Security, Compliance, and Identity articles https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/bg-p/MicrosoftSecurityandCompliance Security, Compliance, and Identity articles Thu, 21 Oct 2021 01:16:01 GMT MicrosoftSecurityandCompliance 2021-10-21T01:16:01Z Announcing Adaptive Policy Scopes for Microsoft 365 Records Management https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-adaptive-policy-scopes-for-microsoft-365-records/ba-p/2857532 <P>Microsoft Information Governance helps organizations classify and govern data at scale. It retains data and manages records where users collaborate to prevent productivity loss. Microsoft Information Governance allows organizations to keep what they need and delete what they do not need.</P> <P>&nbsp;</P> <P><SPAN>We are excited to announce adaptive policy scopes, which add a new way to deploy retention in Microsoft 365. With this new feature, we can deploy retention policies and labels to groups of users, SharePoint sites and Microsoft 365 Groups (including Microsoft Teams) dynamically using attributes and properties to determine inclusion or exclusion from the policies.</SPAN></P> <P>&nbsp;</P> <P>Adaptive policy scopes also work within our Microsoft Records management solution. Before we dive into the announcement, let us set some context by looking at how retention works today.</P> <P>&nbsp;</P> <H2>How retention works today</H2> <P>Currently, when you create a retention policy or a retention label policy, you need to make three decisions:</P> <P>&nbsp;</P> <OL> <LI><STRONG>Decide the policy configuration settings</STRONG>. These settings include configuring the retention and deletion settings for your policy. A retention label can have disposition review and you can prevent users from editing files with this retention label.</LI> <LI><STRONG>Decide how to apply the settings</STRONG>. Options include automatically applying the retention policy or having end users manually label content.</LI> <LI><STRONG>Decide where to apply the settings</STRONG>. This option allows you to choose locations where the policy will be active. For example, SharePoint, Microsoft Teams, or Exchange.</LI> </OL> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="EricaToelle_0-1634570777405.png" style="width: 658px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318045i17872F78704E0631/image-dimensions/658x281?v=v2" width="658" height="281" role="button" title="EricaToelle_0-1634570777405.png" alt="EricaToelle_0-1634570777405.png" /></span></P> <P>Figure 1: Decisions to create a retention policy or a retention label policy – before adaptive policy scopes</P> <P>The retention policy can also include or exclude specific locations. For example, if you want the retention policy to apply to only specific SharePoint sites or specific mailboxes. However, including or excluding locations requires you to comply with per policy include/exclude limits on the number of specific locations. If you exceed these limits, you must create additional policies with the same retention settings. <A href="#" target="_blank">You can see the specific limits for each location here</A>.</P> <P>&nbsp;</P> <P>Our customers have given us feedback that these types of static scopes work well when you want to set a retention policy for one or more entire locations. For example, applying a policy to all Microsoft Teams chats. It also works if there are a small number of inclusions or exclusions to the policy which do not change often over time. However, many organizations have requirements to apply certain policies to certain sites, locations, departments, and more.</P> <P>&nbsp;</P> <P>As an example, you might want to apply a different set of retention policies to all users, SharePoint sites, teams, and Yammer messages for content assets in Germany. Because new users are joining and leaving the company, and there are often new sites and teams, and organizations need to dynamically update these policies without manual intervention. Previously, organizations had to manually maintain these policies and customers were building complex PowerShell scripts to manage these static scopes at scale.</P> <H2>Announcing the public preview of adaptive policy scopes</H2> <P>We are introducing adaptive policy scopes to help solve the challenges above. Adaptive policy scopes:</P> <P>&nbsp;</P> <UL> <LI><STRONG>Manage policy targeting with user, group, or site attributes</STRONG>. Microsoft Information Governance updates the scopes automatically, so policies stay current as users join and leave roles, as users create and delete SharePoint sites, and throughout the Microsoft Teams lifecycle.</LI> <LI><STRONG>Adaptive policy scopes are not subject to per policy limits</STRONG>. They are not subject to the include/exclude limits we discussed earlier.