Joanne Klein presented on information management and data protection in Office 365. She discussed the changing digital workplace and challenges of managing information across collaboration tools. She covered Microsoft's information protection approach including classification, labeling, encryption, and tracking. Klein demonstrated Azure Information Protection for labeling and protecting documents and retention policies for managing retention across Office 365. She emphasized starting small, using standard labels, and encouraging the right user behaviors for data protection.

1. Photo by Mark Solarski on Unsplash
A presentation by Joanne
Klein
#SPUnite17

4. @JoanneCKlein
joannecklein@nexnovus.com
https://joannecklein.com
Joanne Klein
SharePoint/O365 consultant, Microsoft MVP
Speaker , Trainer, Volunteer
Saskatchewan SharePoint/O365 User Group

5. Information Management
…the acquisition of
information from one
or more sources, the
custodianship and the
distribution of that
information to those
who need it, and its
ultimate disposition
through archiving or
deletion… #WOCinTech

7. Collaboration options changing
The Challenges in Office 365
Data Protection options evolving

8. What IWon’t Cover
eDiscovery and Audit
Identity and Device Protection

9. 3
2
1
4
5
The Digital Workplace
Information Management
Office 365Tools to Help
Demos
Sage advice

10. The DigitalWorkplace

11. Whatisit? “… a business strategy that
enables new and more
effective ways of working,
improves employee
engagement and agility, and
exploits consumer-oriented
styles and technologies.”
– *Gartner

12. Workplacedisrupted The number of teams compared
to five years ago
Of the world’s data was created in
the last two years
The number of remote workers
compared to 10 years ago
Of workforce will be made up of
millennials by 2020
2x
90%
4x
50%

13. Organizations using
SharePoint/OneDrive
as part of O365
Growth of SharePoint usage
in the last year
Growth of content stored
in the last year
Of SharePoint seats
are Online
MicrosoftNumbers
FromIgnite
300K
90%
300%
>65%

14. Department
Division
Team
User
Groups
Formal
Projects
Similar
Job Role
Special
Interest
Informal
Projects
Tiger
Team
Organization
wide

15. BusinessValueofCollaboration?
Stay Competitive
Maximize contribution
Mobile & remote workers
External partners/suppliers
Productivity Metrics

16. “What tool to use when?”
Information Management
ChallengeswithCollaboration
inOffice365

17. What tool to use when…

18. • Corporate Portal1
• DivisionAreas2
• Project Sites/Workspaces3
• Team/Community Sites4
• Personal Sites5
Structure and
Governance

19. • Corporate Portal1
• DivisionAreas2
• Project Sites/Workspaces3
• Team/Community Sites4
• Personal Sites5
Structure and
Governance
COLLABORATION
LIVES HERE WORKPLACE DISRUPTION

20. “WhenTo UseWhat” in
Office 365
by 2toLEAD
“Collaboration
from Millennials
to Boomers”
by Avanade
“When do I Use
What?”
by AvePoint
“Choose the right
collaboration
tool for your
group” by
Microsoft

21. When to UseWhat tool? It depends!!
What’s the
audience
size?
What’s
the
urgency? What’s the
tone of the
message?
What’s
the
purpose?
Should this
be private?
EnterpriseTechnology Strategy Corporate Culture
Who’s on
the team?
Is this an
official
channel?

23. Understand
collaboration
features
Own your own
organization
strategy
Train/guide
staff on feature
capabilities
Collaboration

24. Stop right there!

25. Information Management

26. Information is changing!
Team
Channels
Documents
Persistent
Chat
Group
Conversations
Yammer
Posts
Emails
Video
Channels
Planner
Tasks
Social
Media
Flows
Power
Apps

27. Team
Channels
Documents
Persistent
Chat
Group
Conversations
Yammer
Posts
Emails
Video
Channels
Planner
Tasks
Social
Media
Flows
Who we share it with is also
changing!
Power
Apps

28. Partners
and
SuppliersTeam
Channels
Documents
Persistent
Chat
Group
Conversations
Yammer
Posts
Emails
Video
Channels
Planner
Tasks
Social
Media
Flows
Who we share it with is also
changing! Co-workers
CustomersPower
Apps

