Microsoft Data Security Updates - 30th April 2024

Alrighty - welcome to the 30th April Edition of Ctrl + Alt + Data Security!

A few updates this edition, copilot embedded experiences coming into preview, a fair bit around endpoint DLP and some pretty cool stuff around Investigating Industrial Control Systems.

I am slowly getting used to having a newborn around the house - so I appreciate everyone's patience in getting these out!

Product Updates and Announcements

Copilot

The Copilot Experience is in preview for multiple Purview workloads:

Communication compliance - In preview: Summarize a message by using Copilot in Purview (preview).

Data Loss Prevention: Learn about DLP the toolsets you can use to investigate DLP alerts (preview) for Copilot in Purview.

eDiscovery: Summarize an item by using Microsoft Copilot for Security (preview)

Insider Risk Management: Use the Copilot button to summarize an alert, updated for Copilot in Purview.

If your interested in the use of AI in Australian organisations to boost their security operations, there is a great news story here: https://news.microsoft.com/en-au/features/the-australian-organisations-looking-to-generative-ai-to-boost-security-operations/

Information Protection

Sensitivity labels to discover private teams and protect shared channels

We’re rolling out two new features to enhance the sensitivity label creation and editing process, aimed at improving the discoverability of private teams and the management of shared channels in Microsoft Teams.

Private Teams Discoverability: With this new setting, private teams can now be found in the Teams app search, provided they have the appropriate label applied. This is a game-changer for private team visibility, as previously, only public teams were searchable. Admins can set up these labels in the Compliance portal, and private team owners can then label their teams to make them discoverable. Rest assured, joining a private team still requires the owner’s approval, maintaining the existing membership controls.

Shared Channel Settings: This feature introduces access controls for shared channels within a tenant, based on the applied label. Here’s how it works:

• Private Teams Only: This setting is comprehensive, covering both internal and external sharing, and ensures that sharing is restricted solely to other private teams. If deselected, the channel can be shared with public teams as well.
• Same Label Only (for internal teams): This setting limits sharing to teams that have the same label, fostering a more controlled and organized sharing environment. If you opt out of this setting, your channel can be shared with teams that have different labels, without affecting external sharing.
• Internal Only: This setting is all about keeping it in-house, restricting sharing strictly to internal teams of the tenant. If you’re looking to collaborate beyond your tenant’s boundaries, simply deselect this option to enable sharing with external teams.

These enhancements are designed to give you more control and flexibility while ensuring the security and proper governance of your teams and channels.

Data Loss Prevention

Data Loss Prevention (DLP) for endpoints - cloud egress groups (macOS)

Great news for all the macOS users out there. There is a new feature for Microsoft Edge that’s going to give admins a whole new level of oversight and control. Now, you can keep tabs on and block on certain user activities within the Edge browser. This includes actions like printing, copying, and the ‘Save As’ function for websites.

Roadmap item: https://www.microsoft.com/en-au/microsoft-365/roadmap?filters=&searchterms=383738

New Predicates for Endpoints

• Document Property is: Detects documents with custom properties matching the specified values.
• Document Name contains words or phrases: Detects documents where the file name contains any of the words or phrases you specify.

Enhanced Privacy Controls

We are releasing an update to restrict access to the following information only to admins having the ‘Data Classification Content Viewer’ role.

• View source information in Activity Explorer
• View surrounding context for associated SIT types in Activity Explorer

Roadmap item: https://www.microsoft.com/en-au/microsoft-365/roadmap?filters=&searchterms=383745

Copying rules

You can now copy existing rules and edit them instead of creating all-new rules!

Unified Audit

In Microsoft Purview Audit, the Search-UnifiedAuditLog cmdlet in Microsoft Exchange Online PowerShell is used to retrieve Audit logs from a specific date range or filtered results based on specified criteria. Very large queries aimed at retrieving a large number of audit records are susceptible to timeouts and may miss some results.

