Embed Size (px)
Citation preview
MELBOURNE OFFICE 365
USER GROUPNovember 2014
Proudly Sponsored by
AGENDA
House keeping
What’s new in Office 365 this month
DLP in Office 365
Meet and mingle
WHAT’S NEW?
NEW IN OFFICE 365 WORLD
…Rolled out:
DLP for SharePoint Online
FastTrack 2.0 onboarding & adoption benefits
Office for iPad changes
eDiscovery Enhancements
Shared Computer activation for Office 365 ProPlus
ADFS support for client (preview)
System Center Management Pack
NEW IN OFFICE 365 WORLD
…Rolling out:
Delve & the Office Graph
Document Conversations
Groups in Office 365
SharePoint Online encryption at rest
User themes
Office 365 Video
OneDrive for Business unlimited storage (CY 2015)
Outlook for Mac updated
Office 365 Ignite TrainingMelbourne
December 8th through 10th
http://aka.ms/ausignite
Office 365 Dev CampMelbourne
December 11th
http://aka.ms/365DevCamp2014
Office 365 Ignite SummitSydney
March 30th through 31st, 2015
http://summit.office.com/
MELBOURNE OFFICE 365
USER GROUP
Michael Frank
Infrastructure Consultant
Kloud Solutions
Data Loss Prevention in Office 365
Harris Schneiderman
Account Manager
Kloud Solutions
“
DLP HELPS TO
Identify ProtectMonitor
YOUR SENSITIVE DATA
What is DLP in Microsoft Office 365?
How does DLP work?
DLP in Exchange Online
DLP in SharePoint Online
DLP Examples
Policy Tips
Reporting, Auditing, and Notifications
Office 365 DLP Roadmap
Session Agenda
Policy
distribution
Contextual policy
education
DLP policy configuration
Backend policy
evaluation
Audit & incident
data generation
Admin
Information workers
DLP SYSTEM WALKTHROUGH
Integrated into Exchange Transport Rule (ETR) engine• Runs in categorizer during
OnResolvedMessage
• Integrated as a new ETR predicate
• Performs text extraction for body & attachments followed by classification
• Can be combined with any existing predicates & actions
Text extraction
Transport rule agent
Classification
DLP CONTENT DETECTION FLOW IN
EXCHANGE
DLP CONTENT DETECTION FLOW IN
SHAREPOINT
Classification
Operator
Document
summary
Property
Mapping
Document
Parser
Custom
Entity
Extraction
Word
breaking
Ifilter
sandbox
Languag
e
Detection
Delete
itemDelete
Links
Insert new
or updated
item
Runs in Content Processing Pipeline as an operatorInvoked for search crawler as new content discovered and changed
Classification results and counts stored in the content index
Excel
Format
Handler
DLP POLICY ENFORCEMENT
Flexible tools for policy enforcement that provide the right level of control
• Transport Rules
• Rights Management
• Data Loss Prevention
ALERT
CLASSIFY
ENCRYPT
APPEND OVERRIDE
REVIEW
REDIRECT
BLOCK
DLP USER EXPERIENCE
DEMO
DLP POLICY TEMPLATES
Built-in templates based on common regulations
Import DLP policy templates from partners
Build your own
SENSITIVE CONTENT DETECTION
Predefined rules targeted at sensitive data types
Advanced content detection
Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers)
Extensibility for customer and ISV defined data types
BUILT-IN DLP CONTENT AREAS
Country PII Financial Health
USUS State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking and
Savings, ABA, Swift Code)
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health
Insurance card
Rely on Partners
and ISVs
GermanyEU data protection,
Drivers License,
Passport National Id
EU Credit, Debit Card,
IBAN, VAT, BIC,
Swift Code
UKData Protection Act,
UK National Insurance, Tax Id, UK Driver
License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
CanadaPIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
France
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
JapanPIPA,
Resident Registration, Social Insurance,
Passport, Driving License
Credit Card,
Bank Account,
Swift Code
Australia Drivers License, Passport, Social Insurance Credit Card, Bank Account, Swift Code
DLP ADMIN EXPERIENCE
DEMO
Examples:Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2015
Get
Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx
Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function
Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2015)
is near the number
Additional
Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
CONTENT ANALYSIS PROCESS
DLP DOCUMENT FINGERPRINTING
Advanced deep content analysis enabling new scenarios!
A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc.
Company Confidential documents like Patents detected based on their template
A Law firm can fingerprint legal forms, and have them detected automatically for policy application
Integrates with the existing DLP infrastructure
as a custom sensitive information type
Surfaced in Exchange, Outlook and OWA
Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors...
Get
Template
Content
1. Condensed representation of the template content
2. Document is not stored3. Stored as a sensitive information type
Create
Fingerprint
Fabrikam Patent Form Tracking Number 12345Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy...
Get Email
Content
1. Temporary in memory representation2. Used for comparson with source
fingerprint created at config time
Create
Fingerprint
1. Compare the two fingerprints2. Evaluate a ’containtment coefficient’ to
declare template contained in email content
Verdict
CO
NFIG
UR
ATIO
NR
UN
TIM
EDOCUMENT FINGERPRINTING
CLASSIFICATION RULE with
FINGERPRINT
FINGERPRINT
GENERATION
Evaluation
+ verdict
DLP IN SHAREPOINT ONLINE
Search for sensitive data
Built-in classifications
Identification and export
Extends to data in OneDrive
REAL TIME NOTIFICATIONS
Audit dataClassificatio
nRule detailsMatch details
DLP EXTENSIBILITY POINTS
Custom DLP content
Supplemental DLP policy rules
Supplemental DLP classification rules
Incident reports integration with custom
workflows
Custom reporting solutions
Remote PowerShell management
DLP FEATURE SET IN OFFICE 365
Deep content analysis
engine
46 OOB sensitive
information types
40 OOB DLP Templates
Support for 3rd party
defined DLP policy
templates
Policy Tips in OWA and
Mobile OWA
Advanced Document
Fingerprinting in Exchange,
Outlook, and OWA
5 new OOB sensitive
information types
Policy Tips in Outlook 2013
Contextual user education
and empowerment
Incident management
Rich reporting
DLP in SharePoint coming soon
DLP HELPS TO
Identify ProtectMonitor
YOUR SENSITIVE DATA
Merging with Melbourne SharePoint User Group
Next Meetup will me in February (Date TBC)
UG Xmas Drinks December 18th 5:30pm @ Melbourne Public Bar at South Wharf
Feedback: https://www.surveymonkey.com/s/KNNXHMZ
We want you! Calling all speakers & sponsors!
Sponsors: Microsoft & Kloud
THANK YOU