29. Your perimeter
Company internal

30. Your perimeter
Company internal
Mobility
Managed Devices

31. Your perimeter
Company internal
Mobility
Managed Devices
External Sharing
Secured Data

32. Your perimeter
Company internal
Mobility
Managed Devices
External Sharing
Secured Data

33. Applies
to all
Hefty fines
Consent
Breach
Notifications
Privacy

34. How do we manage
and protect this
information?

35. Microsoft Information Protection

36. Threat
Protection
Identity &
Access Mgmt
Secure Access
& Sharing
Information
Protection
Compliance
Solutions
“Empower users and enable collaboration while
protecting your corporate assets”

37. 1
Establish
Information
Protection
priorities
2 3
Set org’s
minimum
standards
Find and
protect
sensitive data
4
Protect
high-value
assets (HVA)

38. A Data-CentricApproach
OldWorld Model
“Catch everything before it
leaks”
NewWorld Model
“Data is born being classified,
labeled & protected”

39. Office 365 Personas Needed

40. IT
Administrator
Office 365 Personas
Compliance
Officer
Records
Manager
Information
Worker

41. Office 365Tools

43. External
Sharing
Policies
Device
Access
Policies
Classification,
labeling &
Protection (CLP)

44. Azure
Information Protection
Data Loss
Prevention
Retention Policies

45. Azure Information Protection
… a cloud-based
solution to help
organizations classify,
label, and protect
documents and emails
across apps and
services.

47. Classification
and
Labeling
Protection
and
Use Rights
Tracking
and
Reporting

48. Data Protection Lifecycle
Classification
Labeling

52. Tip 1
Pick
standard
labels

53. Resonate
with
users
Not use
jargon or
acronyms

54. Non-Business
Public
General
Confidential
Highly Confidential
Low business impact
Medium business impact
High business impact

55. Wide Open
Keep it in the Family
Lock it down

56. Tip 2
Create
sub-labels

57. HR Finance Legal

58. Risk of
internal
consumption
Need for
external
consumption
Someone has
to manage
these!

59. Tip 3
Use scoped
policies

60. Secret
Project
Board
Members
Specialized
Team

61. Demo
AIP Scoped Policies

62. Tip 4
Encourage
right user
behaviour

63. 1
User-driven
2 3
Recommended
Automatic
Start here

65. Demo
AIP Policy Recommendations

66. Tip 5
Protect and
Enforce

67. Data Protection Lifecycle
Classification
Labeling
Encryption
Access Control
Policy Enforcement

69. Demo
Azure RMS Protection
(Prevent Forwarding)

70. Data Protection Lifecycle
Classification
Labeling
Encryption
Access Control
Policy Enforcement
DocumentTracking
Document Revocation

71. https://track.azurerms.com

72. Who?
When?
Where?
Revoke
Exclude

73. Demo
Azure DocumentTracking

74. Data Protection Lifecycle
Classification
Labeling
Encryption
Access Control
Policy Enforcement
DocumentTracking
Document Revocation

75. Where to begin with AIP…
Don’t try to solve it all (0 to 100)Don’t
Start with classificationStart
Apply protection/controls for small use-
cases
Next

76. Retention Policy
… a unified retention
and deletion system
across apps and
services. Done to
comply with industry
regulations and
policies and mitigate
risk.

77. Exchange mailboxes
Public folders
Skype conversations
OneDrive for Business
SharePoint sites
Office 365 Group mail/files

78. 1
Add a
label
2 3
“Retain for 5 years
then delete”
Configure
Settings
Auto-apply
(keyword query
editor)
4
Publish
label(s) to a
policy
(locations)
Budget

79. Label Policy A
Location(s) to publish the labels
Label 1 Label 3
Label 1
Label 2
Label 3
Label 4
Label 5
Label Policy B
Location(s) to publish the labels
Label 3 Label 4 Label 5
Exchange
SharePoint
OneDrive
Office 365
Groups
1
2

80. Labeling a
document
as a record
The item can’t
be permanently
deleted.
The item can’t
be edited.
The label can’t
be changed.
The label can’t
be removed.

