MELBOURNE OFFICE 365 USER GROUP November 2014 Proudly Sponsored by AGENDA House keeping Whats new in Office 365 this month DLP in Office 365 Meet and mingle WHATS NEW? NEW IN OFFICE 365 WORLD Rolled out: DLP for SharePoint Online FastTrack 2.0 onboarding & adoption benefits Office for iPad changes eDiscovery Enhancements Shared Computer activation for Office 365 ProPlus ADFS support for client (preview)
System Center Management Pack NEW IN OFFICE 365 WORLD Rolling out: Delve & the Office Graph Document Conversations Groups in Office 365 SharePoint Online encryption at rest User themes Office 365 Video OneDrive for Business unlimited storage (CY 2015) Outlook for Mac updated Office 365 Ignite Training Melbourne December 8th through 10th http://aka.ms/ausignite Office 365 Dev Camp Melbourne December 11th http://aka.ms/365DevCamp2014
Office 365 Ignite Summit Sydney March 30th through 31st, 2015 http://summit.office.com/ MELBOURNE OFFICE 365 USER GROUP Data Loss Prevention in Office 365 Michael Frank Infrastructure Consultant Harris Schneiderman Account Manager Kloud Solutions Kloud Solutions [email protected] [email protected]
e l s e h c a e r Data b a i l a r t s
u A a v e th e s/2 .au/new m o c r. o t pecta usinesss .b w w w / http:/ 013/5
s k a e L r e l i a t e R e g r a L n
o i t a m r o f n I t n e m y a P l i a m via E
g n i m u n public f uming -public-f n a li a r t s ve-au ches-lea a e r -b
ta a nology/d /27/tech DLP HELPS TO Identify Monitor Protect YOUR SENSITIVE DATA Session Agenda What is DLP in Microsoft Office 365?
How does DLP work? DLP in Exchange Online DLP in SharePoint Online DLP Examples Policy Tips Reporting, Auditing, and Notifications
Office 365 DLP Roadmap DLP SYSTEM WALKTHROUGH Backend policy evaluation Admin DLP policy configuration Audit & incident data generation Contextual Policy policy distribution education Information workers
DLP CONTENT DETECTION FLOW IN EXCHANGE SMTP receive Transport rule agent Integrated into Exchange Transport Rule (ETR) engine Text extraction Runs in categorizer during OnResolvedMessage Classification Integrated as a new ETR predicate
Performs text extraction for body & attachments followed by classification Can be combined with any existing predicates & actions Categorizer Queue management Message delivery Store driver DLP CONTENT DETECTION FLOW IN SHAREPOINT Runs in Content Processing Pipeline as an operator Invoked for search crawler as new content discovered and changed Classification results and counts stored in the content index Crawler
Content Processing Component Delete item Delete Links Documen t Parser Excel Format Handler Propert y Mappin g Ifilter sandbox
Languag e Detectio n Classificatio n Operator Word breakin g Custom Entity Extractio n Documen t summary Index
Insert new or updated item DLP POLICY ENFORCEMENT Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention APPEND ENCRYPT
CLASSIFY OVERRIDE REVIEW REDIRECT ALERT BLOCK DEMO DLP USER EXPERIENCE DLP POLICY TEMPLATES Built-in templates based on common regulations Import DLP policy templates from partners Build your own
SENSITIVE CONTENT DETECTION Predefined rules targeted at sensitive data types Advanced content detection Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers) Extensibility for customer and ISV defined data types Countr y PII Financial US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code)
EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License
Credit Card, Swift Code EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code US Germany
BUILT-IN DLP CONTENT AREAS France Japan Drivers License, Passport, Social Health Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs DEMO
DLP ADMIN EXPERIENCE CONTENT ANALYSIS PROCESS Get Content Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2015 RegEx Analysis 4485 3647 3952 7352 a 16 digit number is detected Function Analysis 1. 4485 3647 3952 7352 matches checksum 2. 1234 1234 1234 1234 does NOT match Additional
Evidence 1. Keyword Visa is near the number 2. A regular expression for date (2/2015) is near the number Verdict 1. There is a regular expression that matches a check sum 2. Additional evidence increases confidence Examples: DLP DOCUMENT FINGERPRINTING Advanced deep content analysis enabling new scenarios! A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc. Company Confidential documents like Patents detected based on their template A Law firm can fingerprint legal forms, and have them detected automatically for policy application Integrates with the existing DLP infrastructure as a custom sensitive information type Surfaced in Exchange, Outlook and OWA
CONFIGURATIO N DOCUMENT FINGERPRINTING Get Template Content Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors... Create Fingerprint 1. Condensed representation of the template content 2. Document is not stored 3. Stored as a sensitive information type CLASSIFICATION RULE
with FINGERPRINT RUNTIME Evaluation Get Email Content Fabrikam Patent Form Tracking Number 12345 Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy... Create Fingerprint 1. Temporary in memory representation 2. Used for comparson with source fingerprint created at config time Verdict
1. Compare the two fingerprints 2. Evaluate a containtment coefficient to declare template contained in email content + verdict FINGERPRINT GENERATION DLP IN SHAREPOINT ONLINE Search for sensitive data Built-in classifications Identification and export Extends to data in OneDrive REAL TIME NOTIFICATIONS Match Audit Classificati Rule details
data on DLP EXTENSIBILITY POINTS Custom DLP content Supplemental DLP policy rules Supplemental DLP classification rules Incident reports integration with custom workflows Custom reporting solutions Remote PowerShell management EXCHANGE and OUTLOOK 2013 NEW in SP1 EXCHANGE and OUTLOOK 2013 Deep content analysis engine Policy Tips in Outlook 2013
Policy Tips in OWA and Mobile OWA 46 OOB sensitive information types Contextual user education and empowerment Advanced Document Fingerprinting in Exchange, Outlook, and OWA 40 OOB DLP Templates Support for 3rd party defined DLP policy templates Incident management Rich reporting
5 new OOB sensitive information types DLP FEATURE SET IN OFFICE 365 DLP in SharePoint coming soon DLP HELPS TO Identify Monitor Protect YOUR SENSITIVE DATA THANK YOU Merging with Melbourne SharePoint User Group
Next Meetup will me in February (Date TBC) UG Xmas Drinks December 18th 5:30pm @ Melbourne Public Bar at South Wharf Feedback: https://www.surveymonkey.com/s/KNNXHMZ We want you! Calling all speakers & sponsors! Sponsors: Microsoft & Kloud