</LI> <LI><STRONG>A new policy lookup tool</STRONG>. This tool helps administrators understand which policy applies to a specific location. For example, you can lookup a user's mailbox and see all the retention policies and retention label policies that apply to that location. <A href="#" target="_blank">More information on policy lookups</A>.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="EricaToelle_1-1634570777412.png" style="width: 656px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318046i741BCDA153E876E9/image-dimensions/656x310?v=v2" width="656" height="310" role="button" title="EricaToelle_1-1634570777412.png" alt="EricaToelle_1-1634570777412.png" /></span></P> <P>Figure 2: Decisions to create a retention policy or a retention label policy – after adaptive policy scopes</P> <P>With this change, we are adding an additional retention option for where organizations can apply retention. We are also renaming the previous location selection option to a Static scope.</P> <UL> <LI><STRONG>Static scope (previously the only option)</STRONG>: Choose the location containing the content you want to retain. If locations change after you create this policy, for example, if a SharePoint site is added or removed, you will need to manually update the policy.</LI> <LI><STRONG>Adaptive scope</STRONG>: Consists of attributes or properties, e.g., Department or country, that define the users, groups, or sites in your organization. You will choose supported locations containing the content you want to retain. The policy will automatically update to match the criteria defined in the scope.</LI> </UL> <P>A policy will have a dynamic scope or a static scope. You still have the option to choose specific locations where the policy will be active, which allows for a lot of flexibility in how retention policies are deployed.</P> <H2>How to define an adaptive policy scope</H2> <P>How do you create these policies? The policies are defined using attributes available on a user's profile, on the Microsoft 365 group, or in the SharePoint site property bag. For those familiar with Azure Active Directory dynamic group membership, adaptive policy scopes work in a similar way.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="adaptive scopes GIF.gif" style="width: 638px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318088iF29725096843BB5D/image-dimensions/638x359?v=v2" width="638" height="359" role="button" title="adaptive scopes GIF.gif" alt="adaptive scopes GIF.gif" /></span>Figure 3: Creating an adaptive policy scope</P> <P>&nbsp;</P> <P>For a full list of attributes that are available along with the locations they support, <A href="#" target="_blank">please click here for more information</A>.</P> <P>Please let us know how you plan to use adaptive policy scopes in your organization. If you have any ideas you would like to share or questions, please put them in the comments below. If you are ready to try adaptive policy scopes, please sign up for an <A href="#" target="_blank">E5 Compliance trial</A> or <A href="#" target="_blank">purchase licenses here</A>.</P> Wed, 20 Oct 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-adaptive-policy-scopes-for-microsoft-365-records/ba-p/2857532 EricaToelle 2021-10-20T15:00:00Z Expanding Microsoft 365 Privacy Management with API Ecosystem and Extensibility https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/expanding-microsoft-365-privacy-management-with-api-ecosystem/ba-p/2850620 <P>Data privacy regulations such as GDPR or California Consumer Privacy Act (CCPA) grant consumers the right to know the specific pieces of data that organizations have collected about them. Research shows that 64% of the companies handle subject requests manually, 25% have a partially automated process, and only 1% have automated their response<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[1]</SPAN></A>. Microsoft’s Privacy Management solution helps organizations automate and manage subject requests at scale. Customers are looking to solve for data privacy needs or their entire data landscape - including Microsoft 365 data.</P> <P>&nbsp;</P> <P>To enable our customers to meet their data privacy-related requirements beyond Microsoft 365 we are building extensibility within our Privacy management platform. Today we are excited to announce the general availability (GA) of Privacy APIs as well as built-in integration with Power Automate workflows to solve for following key scenarios:</P> <P>&nbsp;</P> <UL> <LI><STRONG>Integrate subject rights requests</STRONG> with in-house or partner-built privacy solution</LI> <LI><STRONG>Automate Privacy workflows</STRONG> and create calendar reminders, search files with specific tags, and track subject requests in ServiceNow</LI> </UL> <P>&nbsp;</P> <P><STRONG>Integrate subject rights requests (commonly known as data subject requests) using Microsoft Graph APIs</STRONG></P> <P>&nbsp;</P> <P><SPAN>Microsoft Graph APIs for subject rights requests enable our customers to integrate Microsoft 365 related subject rights requests with their in-house or partner-built privacy solutions. This API-based extensibility enables our customers to respond to subject rights requests in a unified manner across their entire data estate covering both Microsoft and non-Microsoft environments. This also helps with </SPAN><A href="#" target="_blank" rel="noopener">automation</A><SPAN> at scale and helps customers meet industry regulations more efficiently without relying on manual processes.