2. Ajay Iyer
Sr. SharePoint Consultant (Microsoft)
Dabbling with SharePoint for over 10 years
SharePoint Online, OneDrive for Business, Search, Security &
Compliance, Migrations, Enterprise Content Management
Speaker at SharePoint Saturdays in Minneapolis, Nashville, Chicago,
Cincinnati & St. Louis
Twitter: @shankarajay1
ajiyer@microsoft.com
3. Objectives
Simplify and protect access
Allow collaboration and prevent leaks
Stay compliant
Secure administrative access
4. Requirement(s)
E3 or E5 Plan in Office 365
On-Prem AD synchronization with Azure Active Directory
(AAD)
Azure Subscription (if using Azure Information Protection)
5. Requirement(s)
E3 Plan E5 Plan (includes E3 features plus)
eDiscovery Legal Hold Advanced eDiscovery
eDiscovery export & case management Advanced Data Governance
IRM, DLP & Encryption
12. Security & Compliance Center
Data Classifications
Data Loss Prevention
Data Governance
Search & Investigation
13.
14. Data Classifications
Labels
Labels are just like the old Content-Type Retention Policies in SharePoint On-Premises
Retention Policies can be applied Tenant-wide or specific mailboxes, sites, OneDrive users
and groups
Labels can be applied automatically to new & existing content, per document library in
SharePoint Online
15. Data Classifications
Labels
Auto-Apply Labels are AWESOME
• You don’t need to train your users on all of your classifications.
• You don’t need to rely on users to classify all content correctly.
• Users no longer need to know about data governance policies – they
can focus on their work.
16. Data Classifications
Labels
You can choose to apply labels to content
automatically when that content contains:
• Specific types of sensitive information.
• Specific keywords that match a query you create.
20. Data Loss Prevention (DLP)
• Policies can span all locations in O365 including
Exchange Online (EXO), SharePoint Online (SPO) and
OneDrive for Business (ODfB) or you can choose
specific payloads
• Detect when this content is shared outside your
organization
• Ability to test the policy, while it's being created
21.
22. Search & Investigation
Search for sensitive content in your tenant & create saved searches
Review O365 audit logs
Create activity alerts for "specific users"
Create & manage eDiscovery cases
25. Security & Compliance in SharePoint Online
Recommended to set Default Link Type to “Direct” or “Internal”
26. Security & Compliance in SharePoint Online
Recommended to limit sharing to specific domains, if possible
27. Security & Compliance in SharePoint Online
Recommended to set expiry on Anonymous links
28. Security & Compliance in SharePoint Online
If needed, restrict access to your sites based on certain IP subnets
29. Security & Compliance in SharePoint Online
Restrict access from apps that don’t support modern auth’n
30. Security & Compliance in OneDrive for Business
Restrict access from apps that don’t support modern auth’n
31. Security & Compliance in OneDrive for Business
Restrict access from apps that don’t support modern auth’n
Recommended to limit sharing to specific domains, if possible
Recommended to set expiry on Anonymous links
If needed, restrict access to your sites based on certain IP subnets
36. Cloud App Security
Enterprise-grade security for Cloud Apps like O365, Google, AWS,
Salesforce, ServiceNow, Dropbox, etc.
Provides App Discovery, Data Control & Threat Protection (e.g.
Ransomware)
Available with Enterprise Mobility + Security E5 subscription or
standalone at $5/user/month
37. Objectives
Simplify and protect access
Allow collaboration and prevent leaks
Stay compliant
Secure administrative access
38. Summary
Encourage users to set permissions on documents
Configure External Sharing policies
Configure Device Access policies
Use Labels to implement Classification-based protection
Stay compliant with retention policies on labels
Configure DLP to protect unauthorized access
Separate duties of administrators by role — SharePoint Online,
Exchange Online, and Skype for Business Online
39.
40. https://support.office.com/en-gb/article/Overview-of-labels-af398293-c69d-465e-a249-d74561552d30?ui=en-
US&rs=en-GB&ad=GB#howlong
https://technet.microsoft.com/library/dn876574.aspx
Real Life Application by MSIT (Case Study) - https://msdn.microsoft.com/en-us/library/mt718319.aspx
Advanced e-Discovery in O365 (Channel 9) - https://channel9.msdn.com/Shows/Mechanics/Office-365-Advanced-
eDiscovery
Plan for Security & Information Protection in O365 - https://support.office.com/en-us/article/Plan-for-Office-365-
security-and-information-protection-capabilities-3d4ac4a1-3920-4ff9-918f-011f3ce60408?ui=en-US&rs=en-
US&ad=US
What is Cloud App Security? - https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
Anonymize Cloud User Discovery Data - https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-
anonymizer