CTRL + ALT + Data Security #13

New Episode of Coast 2 Coast is out!

In this episode Lou and Beau delve into the intricacies of AI Hub within the Purview console, highlighting the significance of onboarding and the browser extension for enhancing insights and compliance management. They discuss the importance of activation for new users, the reassurance provided by the browser extension, and the detailed links available for further information.

The conversation also covers the new regulations and the convenience of the new Purview portal.

Product Updates and Announcements

Insider Risk Management

Integration of Adaptive Protection and Conditional Access

We all know the challenges of keeping data secure and managing access effectively. It’s tough when you’re juggling multiple solutions that don’t talk to each other, leaving gaps that can be exploited.

Imagine an employee is flagged for potential insider risk. They’re on a sensitive project and start showing signs of risky behavior. With this integration, we can immediately apply the right access policies. As their risk level changes, the policies adapt, ramping up controls or restricting access to key apps and systems, all without the data security admin having to lift a finger.

In Conditional Access, we’re now combining insights on insider and sign-in risks. This means we’re protecting our data from both external and internal threats with a layered security strategy. It’s about keeping unauthorized access, data leaks, and theft at bay. With Conditional Access tackling both external and insider threats, we’re ensuring our data stays safe and boosting our defense against the ever-changing landscape of cyber threats.

Adaptive Protection's integration with Microsoft Purview Data Lifecycle Management (DLM) is in public preview!

Adaptive Protection within Data Loss Management (DLM) serves as a sophisticated mechanism to safeguard your organization’s data. It seamlessly integrates dynamic insider risk levels, determined by data activity patterns, with policy engines. This integration enables the automatic adjustment of user policy status in response to fluctuating risk levels.

For instance, consider a scenario where a sales team member exhibits unusual behavior, such as downloading or attempting to email sensitive data in abnormal quantities. Such actions elevate their insider risk level. A subsequent resignation would further escalate their risk status.

Upon reaching an elevated risk level, DLM policies are dynamically enacted to secure copies of any files the individual deletes from SharePoint or OneDrive, as well as emails within Exchange for Microsoft 365. This proactive measure ensures that, in the event of attempted data sabotage, the investigative team possesses a comprehensive log of the deleted items, facilitating an effective assessment of the breach’s impact and enabling prompt data restoration.

Conversely, should the individual’s risk level diminish over time to moderate, minor, or non-existent, DLM policies are correspondingly adjusted. The user is automatically disassociated from the heightened security measures, ceasing the retention of deleted content. Nonetheless, any content copies retained during periods of elevated risk are maintained for the duration specified by the retention label, which is 120 days. This approach ensures a professional balance between stringent security and the minimization of unnecessary surveillance.

Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint is in public preview!

Dynamic watermarking is the latest innovation we’re bringing to sensitivity labels in Word, Excel, and PowerPoint. It’s designed to act as a deterrent against data leaks and to help trace the source if a leak occurs. We’re thrilled to introduce this feature in a public preview, with full availability expected later in 2024.

Here’s how it works: when an admin activates dynamic watermarking for a sensitivity label, any file tagged with that label will display the watermark when opened in Word, Excel, or PowerPoint. This watermark isn’t just static text; it includes the user’s UPN (email address), tying any potential leak directly to the individual who accessed the file. Despite the watermark, users can still interact with their files normally—editing, viewing, and collaborating without hindrance, with the watermark consistently overlaying the content.

For added security, only the file owner can bypass the watermark. Other users must access the file through Office clients that support dynamic watermarking. Attempting to open a watermarked file in an unsupported Office version will result in an access denied message. For those without a compatible Office client, Office for the web is the go-to solution for handling watermarked files.

Setting up is straightforward: select “Use Dynamic Watermarking” when you’re configuring encryption for a label in the Purview compliance portal. It’s a simple yet powerful way to enhance the security of your sensitive information.

Blogs and Media

A great blog post from Martin Lingstuyl on Extending Microsoft 365 with custom retention controls, well worth the read!

Quick summary from the article:

"Recently, Joanne C Klein published a post on side effects of only using auto-applying retention labels. Whether those side effects are actually showstoppers or not, an organisation would need to know those challenges upfront when implementing retention controls. This blog post is about a small Microsoft 365 extension I’ve built to allow people to work around those challenges."

Find it here: https://www.blimped.nl/extending-microsoft-365-with-custom-retention-controls/

Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available

In the age of AI, simplifying your Zero Trust strategy is key. This morning, we announced the GA of the Entra Suite and Microsoft Sentinel within Microsoft’s unified security operations platform to help you further simplify the implementation of a Zero Trust architecture across the full lifecycle from prevention to detection and response.

Full blog post here: https://www.microsoft.com/en-us/security/blog/2024/07/11/simplified-zero-trust-security-with-the-microsoft-entra-suite-and-unified-security-operations-platform-now-generally-available/