The document presents a session at the SPS Geneva event focused on Azure Information Protection and its integration with Office 365, highlighting goals including understanding data classification and Microsoft’s roadmap for information protection. It covers key features like document encryption, sensitivity labels, and compliance with regulations such as GDPR. The session emphasizes automation and protection of sensitive information across various platforms, showcasing tools for classifying and securing content.

1. #SPSGeneva6th December 2018
Geneva
WELCOME

2. #SPSGeneva
Azure Information Protection
Albert Hoitingh – Motion10

3. #SPSGeneva
#SPSGeneva

4. #SPSGeneva
A Huge “Thank You!” To Our Sponsors …

5. #SPSGeneva
Albert Hoitingh
• Solution Architect
• Motion10
• The Hague
• Working for over 25 years in IT (sigh…..)
• Microsoft MVP for Enterprise Mobility

6. #SPSGeneva
Our four goals for this session
• Have an understanding of AzureIP from a
functional and IT management perspective
• Know about Office 365 message encryption
• Get to know the new sensitive information labels
in Office 365
• See the Microsoft roadmap for information
protection

7. #SPSGeneva
Data lives and travels everywhere
On-premises
Courtesy of Microsoft

8. #SPSGeneva
Three reasons for information
protection
• Regulatory compliance (GDPR anyone?)
• Information/knowledge workers need to be aware of data
classification within the enterprise
• Secure internal and external sharing without data losses
© 2018

9. #SPSGeneva
Microsoft Information Protection
Courtesy of Microsoft

10. #SPSGeneva
Classify
• Automatic | Recommended | Manual
override | User-specified
• Microsoft Office, Adobe
• Windows Explorer, Mac Finder, Scanner and
Cloud App Security
• Label stays with content
• Visual markings applied
• Label dashboard

11. #SPSGeneva
Classify - taxonomy
• Business provides policies and rules
• IT configures

12. #SPSGeneva
Protect
• Standard permissions or custom
• Based on label or “do it yourself”
• User, group or domain based
• Super-user role
• Owner stays in control
• Protection stays with content

13. #SPSGeneva
DEMO

14. #SPSGeneva
Some (technical) details
• Document encryption: AES (128 and 256 bits)
• Key protection: RSA (2048 bits)
• Certificate signing: SHA-256
• Client required, can be protected using conditional access
Licensing
• Office 365 Message Encryption | SharePoint Online IRM
• Stand-alone (P1/P2) | EMS (E3/E5) | Microsoft 365 (E3/E5)

15. #SPSGeneva
(Active) Directory is key

16. #SPSGeneva
DEMO

17. Automation and cloud apps

18. #SPSGeneva
Azure Information Protection Scanner
• Detect, label and protect content on file-
shares, NAS and on-premises SharePoint
farms
• Exchange on-premises is not covered by the
scanner
• Discovers and can also classify
• Creates reports of discovered information
• New scanner dashboard is now available

19. #SPSGeneva
Microsoft Cloud App Security
• Label and protect content in SaaS applications
• Can scan for sensitive content across SaaS
applications
• Applications included are Office 365,
DropBox, OneDrive, Salesforce and more
• Can apply policies when a label is detected

20. #SPSGeneva
DEMO

21. Securing e-mails

22. #SPSGeneva
© 2018
Office 365 message encryption
• Part of Office 365 licensing
• Allows for “Do-not-forward” and “Encrypt
only”
• Works for any e-mail recipient
• Can make use of Exchange routing rules
• Encryption includes the attachments (heads
up!)
22

23. #SPSGeneva
© 2018
Office 365 message encryption
23

24. #SPSGeneva
DEMO

25. Office 365 sensitivity labels

26. #SPSGeneva
Office 365 sensitivity labels
• Aims to bring AzureIP and Office
365 together
• Offers both labels and settings for
SharePoint sites
• Requires a new sensitivity client
(not the AzureIP client)
• Note the distinction between
sensitivity and retention labels!

27. #SPSGeneva
Labels extend to SharePoint sites and
groups
• Set controls on sites based on the label
• Set the site’s classification based on the label

28. #SPSGeneva
Sensitivity labels vs. AIP
• Managed from the Security & Compliance Center
• Only works with Office 365 groups or persons
• Enables Windows 10 endpoint data loss prevention
• Custom permissions and remove permissions don’t work in Office
• Does not offer:
• Color
• Hold your own key
• Automatic application of label

29. #SPSGeneva
DEMO

30. Roadmap and take ways

31. #SPSGeneva
• Unified Labeling in Office SCC (Now)
• Unified Labeling in new M365 SCC (EOY18)
• Labeling in Office apps on Mac and mobile (Preview now)
• Labeling in Office apps on Windows (Preview EOY18)
• Labeling in Outlook mobile (Preview EOY18)
• Adobe PDF Preview and GA with MIP
• Windows GA with MIP labels
• MCAS + MIP GA
• MIP SDK GA
• AIP customers starting migration on pre-prod tenants
• Partner ISVs going GA with MIP
Now – 3 Months
• Auto-classification for sensitivity outcomes
• AIP customers migrate to using M365 SCC for
admin experiences
3 – 6 Months
Microsoft roadmap https://www.yammer.com/askipteam/#/home

32. #SPSGeneva
Take aways
• There’s a lot happening with Microsoft Information Protection
• (Azure) Information Protection is a piece of the puzzle
• Automate Azure Information Protection for the important stuff (PII, highly confidential,
etc)
• Content is everywhere, use Cloud App Security/PowerShell/AIP scanner to identify and
protect
• Look at the new sensitive labels and Office 365 integration

33. #SPSGeneva
Thank You!
Office365 under siege - 15:15 – Room 1
@alberthoitingh
albert.hoitingh@motion10.com
https://alberthoitingh.com
https://www.linkedin.com/in/appieh/

34. #SPSGeneva6th December 2018
Geneva
WELCOME