven content
  34. 34. #ScottishSummit2022 Demo Manually & automatically apply a label to sensitive information.
  35. 35. #ScottishSummit2022 #ScottishSummit2022 Scenario • Alex works as PM on the development of the PlayStation 6 (codename: Project Raven). • Alex wants a private & secure collaboration space with Microsoft Teams. • External access is only allowed with approved accounts. Alex Wilber Project Manager
  36. 36. #ScottishSummit2022 #ScottishSummit2022 Solution • Sensitivity label for M365 Groups. • Attach to project sites. Classify teams to enforce governance requirements
  37. 37. #ScottishSummit2022 Demo Sensitivity labels & Microsoft Teams
  38. 38. #ScottishSummit2022 Data Loss Prevention Detect sensitive information
  39. 39. #ScottishSummit2022 DLP: What? • Identify, monitor, and automatically protect sensitive items.
  40. 40. #ScottishSummit2022 DLP: Why? • Prevent the conscious or unconscious sharing of sensitive information with colleagues and/or external people.
  41. 41. #ScottishSummit2022 DLP: How? High level • Create a policy based on existing regulations (GDPR) or customize your own. • Select the location (M365, OnPrem, Devices, OS & non-MS cloud apps). • Define your policy settings (conditions & actions). • Test & deploy.
  42. 42. #ScottishSummit2022 #ScottishSummit2022 Scenario • She wants to prevent the sharing of Project Raven information in other teams. Megan Bowen Marketing specialist
  43. 43. #ScottishSummit2022 #ScottishSummit2022 Solution • Data Loss Prevention Policy for all Microsoft 365 services. • Connect with Project Raven Sensitive Information Type. Prevent sharing sensitive information
  44. 44. #ScottishSummit2022 Demo Data Loss Prevention
  45. 45. #ScottishSummit2022 Data Life Cycle Management Formerly known as Information Governance
  46. 46. #ScottishSummit2022 Data Lifecycle Manage: What? • Govern your data for compliance or regulatory requirements.
  47. 47. #ScottishSummit2022 Options • Retain content for a specified period (days, months & years). OR • Retain & automatically delete content after a specified period (days, months & years). OR • Automatically delete content after a specified period (days, months & years). OR • Retain content forever.
  48. 48. #ScottishSummit2022 Retention: How • Retention Policies • Retention Labels • Record Management
  49. 49. #ScottishSummit2022 #ScottishSummit2022 Scenario • Alex wants to preserve all content from Project Raven for an indefinite amount of time. Alex Wilber Project Manager
  50. 50. #ScottishSummit2022 #ScottishSummit2022 Solution • Retention Policy for the Project Raven team. • Retention Label for all Microsoft 365 services. Preserve all Project Raven content
  51. 51. #ScottishSummit2022 Demo Data Lifecycle Management
  52. 52. #ScottishSummit2022 Conclusion Finish with some tips & tricks
  53. 53. #ScottishSummit2022 Tips & tricks • Start by defining your policies instead of a focus on the technology! • Start with a pilot. • Don’t forget about governance & change management. • Be aware of licensing! Auto = E5, DLP & Teams = E5.
  54. 54. #ScottishSummit2022 Thank You to our Sponsors… Event Sponsor Platinum Sponsors
  55. 55. #ScottishSummit2022 Thank You to our Sponsors… Gold Sponsors Accessibility Event Lunch Data Analytics Data Quality
  56. 56. #ScottishSummit2022 Thank you!

×