</SPAN></P> <P>&nbsp;</P> <P>We are also excited to announce our partnership with leading privacy ISVs, OneTrust, Securiti.ai, and WireWheel who all are using Microsoft Graph APIs to extend subject rights management capabilities to personal data stored outside of Microsoft 365, enabling customers to have a unified and streamlined response to subject requests. OneTrust, Securiti.ai and WireWheel have also joined MISA - Microsoft Intelligent Security Association program. This further strengthens our ecosystem and helps us scale with partners to bring even more security, risk, compliance, and privacy value to our joint customers.</P> <P>&nbsp;</P> <P><STRONG>OneTrust integrates subject rights requests for Microsoft 365 </STRONG></P> <P>&nbsp;</P> <P><EM>“At OneTrust, we’re committed to helping organizations become more trusted," said Kevin Jones, Director of Product Management - OneTrust. “Our collaboration with Microsoft empowers businesses to automate the fulfillment of data subject access requests within the Microsoft 365 compliance center, streamlining the IT admin experience.”</EM></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="OneTrust Microsoft Integration v2.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/317732iDBB95328EF27C67C/image-size/large?v=v2&amp;px=999" role="button" title="OneTrust Microsoft Integration v2.gif" alt="OneTrust integration with Microsoft 365 Privacy Management" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">OneTrust integration with Microsoft 365 Privacy Management</span></span></P> <P class="lia-align-center">&nbsp;<SPAN style="font-family: inherit;">Figure 1: OneTrust integration using Microsoft Privacy APIs</SPAN></P> <P>&nbsp;</P> <P><STRONG>Securiti.AI integrates subject rights requests for Microsoft 365</STRONG></P> <P>&nbsp;</P> <P><EM>Through our partnership with Microsoft, we are providing organizations a unified solution to automate their data privacy operations across their structured and unstructured data systems. More specifically, our integration with <SPAN>Privacy Management for Microsoft 365 using Microsoft’s new Privacy APIs</SPAN> enables our joint customers to automatically fulfill the Microsoft 365 portion of subject rights requests within <SPAN>Privacy Management</SPAN> and ensure compliance with an ever-growing number of privacy regulations globally,” said Vivek Kokkengada, VP Products at Security.</EM></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Securiti.jpg" style="width: 959px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/317733i014632FB6CB7F5A5/image-size/large?v=v2&amp;px=999" role="button" title="Securiti.jpg" alt="Securiti.AI integration workflow with Microsoft 365 Privacy Management" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Securiti.AI integration workflow with Microsoft 365 Privacy Management</span></span></P> <P class="lia-align-center">Figure 2: Securiti.AI integration using Microsoft Privacy APIs</P> <P>&nbsp;</P> <P><STRONG>Wirewheel integrates subject rights requests for Microsoft 365 </STRONG></P> <P>&nbsp;</P> <P><EM>“As privacy regulations continue to proliferate throughout the globe, companies are receiving more and more privacy rights requests. Through WireWheel's partnership with Microsoft, we are providing organizations with the ability to make Data Subject Access Request (DSAR) fulfillment more accurate, faster, and easier by automating the process of finding and retrieving personal data, especially employee personal data. This partnership enables our joint customers to be able to lower the cost to fulfill privacy requests by significantly reducing the administrative burden on employees who have to do this manually today.” said Justin Antonipillai.</EM></P> <P>&nbsp;</P> <P class="lia-align-center"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="WireWheel.