4. Empower the User Enable the
Compliance Officer
In Place and Extensible
Easy for IT
Outlook, Word, PowerPoint,
SharePoint, Mobile Apps
Exchange, SharePoint, Lync, AD,
File Server, third parties
Exchange, SharePoint, Lync
Administration
Exchange, SharePoint, Windows
5. Build compliance into the applications
Index or Ingest to extend
Unify compliance experience and
configuration across the suite
Bloomberg
Immutable
SharePoint
Immutable
Exchange Lync
3rd Party
Archives
…
Exchange
SharePoint
Others
Archive
eDiscovery and
Compliance
Traditional Compliance
Compliance
In-Place Compliance Strategy
10. Protect data with encryption
IRM (RMS)
Prevents sensitive information from being printed,
forwarded, or copied by unauthorized people inside the
organization
S/MIME Sign and encrypt messages to users using certificates
Office 365
Message
Encryption
Encrypt messages to any SMTP address
12. Data Loss Prevention
Content analysis
Get Content
Regex Analysis
Function Analysis
Additional Evidence
Verdict
Policy Tips
Outlook and OWA
Document Fingerprinting
Protect intellectual property like patents,
company confidential information, and
other standardized form content
18. Empower the User Enable the
Compliance Officer
In Place and Extensible
Easy for IT
Outlook, Word, PowerPoint,
SharePoint, Mobile Apps
Exchange, SharePoint, Lync, AD,
File Server, third parties
Exchange, SharePoint, Lync
Administration
Exchange, SharePoint, Windows
Hinweis der Redaktion
Welcome! This is an overview of the many compliance features in SharePoint and across Office 365. All of the features we will talk about are (or will be) available in both Office 365 as well as the on-premises versions of the SharePoint, Exchange and Lync.
This is not about compliance or security processes, but the compliance features which you can use to manage the data in your own organizations.
We will recap existing features as well as introduce new features.
Empower the Users Help them comply; Don’t get in their way
Enable the Compliance Officer: Full featured Compliance; Scoped, restricted access; Efficient engagement with IT
Easy for IT:
In-Place and Extensible: Fidelity, Freshness and Immutability; Low cost; Index, Ingest and customize
Issues with traditional compliance:
Third party components installed on Messaging and File Servers
Separate servers/stores to store the data and provide compliance
Client side plugins for end user compliance experiences
Our solution:
Compliance built into Exchange and SharePoint in the cloud or on-premises
Index or ingest data into Message and File Archives
Will allow third party components, not require them
I think the compliance center does the following:1. Unifies management making it easier for compliance officers and Admins2. Takes compliance administration out if the workload enabling you to enforce, delegate and evaluate compliance without impact on or interference by the workload
Overview of Compliance Center – Show how SharePoint has been improved by the addition of direct links to Site Collections for Auditing and Encryption
The term archive can mean different things – Archiving is typically a term which covers moving data to a separate arhive then applying compliance features like retention and preservation (or hold policies). Here we talk about three compliance features – the In-Place Archive, retention or delete policies and preservation.
Exchange: An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox.
SharePoint: The Records Center is intended to serve as a central repository in which an organization can store and manage all of its records.
Explain Retention = Deletion.
Exchange retention policies consist of a number of tags which can be automatically assigned to the mailbox, or choices can be given to the user to select from a set of “personal tags”.
SharePoint has retention policies through the records center, content type policies and site policies. But the new feature here is the document deletion policies. Similar to Exchange, they are designed to provide deletion policies for unstructured data like OneDrive for Business – there is a session tomorrow SPC267 (what’s new with retention in Sharepoint and SD Pro) to explain these.
In-Place Hold: Content stays in Exchange and SharePoint; Hold entire mailboxes, SharePoint sites, or apply a query; No impact to users
Exchange preservation: Includes Lync Information as well.
SharePoint: Explain the difference between the SharePoint Records Hold – which locks the document, and the new In-Place Hold which is set from the ediscovery center, Hold Policy Center or Unified Hold.
When data is sensitive it needs to be protected …
Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners
Internal company confidential memo
Office 365 Message Encryption – Encrypt messages to any SMTP address
Personal account statement from a financial institution
S/MIME – Sign and encrypt messages to users using certificates
Peer to peer signed communication within a government agency
How do you identify the sensitive information in your organization …. Using DLP.
Key theme, I, M, P
Easy, you will see it in demos
Remember, DLP is not for bad users, it is for good users, who either don’t know what they are doing is good or bad.
Out of the box classification rules work to detect common types of sensitive data – covers multiple entity and geographies.
Policy engine
Well defined entities (ex: CC#, SSN)
Probabilistic techniques for fuzzy matches (ex: SOX, medical terms)
Get Content
RegEx Analysis - 4485 3647 3952 7352 a 16 digit number is detected
Function Analysis - 4485 3647 3952 7352 matches checksum; 1234 1234 1234 1234 does NOT match
Additional Evidence - Keyword Visa is near the number; A regular expression for date (2/2015) is near the number
Custom classification rules
Fingerprinting for org documents that share common characteristics (ex: 1040 form)
Custom regex and keyword matches
Office document meta-data
We are continuously expanding DLP across other workloads. Remind audience of the demo they saw in the keynote.
As part of continued efforts, users will continue to see deeper DLP enhancements in SP. This will be a staged release with following features. We DO NOT communicate any timeline. We vaguely address the following to give a sense of direction we are heading into.
Admins can Discover sensitive content in SharePoint sites
Admins can Discover and Apply policy to sensitive content in SharePoint sites
support tuning & Custom classification
Policy Tips in SharePoint
EDiscovery is about finding your data
Concerned about the cloud …. Data center operations auditing for exchange
SharePoint Online introduces View Only auditing
Lower cost; Single experience across the products; In-Place means that the data has full Fidelity and is always up to date
The compliance center Unifies management making it easier for compliance officers and Admins.
The next step is to unified the compliance process themselves -- Take compliance administration out of the workload enabling you to enforce, delegate and evaluate compliance without impact on or interference by the workload.
The first part of this that we are releasing is a Unified In0Place Hold policy experience – let’s take a look at it.
Empower the Users Help them comply; Don’t get in their way
Enable the Compliance Officer: Full featured Compliance; Scoped, restricted access; Efficient engagement with IT
Easy for IT:
In-Place and Extensible: Fidelity, Freshness and Immutability; Low cost; Index, Ingest and customize