Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
O365Con18 - Classify, Label and Protect your Data with Azure Information Protection - Bram de Jager - o365 connect 2018
1. CLASSIFY, LABEL AND
PROTECTYOUR DATA
WITH AZURE
INFORMATION
PROTECTION
Bram de Jager
Lead Architect, delaware, Netherlands
MVP, MCM
2.
3. Challenges with the complex environment
Employees
Business partners
Customers
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
4. The problem is ubiquitous
Intellectual Property theft has
increased
56% rise data theft
Accidental or malicious breaches
due to lack of internal controls
88% of organizations are Losing control
of data
80% of employees admit to
use non-approved SaaS app 91% of breaches could have
been avoided
Organizations no longer confident in
their ability to detect and prevent threats
Saving files to non-approved cloud
storage apps is common
8. Classify Data – Begin the Journey
SECRET
CONFIDENTIAL
GENERAL
PUBLIC
IT admin sets policies,
templates, and rules
PERSONAL
Classify data based on sensitivity
Start with the data that is most
sensitive
IT can set automatic rules; users
can complement it
Associate actions such as visual
markings and protection
9. How ClassificationWorks
Reclassification
You can override a
classification and
optionally be required
to provide a justification
Automatic
Policies can be set by IT
Admins for automatically
applying classification and
protection to data
Recommended
Based on the content you’re
working on, you can be
prompted with suggested
classification
User set
Users can choose to apply a
sensitivity label to the email
or file they are working on
with a single click
10. Apply labels based on classification
%##&$^#*!~@&
FINANCE
CONFIDENTIAL
%$^#*@&
Persistent labels that travel with the document
Labels are metadata written to
documents
Labels are in clear text so that other
systems such as a DLP engine can
read it and a hash of policies, rules,
and user information
11. Protect data against unauthorized use
VIEW EDIT COPY PASTE
Email
attachment
FILE
Protect data needing protection by:
Encrypting data
Including authentication requirement and a
definition of use rights (permissions) to the data
Providing protection that is persistent and travels
with the data
Personal apps
Corporate apps
13. DEMO – SCENARIOS
› Manual and default labels
› Label action: content marking & RMS protection
› Conditions: automatic & recommended
› Setting your information protection policy in minutes (administration experience)
14. USINGVARIABLES INVISUAL MARKINGS
› ${Item.Label} for the selected label. For example: Internal
› ${Item.Name} for the file name or email subject. For example: JulySales.docx
› ${Item.Location} for the path and file name for documents, and the email subject for emails. For example:
Sales2016Q3JulyReport.docx
› ${User.Name} for the owner of the document or email, by the Windows signed in user name. For example:
rsimone
› ${User.PrincipalName} for the owner of the document or email, by the Azure Information Protection client
signed in email address (UPN). For example: rsimone@vanarsdelltd.com
› ${Event.DateTime} for the date and time when the selected label was set. For example: 8/16/2016 1:30 PM
17
16. AZURE INFORMATION PROTECTION LICENSES
Feature
https://azure.microsoft.com/en-us/pricing/details/information-protection/
AIP for
Office 365
(O365
E3/E5)
AIP
Premium P1
(EMS E3 or
M365 E3)
AIP
Premium P2
(EMS E5 of
M365 E5)
Manual, default, and mandatory document classification and consumption of classified
documents
Yes Yes
Automated and recommended data classification and administrative support
for automated rule sets
Yes
Hold Your Own Key (HYOK) Yes
Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and
Microsoft OneDrive for Business content
Yes Yes Yes
Azure Information Protection scanner for on-premises repository (labels only) Yes Yes
AIP connector with on-premises Windows Server file shares by using the FCI
connector
Yes Yes
Document tracking and revocation Yes Yes
Content consumption by using work or school accounts Yes Yes Yes
Azure Information Protection content creation by using work or school accounts Yes Yes Yes
17. WINDOWS SERVER FCIVS AZURE
INFORMATION PROTECTION SCANNER
Windows Server FCI AIP Scanner
Supported data stores:
• Local folders on Windows Server Yes Yes
• Windows file shares and network-attached
storage
Yes
• SharePoint Server 2016 and SharePoint
Server 2013
Yes
Operational mode:
• Mode Real Time Systematically crawls
the data stores and this
cycle can run once, or
repeatedly
18. KEYTAKEAWAYS
› Azure Information Protection is about (Detect), Classify, Label, Protect, and Monitor
& Respond
› Helps your organization to understand and really use business information
protection based on data classification
› Think about compliancy for the General Data Protection Regulation (GDPR), which
is active as off May 25th 2018
19. SharePoint Client
Browser
▪ Must have SharePoint
community tool!
▪ Provides insights into
your SharePoint site or
tenant
▪ Uses the CSOM to
connect to SharePoint
2010/2013/2016/2019 and
SharePoint Online
▪ https://github.com/
bramdejager/spcb