What's New?
Starting this month, we will have a regular update from Aaron Dinnage (Microsoft) about the latest Office 365 news and features.
Office 365 Data Loss Prevention (DLP)
There have been some recent advances in DLP for Office 365, including the addition of DLP for SharePoint Online. We will cover how DLP can identify and protect sensitive information for organizations including demonstrations and some real-world applications for the technology.
4. NEW IN OFFICE 365 WORLD
…
Rolled out:
DLP for SharePoint Online
FastTrack 2.0 onboarding & adoption benefits
Office for iPad changes
eDiscovery Enhancements
Shared Computer activation for Office 365 ProPlus
ADFS support for client (preview)
System Center Management Pack
5. NEW IN OFFICE 365 WORLD
…
Rolling out:
Delve & the Office Graph
Document Conversations
Groups in Office 365
SharePoint Online encryption at rest
User themes
Office 365 Video
OneDrive for Business unlimited storage (CY 2015)
Outlook for Mac updated
6. Office 365 Ignite Training
Melbourne
December 8th through 10th
http://aka.ms/ausignite
7. Office 365 Dev Camp
Melbourne
December 11th
http://aka.ms/365DevCamp2014
8. Office 365 Ignite Summit
Sydney
March 30th through 31st, 2015
http://summit.office.com/
9. MELBOURNE OFFICE 365
USER GROUP
Michael Frank
Infrastructure Consultant
Kloud Solutions
Michael.Frank@Kloud.com.au
Data Loss Prevention in Office 365
Harris Schneiderman
Account Manager
Kloud Solutions
Harris.Schneiderman@Kloud.com.au
12. What is DLP in Microsoft Office 365?
How does DLP work?
DLP in Exchange Online
DLP in SharePoint Online
DLP Examples
Policy Tips
Reporting, Auditing, and Notifications
Office 365 DLP Roadmap
Session Agenda
14. Integrated into Exchange
Transport Rule (ETR) engine
• Runs in categorizer during
OnResolvedMessage
• Integrated as a new ETR predicate
• Performs text extraction for body &
attachments followed by classification
• Can be combined with any existing
predicates & actions
Text extraction
Transport rule agent
Classification
DLP CONTENT DETECTION FLOW IN
EXCHANGE
15. DLP CONTENT DETECTION FLOW IN
SHAREPOINT
Classification
Operator
Document
summary
Property
Mapping
Document
Parser
Custom
Entity
Extraction
Word
breaking
Ifilter
sandbox
Languag
e
Detection
Delete
item
Delete
Links
Insertnew
orupdated
item
Runs in Content Processing Pipeline as an operator
Invoked for search crawler as new content discovered and changed
Classification results and counts stored in the content index
Excel
Format
Handler
16. DLP POLICY ENFORCEMENT
Flexible tools for policy enforcement that provide the
right level of control
• Transport Rules
• Rights Management
• Data Loss Prevention
ALERT
CLASSIFY
ENCRYPT
APPEND OVERRIDE
REVIEW
REDIRECT
BLOCK
18. DLP POLICY TEMPLATES
Built-in templates based on common
regulations
Import DLP policy templates from partners
Build your own
19. SENSITIVE CONTENT DETECTION
Predefined rules targeted at sensitive data types
Advanced content detection
Combination of regular expressions, dictionaries,
and internal functions (e.g. validate checksum on
credit card numbers)
Extensibility for customer and ISV defined data
types
20. BUILT-IN DLP CONTENT AREAS
Country PII Financial Health
US
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking and
Savings, ABA, Swift Code)
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health
Insurance card
Rely on Partners
and ISVs
Germany
EU data protection,
Drivers License,
Passport National Id
EU Credit, Debit Card,
IBAN, VAT, BIC,
Swift Code
UK
Data Protection Act,
UK National Insurance, Tax Id, UK Driver
License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
Canada
PIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
France
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
Japan
PIPA,
Resident Registration, Social Insurance,
Passport, Driving License
Credit Card,
Bank Account,
Swift Code
22. Examples:Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2015
Get
Content
4485 3647 3952 7352 a 16 digit number
is detected
RegEx
Analysis
1. 4485 3647 3952 7352 matches checksum
2. 1234 1234 1234 1234 does NOT match
Function
Analysis
1. Keyword Visa is near the number
2. A regular expression for date (2/2015)
is near the number
Additional
Evidence
1. There is a regular expression that matches
a check sum
2. Additional evidence increases confidence
Verdict
CONTENT ANALYSIS PROCESS
23. DLP DOCUMENT FINGERPRINTING
Advanced deep content analysis enabling new scenarios!
A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc.
Company Confidential documents like Patents detected based on their template
A Law firm can fingerprint legal forms, and have them detected automatically for policy application
Integrates with the existing DLP infrastructure
as a custom sensitive information type
Surfaced in Exchange, Outlook and OWA
24. Fabrikam Patent Form Tracking Number
Author Date Invention Title Names of all
authors...
Get
Template
Content
1. Condensed representation of the template
content
2. Document is not stored
3. Stored as a sensitive information type
Create
Fingerprint
Fabrikam Patent Form Tracking Number 12345
Author Alex Date 1/28/2014 Invention Title
Fabrikam Green Energy...
Get Email
Content
1. Temporary in memory representation
2. Used for comparson with source
fingerprint created at config time
Create
Fingerprint
1. Compare the two fingerprints
2. Evaluate a ’containtment coefficient’ to
declare template contained in email
content
Verdict
CONFIGURATIONRUNTIME
DOCUMENT FINGERPRINTING
CLASSIFICATION RULE with
FINGERPRINT
FINGERPRINT
GENERATION
Evaluation
+ verdict
25. DLP IN SHAREPOINT ONLINE
Search for sensitive data
Built-in classifications
Identification and export
Extends to data in OneDrive
28. DLP FEATURE SET IN OFFICE 365
Deep content analysis
engine
46 OOB sensitive
information types
40 OOB DLP Templates
Support for 3rd party
defined DLP policy
templates
Policy Tips in OWA and
Mobile OWA
Advanced Document
Fingerprinting in Exchange,
Outlook, and OWA
5 new OOB sensitive
information types
Policy Tips in Outlook 2013
Contextual user education
and empowerment
Incident management
Rich reporting
DLP in SharePoint coming soon
30. Merging with Melbourne SharePoint User Group
Next Meetup will me in February (Date TBC)
UG Xmas Drinks December 18th 5:30pm @ Melbourne Public Bar at South Wharf
Feedback: https://www.surveymonkey.com/s/KNNXHMZ
We want you! Calling all speakers & sponsors!
Sponsors: Microsoft & Kloud
THANK YOU
Hinweis der Redaktion
thanks & great turnout
house keeping
introduction - me, kloud, presenters