81. Demo
Retention Labels

82. Demo
Retention LabelsAuto-applied

83. Retention wins over deletion
Longest retention period wins
Explicit inclusion wins over
implicit inclusion
Shortest deletion period wins

84. Disposition
Review
But we can’t
just delete it!!

87. Suspend the deletion
Remove content with value
Assign a different retention
Transfer content elsewhere
Disposition
Review
Review pending deletions

88. Available now: SharePoint Online and OneDrive for Business
Preview soon: Exchange Online

89. What not to use…

90. • eDiscovery Holds
• Messaging Records Management
Exchange
• eDiscovery Holds
• In place records management
• Site Closure and Deletion Policies
• Information Management Policies (Deletion)
SharePoint
and
ODFB

91. Roadmaps from Ignite

92. • AIP/Retention Unified Labels (Public Preview end 2017)
• AIP Scanner (Oct 2017)
• Event-based retention (Currently in preview)
• Compliance Manager (Preview Signup for Nov 2017 start)
Roadmap/Announcements

94. 1
Windows
Service
2 3
Configures SQL
Service DB
Define
repositories:
- Local folders
- UNC paths
- SP Server URLs
4
Run AIP
Scanner to
scan files to set
label

95. Demoed at
Microsoft
Ignite
Step 1
Define event
types.
Each gets an
AssetID.
Step 2
Associate a label
with an event
type.
Step 3
Assign the label
to a document.
The document
will be given an
AssetID which
associates it back
to the event
type.
“Event-based” retention

96. Compliance Score
• Shows all controls you have configured in your tenant
• Real-time risk assessment
• Actionable insights to improve your score
• Sign up for preview program of Compliance Manager
https://resources.office.com/ww-landing-compliance-manager-trial.html

97. Data Loss Prevention
… system to detect
potential data
breach and prevent
its inadvertent
disclosure.

98. 1
Identify
sensitive
information
2 4
Prevent
accidental
sharing
Help users
to be
compliant
3
Monitor &
protect in
Office clients
Exchange Online SharePoint Online
OneDrive for
Business

99. DLP is constantly checking…
DLP
Content created
or changed
Search crawls
content
Search index updated
DLP Policies
query
Search index
DLP policies
take action
1
3
4
5
2

100. What is DLP?
DLP Policy
Locations
to apply
the policy
Rule 1
Rule n
Conditions Actions
Conditions Actions

101. Rule 1
Conditions Actions
SensitivityTypes Block sharing
Alert user
Allow override
Financial Data
Credit Card
Numbers
Social
Insurance
Numbers
Health
Records
Label

103. DLPPolicyTip
in
SharePoint
andODFB

104. Demo
DLP PolicyTips

106. Business data only
Group
No Business data allowed
Group

107. MySageAdvice

108. • End-user doesn’t label or labels incorrectly
• AIP label not defined yet
AIP
needs DLP
• Period of time before content is crawled
DLP
needs AIP
TIP: Put AIP Label at priority 1 position of DLP rules.

109. Start with
recommendations
Training
“Data Protection 101”
“When to use what label”
Beware
of
rogue IT
Take time to
define your
Labels
Simplicity
is
Genius
Work with
IM/Compliance
Team(s)
Itallcomesdowntothis…

110. @JoanneCKlein joannecklein.com joannecklein@nexnovus.com
Images by: wocintechchat.com
Thank you!
Questions?

111. https://docs.microsoft.com/en-
us/information-protection/get-started/faqs-rms
https://docs.microsoft.com/en-
us/information-protection/get-started/scenario-sharepoint
https://flow.Microsoft.com/en-
us/blog/introducing-data-loss-prevention
http://www.eugdpr.org/key-changes.html
https://joannecklein.com/2017/05/30/o365-data-governance-and-
retention-a-measured-approach/
https://resources.office.com/ww-
landing-compliance-manager-trial.html

112. http://productivitylibrary.fasttrack.microsoft.com
http://www.2tolead.com/whitepaper-when-to-use-what-in-
office-365/?ref=header
http://blog.avanade.com/avanade-insights/collaboration/microsoft-
teams-supercharges-collaboration-for-millennials-to-boomers/
https://www.avepoint.com/blog/strategy-blog/how-to-use-office-365-
groups/