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/317734i7DF589123E4AD43E/image-size/large?v=v2&amp;px=999" role="button" title="WireWheel.gif" alt="WireWheel integration with Microsoft 365 Privacy Management" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">WireWheel integration with Microsoft 365 Privacy Management</span></span></P> <P class="lia-align-center">Figure 3: Wirewheel integration using Microsoft Privacy APIs</P> <P>&nbsp;</P> <P><STRONG>Automate Privacy workflows </STRONG></P> <P>&nbsp;</P> <P><SPAN>Our customers want and need the ability to customize and automate business processes related to subject rights requests. These scenarios can range from getting required sign-offs from risk teams once review is done to raising a ticket in ServiceNow for tracking purposes. We are excited to announce our built-in integration with Power Automate templates to enable our customers to use their existing business process for managing subject rights requests in Privacy Management for Microsoft 365. Following sample workflow templates are available out-of-the-box:</SPAN></P> <UL> <LI><SPAN>Get files by tag for this Subject rights request (SRR)</SPAN></LI> <LI><SPAN>Add a calendar reminder to follow up on SRR</SPAN></LI> <LI><SPAN>Create a record for SRR in ServiceNow</SPAN></LI> </UL> <P>&nbsp;</P> <DIV id="tinyMceEditorHammadRajjoub_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="PowerAutomateFlowsForPrivacy.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318397i1DF99A3C458DB47A/image-size/large?v=v2&amp;px=999" role="button" title="PowerAutomateFlowsForPrivacy.png" alt="PowerAutomateFlowsForPrivacy.png" /></span></P> <P class="lia-align-center">&nbsp;<SPAN style="font-family: inherit;">Figure 4: Built-in Privacy Management templates via Power Automate integration</SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG>Get&nbsp;started</STRONG></SPAN><SPAN>&nbsp;<STRONG>with Privacy APIs</STRONG></SPAN></P> <P><SPAN>&nbsp;Get started with Microsoft Privacy APIs and learn how to use them in your applications today, view documentation </SPAN><A href="#" target="_blank" rel="noopener">here</A><SPAN>.</SPAN></P> <P><SPAN>&nbsp;&nbsp;</SPAN></P> <P><SPAN><STRONG>Learn&nbsp;more&nbsp;</STRONG></SPAN><SPAN>&nbsp;</SPAN></P> <OL> <LI><SPAN>Read our latest </SPAN><A href="#" target="_blank" rel="noopener">announcement</A><SPAN> on Privacy Management</SPAN></LI> <LI><SPAN>Read&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>product documentation</SPAN></A><SPAN>&nbsp;for more information on&nbsp;Privacy&nbsp;Management&nbsp;</SPAN></LI> <LI><SPAN>Watch&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>this</SPAN></A><SPAN>&nbsp;video to learn more about Privacy Management capabilities</SPAN><SPAN>&nbsp;</SPAN></LI> <LI><SPAN>Visit&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>this</SPAN></A><SPAN>&nbsp;website&nbsp;to learn more about privacy&nbsp;at Microsoft&nbsp;&nbsp;</SPAN><SPAN>&nbsp;</SPAN></LI> </OL> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[1]</SPAN></A> Privacy in the wake of COVID-19, IAPP-EY,2020</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 19 Oct 2021 16:10:53 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/expanding-microsoft-365-privacy-management-with-api-ecosystem/ba-p/2850620 HammadRajjoub 2021-10-19T16:10:53Z Announcing general availability of Privacy Management for Microsoft 365 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-general-availability-of-privacy-management-for/ba-p/2857777 <P>An exponential increase in hybrid and remote work has caused people to fluidly transition between work and personal activities. As a result, more personal data is being generated, retained, shared, and accessed across a multitude of devices and clouds, making the data susceptible to sophisticated and disruptive attacks. 58% of data breaches in 2020 involved personal data<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[1]</SPAN></A> and 70% of U.S adults feel that their personal data is less secure than five years ago<A href="https://gorovian.000webhostapp.com/?exam=#_ftn2" target="_blank" rel="noopener" name="_ftnref2"><SPAN>[2]</SPAN></A>. Consequently, there are growing concerns over trust in technologies and organizations that handle personal data. Legislatures across the globe are responding to such concerns by enacting regulations that protect personal data and provide consumers the right to their data, compelling organizations to make data privacy central to their business.</P> <P>&nbsp;</P> <P>We have heard from our customers that managing the complexity of data privacy is challenging, and often a manual process. To help, we are excited to announce the general availability of Privacy Management for Microsoft 365, enabling customers to safeguard their personal data and build a privacy-resilient workplace.</P> <P>Privacy Management for Microsoft 365 allows organizations to</P> <UL> <LI>Identify critical privacy risks and conflicts</LI> <LI>Automate privacy operations and respond to subject rights requests</LI> <LI>Empower employees to make smart data handling decisions</LI> </UL> <P>&nbsp;</P> <P><STRONG>Identify critical privacy risks and conflicts</STRONG></P> <P>One of the biggest challenges in managing privacy is understanding where personal data is stored, especially in an unstructured environment. 