With this new feature, we are introducing the HighCompleteness parameter to the cmdlet. Please note that using this parameter can result in results being returned more slowly.

Roadmap item; https://www.microsoft.com/en-au/microsoft-365/roadmap?filters=&searchterms=383741

Data lifecycle management and records management

Improvements to SharePoint and OneDrive retention

For these services, you can now delete a folder that's subject to retention, even if it contains files!

Insider Risk Management

Adaptive protection in insider risk management now supports Microsoft Entra Conditional Access policies in addition to Microsoft Purview data loss prevention (DLP) policies. For example, by using adaptive protection together with Conditional Access, you can:

• Require Minor risk level users to acknowledge Terms of Use before using an application.
• Block Medium risk level users from accessing certain applications.
• Completely block Elevated risk level users from using any applications

In preview: Admin units are now supported for insider risk management. Use admin units to scope user permissions to a region or department.

In preview: Capture forensic evidence clips related to Enhanced Phishing Protection in Microsoft Defender SmartScreen.

Blogs and Media

Embracing the Data Protection and Data Privacy Act: A Strategic Approach with Microsoft's Compliance

A great blog post from Manjinder Singh Sahota on how Compliance Manager emerges as a tool to help our customers meet regulatory obligations: a brief snippet below:

In an era where data breaches and privacy concerns are at the forefront of concerns, the Data Protection and Data Privacy (DPDP) Act 2023 emerges to enhance protection for individuals' personal information. This landmark legislation signifies a pivotal shift in the global data privacy landscape, imposing rigorous standards for data handling and compelling organizations to elevate their data protection measures. As we navigate the intricacies of compliance with the DPDP. Microsoft Compliance Manager emerges as a tool to help our customers meet regulatory obligations. Compliance regulations protect customers and the organizations they serve, and Microsoft Compliance Manager is here to help protect private data.

Check it out here: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/embracing-the-data-protection-and-data-privacy-act-a-strategic/ba-p/4119374

Uncovering Hidden Risks Podcast: Understanding Cloud Native Application Protection Platforms (CNAPP)

A very information session on the Uncovering Hidden Risks podcast on CNAPP:

Giulio Astori , Principal Product Manager at Microsoft, joins Erica Toelle and guest host Yuri Diogenes, M.S. Cybersecurity on this week's episode of Uncovering Hidden Risks. Giulio Astori works as a Principal Program Manager for Microsoft Defender for Cloud and Yuri has been at Microsoft for the past 18 years and manages a Product Management team for the Defender for Cloud Product. In this discussion, Giulio delves into the world of Cloud Native Application Protection Platforms (CNAPPs), explaining their significance and utility in enhancing cloud security and protecting workloads. He explores the distinction between CNAPPs and Cloud Security Posture Management, shedding light on their roles in bolstering organizational security.?

A great session and well worth your time to tune into! ?

Check it out here: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/understanding-cloud-native-application-protection-platforms/ba-p/4120573

Investigating Industrial Control Systems using Microsoft’s ICSpector open-source framework

A fantastic blog post on Industrial Control Systems (ICS) - and the use of the ICSpector open source framework - it goes pretty deep, so if your interested or familiar with security in Industrial control systems then have a read through!

Full blog post here: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/investigating-industrial-control-systems-using-microsoft-s/ba-p/4120580

Events

Microsoft Discovery Day: Protecting Your Data (Digital)

As many of you know, I presented at our recent Protecting your Data event in Sydney recently, and many asked if it would be available virtually - good news!

Thursday, May 09, 2024, 10:00?AM?–?12:00?PM (GMT+10:00) the event will be airing virtually: Join us at Microsoft Discovery Day: Protecting Your Data, a free digital event, to hear about the latest trends in data security and how a comprehensive approach to data protection can help you fill in the gaps in your data security coverage. Learn how to build a stronger approach to data security, manage insider risk and identify best practices.

Register for the event here: https://msevents.microsoft.com/event?id=244144213304