CTRL + ALT + Data Security #14

Product Updates and Announcements

General Availability of Microsoft 365 Backup and Microsoft 365 Backup Storage

Microsoft 365 is engineered to deliver unparalleled availability, disaster recovery, security, and data privacy. In light of the escalating frequency and magnitude of ransomware attacks, our customers have expressed a desire for more advanced self-service recovery options. It is with great pleasure that we announce the general availability of Microsoft 365 Backup, as well as the developer-oriented Microsoft 365 Backup Storage platform. These offerings are designed to empower you to meet these challenges head-on.

Features include:

? Microsoft 365 Backup offers efficient backup and recovery of your essential active data, ensuring business continuity with a speed that significantly surpasses traditional migration-based backup methods.

? Microsoft 365 Backup Storage provides third-party backup developers with the tools to offer you the benefits of the native Microsoft 365 Backup solution through their integrated applications.

Microsoft 365 Backup

Microsoft 365 Backup enables rapid recovery of your OneDrive, SharePoint, and Exchange data at unparalleled speeds. By retaining backups within the Microsoft 365 trust boundary, we minimize the risk of security breaches and restrict excessive data access by applications. Microsoft 365 Backup ensures your business continuity with quick backups, frequent recovery points, and reduced average recovery times, even at a large scale. Our customers can experience mass restoration speeds up to 20 times faster than conventional backup and restoration methods for substantial volumes of Microsoft 365 data

Microsoft 365 Backup Storage

Microsoft 365 Backup Storage stands as our premier platform for large-scale Microsoft 365 data backup and restoration. It not only fuels our native Microsoft 365 Backup service but also empowers independent software vendors (ISVs) to develop robust applications. These applications utilize the Microsoft 365 Backup Storage APIs, enabling ISVs to backup and swiftly recover data to its healthy state, ensuring rapid business continuity post-attack. Users benefit from the core features of Microsoft 365 Backup, augmented by the added value of vendor-specific applications that harness the capabilities of the Microsoft 365 Backup Storage platform.

Full blog post here: https://techcommunity.microsoft.com/t5/microsoft-365-backup-blog/microsoft-announces-general-availability-of-microsoft-365-backup/ba-p/4205300

Information Protection

Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint (Preview)

ensitivity labels from Microsoft Purview Information Protection provide robust controls to restrict access to sensitive documents and prevent inappropriate actions such as printing, while facilitating seamless collaboration. Despite these measures, there remains a vulnerability where users could potentially capture sensitive information displayed on their screens or during presentations, both virtually and in-person. Current technology does not entirely prevent certain methods of screen capture, creating a gap in the protection offered by sensitivity labels.

We are pleased to introduce dynamic watermarking, an innovative enhancement for sensitivity labels within Word, Excel, and PowerPoint. This feature is designed to discourage the unauthorized disclosure of sensitive information and to help trace the source of any leaks that may occur. Dynamic watermarking is currently available in public preview, with a full general availability rollout expected later in 2024.

With dynamic watermarking activated by an admin for a specific sensitivity label, documents tagged with that label will display dynamic watermarks when accessed in Word, Excel, and PowerPoint.

The dynamic watermarks implemented in Microsoft 365 include the User Principal Name (UPN), or email address, linked to the account accessing the file. This feature enables the tracing of any leaks to specific individuals. While users retain the ability to view, edit, and collaborate on their files as normal, the watermarks remain persistently visible over the content.

For enhanced security, only the file’s owner can open the file without the dynamic watermark. Other users must use Office clients that support this feature. Should a user attempt to access a watermarked file via an unsupported Office version, they will encounter an ‘access denied’ notification. Users without a compatible Office client should utilize Office for the web to interact with watermarked files.

Data Loss Prevention

How Office is improving the reliability of DLP policy tips on Windows

For administrators utilising SharePoint and OneDrive DLP rules to safeguard sensitive organizational files, you may have encountered inconsistencies with policy tips in Word, Excel, and PowerPoint on Windows.

We’ve taken your feedback on board and are excited to announce an upcoming update to the Office apps on Windows. This enhancement will significantly boost the reliability of DLP policy tips for files stored in SharePoint and OneDrive for Business. The update will modify the approach Office uses to determine the necessity of displaying a policy tip. Rather than independently evaluating the policy rules, Office will now reflect the same policy tip displayed in SharePoint and OneDrive for Business. This ensures that SharePoint or OneDrive for Business remains the definitive authority, with Office maintaining alignment on the display of policy tips.