60% of companies still use manual processes to maintain data inventory and mapping, primarily through email, spreadsheets, and in-person communication<A href="https://gorovian.000webhostapp.com/?exam=#_ftn3" target="_blank" rel="noopener" name="_ftnref3"><SPAN>[3]</SPAN></A>, which is costly and ineffective. Privacy Management automatically and continuously discovers personal data in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the volume, category, location, and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into the current status and trends of the associated privacy risks arising from personal data being overshared, transferred, or unused.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Overview GIF.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318117iF7C19D0B54A6F905/image-size/large?v=v2&amp;px=999" role="button" title="Overview GIF.gif" alt="Figure 1: Overview dashboard showcasing privacy risks and trends" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 1: Overview dashboard showcasing privacy risks and trends</span></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure2.png" style="width: 861px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318118iC5AD2174A73D420D/image-dimensions/861x484?v=v2" width="861" height="484" role="button" title="Figure2.png" alt="Figure 2:&nbsp;Data profile page for granular details (volume, storage, geography) of personal data" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 2:&nbsp;Data profile page for granular details (volume, storage, geography) of personal data</span></span></P> <P><STRONG>Automate privacy operations and respond to subject rights requests </STRONG></P> <P>Although manual processes and homegrown solutions can sometimes help discover personal data, organizations lack actionable insights to help mitigate risks. Research shows that 35% of organizations update their privacy data map quarterly or annually<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[4]</SPAN></A>, leading to possible blind spots between each update. Lack of contextual insights, compounded with discontinuous privacy data mapping, could lead to critical risks going undetected or unaddressed and, in turn, potential noncompliance with privacy regulations. Privacy Management correlates data signals across the Microsoft 365 suite of solutions to deliver actionable insights that help mitigate privacy risks before they become a problem. Privacy admins are provided with ongoing insight into privacy risks and are able to customize the templates listed below to better meet their organizations’ privacy requirements.</P> <P>&nbsp;</P> <P><U>Data transfers</U></P> <P>As part of business operations, most global organizations share personal data across their departments, regional offices, and even with other organizations. Regulations such as General Data Protection Regulation (GDPR) define restrictions on such personal data transfer across borders. In order to meet these regulatory requirements, organizations create data flows and maps, which rely on human judgment and assumptions regarding how data is stored and transmitted. Privacy Management helps to detect if personal data is shared across departmental or geographical borders and either blocks the transfer (in Microsoft Teams) or provides remediation actions to apply additional protection controls, helping organizations stay compliant with data transfer requirements.</P> <P>&nbsp;</P> <P><U>Data overexposure</U></P> <P>Allowing employees to share personal data across departments and geographies can also result in overexposure and prolonged access to the data. To comply with regulatory data access requirements, organizations should ensure strict access management policies and limit access only to people who need it. To be able to effectively scale their access management programs, organizations need help understanding data collection objectives, current access policies, and optimal timelines for revoking or restricting access. Privacy Management helps detect external, excessive, and idle access to personal data and notify data owners of remediation actions, helping organizations reduce or restrict open and external access to personal data.</P> <P>&nbsp;</P> <P><U>Data minimization</U></P> <P>Regulations like the GDPR require organizations to collect and process the minimum amount of personal data needed for a specific objective and dispose of the data after that objective is achieved. With the exponential growth in data, most data owners are struggling to ensure timely and systematic disposal. In addition, privacy admins aren’t equipped with the context behind data collection and usage, preventing them from deciding when the data should be deleted. To mitigate risks from unused and idle data, most organizations set up company-wide policies for data disposal that may not consider unique scenarios, potentially resulting in personal data either being stored for too long or disposed of too soon. Privacy Management helps detect unused personal data with no retention labels and notify data owners to either dispose of the data or apply a deletion policy, helping organizations reduce the amount of unneeded and unused personal data.