Microsoft 365 compliance center: Unified compliance administration for all customers
Microsoft 365 compliance center has been enhanced with several exciting capabilities and is now available to all customers with Microsoft 365, Office 365, Enterprise Mobility + Security (EMS), and Windows 10 Enterprise plans.
How to troubleshoot sensitivity Labels – Part 1
Often people came and asked this same question. Although all my eventual on-hands experience would increase, it can be tricky to answer to this question, or even just to give a straightforward method. To understand any kind of steps in a troubleshooting process, you have to know the product, know its features or purpose, and what's required to deploy it and/or in what order. Please join in as we share a few steps on how to troubleshoot sensitivity labels through this series. Hope you enjoy.
Introducing the Azure Threat Research Matrix
When performing a security assessment, it’s common to find the assessment team attribute their actions to the MITRE ATT&CK knowledge base so that high-level stakeholders can visually see what techniques were successful and defenders can understand the techniques that were performed. However, the commonly utilized MITRE knowledge base lacks formal documentation of Azure or AzureAD-related tactics, techniques, or procedures (TTPs) that assessment teams can attribute to. Over the past year, Microsoft has worked with some of the top Azure security researchers to create the Azure Threat Research Matrix (ATRM), a matrix that provides details around the tactics & techniques a potential adversary may use to compromise an Azure Resource or Azure Active Directory.Warn and Educate Users on Risky App Usage
We are pleased to announce the public preview for a new endpoint-based capability to allow management and control of Monitored cloud applications, manage these Monitored applications applying soft block experience for end-users when accessing these apps. Users will have an option to bypass the block.Announcing GA of Microsoft Data Loss Prevention Alerts Dashboard
Customers rely on Microsoft Data Loss Prevention(DLP) to enforce policies that identify and prevent risky or inappropriate sharing, transfer or use of sensitive information across cloud, on-premise and endpoints. Alerts, which can be configured as a part of the DLP policy authoring experience are an effective tool for customers to get notified whenever a DLP policy is violated. Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across : Exchange SharePoint Online OneDrive Teams Devices Cloud apps On-premises file shares Advance alert configuration options are available in the existing DLP policy configuration flow. These provide eligible DLP customers with the ability to tailor how they organize DLP policy alerts along with exhaustive information that they need to investigate and address DLP policy violations quickly. Historical workflow information for alerts is available in the Management log. The alerts dashboard provides a list view of all DLP alerts and clicking on an alert will display the relevant details. Figure 1 : Data Loss Prevention Alerts Dashboard Clicking on ‘View Details’ will display the alert page with exhaustive information associated with the DLP policy violation, ability to change alert status (Active, Investigating, Dismissed or Resolved), include additional comments and define workflow actions such as assigning alerts to individuals for follow up. Figure 2 : Alert details with manage alert options Clicking on the ‘Events’ tab will display the actual user activity along with details including : Source view (requires E5 or related subscriptions) : This will allow customers to view the email or the file involved in the DLP policy alert. Source view in the DLP Alerts Dashboard will be available for content(email/files) belonging to the following workloads : Exchange (Email body only) SharePoint Online One Drive This feature is available only for licenses in the following subscriptions : - Microsoft 365 (E5) - Office 365 (E5) - Advanced Compliance (E5) add-on - Microsoft 365 E5/A5 Info Protection & Governance - Microsoft 365 E5/A5 Compliance Matched sensitive terms and context : This will allow customers to view the sensitive terms in the content due to which the DLP policy was violated. You will also be able to view up to 300 characters surrounding the detected sensitive term. This information will be available for detections for the following workloads : Exchange (both email body and attachments) SharePoint Online OneDrive Teams For both features : Source View and Matched sensitive terms and context, the role group “Content Explorer Content Viewer” should be assigned. This role group has the role “data classification content viewer” pre-assigned. Figure 3 : Exhaustive metadata for each user event Figure 4 : View the content of the email(body) or file Figure 5 : View matched sensitive terms and surrounding characters Get Started Microsoft’s DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started today. Additional resources: For more information on DLP Alerts Management, please this and this For more information on Data Loss Prevention, please see this Thank you, The Microsoft Information Protection TeamCompliance Score Webinar
Microsoft Compliance Score is a feature in the Microsoft 365 compliance center to help you understand your organization's compliance posture. It calculates a risk-based score measuring your progress in completing actions that help reduce risks around data protection and regulatory standards. References: Microsoft Compliance Score This webinar was presented on Tue Apr 15th 2020, and the recording can be found here. Attached to this post are: The FAQ document that summarizes the questions and answers that came up over the course of both Webinars; and A PDF copy of the presentation. Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the Tech Community. Thanks! @Adam Bell on behalf of the MIP and Compliance CXE team