Additionally, this update removes the requirement for Office to download and store policy XML files, which may contain sensitive information.

Key details of the new update include:

• The update pertains to files in ODSP, whether accessed directly or through a sync-backed folder, and opened with a work account (AAD identity) that has the appropriate ODSP DLP licensing.
• The update functions exclusively online, without any data caching. Offline users will not see any policy tip UX. If a user disconnects after a policy tip was displayed while online, the policy tip will persist.
• The update will not alter existing functionalities such as overriding a policy tip, reporting a false positive, or disabling policy tip UX. These options will continue to operate as usual.

eDiscovery

Support for Microsoft Planner

Microsoft Purview eDiscovery now fully supports the search and legal hold capabilities for Microsoft Planner data. This advancement allows administrators to perform content searches and apply legal holds to Planner tasks within Purview. The scope of Planner data accessible for eDiscovery encompasses tasks shared with groups, along with their associated comments and attachments.

Modern eDiscovery in new Microsoft Purview Portal

The upcoming modernization of the Microsoft Purview eDiscovery user experience (UX) in the Purview portal is set to streamline your workflow. With the integration of Content Search, eDiscovery Standard, and eDiscovery Premium, navigating between non-premium and premium features will become more intuitive. This UX enhancement introduces several new features to improve the eDiscovery process:

• Enhanced search efficiency with message ID and sensitivity labels, enabling quicker access to pertinent information.
• An improved search interface for Sensitive Information Type (SIT), allowing for easier selection without the need for manual input.
• Advanced Data Source Mapping to link a user’s OneDrive using details like the mailbox Simple Mail Transfer Protocol (SMTP) address or the user’s name, simplifying data retrieval and management.
• Powerful investigation capabilities that include insights into a user’s frequent collaborators, offering a comprehensive view of the user’s network.
• The new Data Source synchronization feature keeps you informed of any new or removed data locations, ensuring that eDiscovery investigations are up-to-date with the current data landscape.
• The introduction of a visual Statistics feature provides quick insights, such as the presence of Sensitive Information Types and the top communication participants.
• A transparent progress bar for monitoring long-running processes, with the option to cancel certain types if necessary.
• A full process report for all actions taken, including statistics for holds and exports, reinforcing the defensibility of your eDiscovery activities.
• Customizable export settings, including options for single PST file export, path truncation, and the use of friendly names to enhance the accessibility of exported data.

Blogs and Media

Microsoft Purview integrates with ChatGPT Enterprise Compliance API to support compliance

The integration of generative AI into daily workflows has surged, with a significant 75% of global knowledge workers incorporating it into their routines . Employees are proactively adopting AI tools for their work, often ahead of their employers’ adoption curves, as evidenced by 78% of employees introducing personal AI tools into their workplace . This rapid adoption, however, brings forth substantial risks to organizational data, with cybersecurity and data privacy becoming paramount concerns for leaders . To address these challenges, it’s crucial for enterprises to implement solutions that are ready for the corporate environment, such as Microsoft Copilot for Microsoft 365 and OpenAI’s ChatGPT Enterprise.

We have previously launched Microsoft Purview capabilities to assist customers in managing data across generative AI applications like Copilot for Microsoft 365. Copilot is deeply integrated within Microsoft 365 apps, enabling it to comprehend a user’s work context and leveraging Microsoft Graph for personalized and relevant responses. It also connects to business data sources to analyze all of a user’s enterprise data. Copilot is built upon Microsoft 365’s controls and commitments, offering extensive data protection for enterprises. Additionally, Microsoft Purview equips Copilot users with real-time data security and compliance controls, seamlessly integrated into their M365 deployment.

In addition to our existing offerings, we have expanded Microsoft Purview’s capabilities to include the discovery, protection, and governance of data shared with custom AI applications developed using Copilot Studio, as well as third-party AI apps like Google Gemini, when operated from a managed device.

Our ambition is to provide a robust security platform that supports multiple clouds and platforms. Extensibility is a crucial component of our strategy to secure all leading generative AI applications. We are delighted to announce the integration of certain Microsoft Purview discovery and governance capabilities with OpenAI’s ChatGPT Enterprise Compliance API, currently available in private preview.