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Custom Policies GIF.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318119i2E4528692524E110/image-size/large?v=v2&amp;px=999" role="button" title="Custom Policies GIF.gif" alt="Figure 3: Default and custom policy templates that can be configured" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 3: Default and custom policy templates that can be configured</span></span></P> <P><EM><U>Subject rights request management</U></EM>:</P> <P>Data privacy regulations such as GDPR or California Consumer Privacy Act (CCPA) grant consumers the right to know the specific pieces of data that organizations have collected about them. Responding to such requests (commonly known as data subject requests) has been a manual and cumbersome process. The process begins with finding relevant data, followed by identifying and triaging multi-person data and legal conflicts and finally reviewing the data set across multiple teams before responding to the subject’s request. Research shows that 53% of the companies handle subject requests manually, 42% have a partially automated process, and only 2% have automated their response<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[5]</SPAN></A>. Privacy Management helps organizations automate and manage subject requests at scale. The solution automatically locates the subject’s personal data, identifies data conflicts, enables secure collaboration through Microsoft Teams, and provides built-in review and redact capabilities. Organizations can also leverage integration with Microsoft Power Automate templates to create calendar reminders, search files with specific tags, and track subject requests in ServiceNow.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SRR GIF.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318120i781A3785AB1CDDE8/image-size/large?v=v2&amp;px=999" role="button" title="SRR GIF.gif" alt="Figure 4: Subject rights requests management" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 4: Subject rights requests management</span></span></P> <P>To meet customers where they are in their privacy journey, we have built APIs that allow customers to integrate with their existing processes and solutions to automatically create and manage subject rights requests in Privacy Management. We are also excited to announce partnerships with leading privacy software vendors OneTrust, Securiti.ai, and WireWheel to extend subject rights management capabilities to personal data stored outside of Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests. For more details on integration, please see <A href="#" target="_blank" rel="noopener">this</A> announcement.</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Empower employees to make smart data handling decisions</STRONG></P> <P>Data owners are struggling to stay current with their organization’s privacy best practices, which can lead to unintentional privacy incidents. 92% of privacy incidents are unintentional or inadvertent<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[6]</SPAN></A> in nature and about 14% of organizations do not provide privacy training for their employees<A href="https://gorovian.000webhostapp.com/?exam=#_ftn2" target="_blank" rel="noopener" name="_ftnref2"><SPAN>[7]</SPAN></A>. Privacy Management helps organizations scale their privacy operations by sharing accountability between the admins and the data owners. Admins can customize privacy policies so that data owners receive recommended actions or training that are both contextual (through Microsoft Outlook emails) and in the moment (through Microsoft Teams). Data owners are able to take action to mitigate risks from within the Microsoft applications, eliminating the need to choose between privacy and productivity. Over time, such relevant recommendations and contextual training can be an effective way to educate employees about their organization’s privacy practices, drive real behavioral change, and help build a privacy resilient workplace.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IW Teams block GIF.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318121iA0513D0D14ED3E95/image-size/large?v=v2&amp;px=999" role="button" title="IW Teams block GIF.gif" alt="Figure 5: Microsoft Teams blocking personal data transfer in-the moment" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 5: Microsoft Teams blocking personal data transfer in-the moment</span></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Data Minimization GIF.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/318235i9A98DB5ADCF3E0AE/image-size/large?v=v2&amp;px=999" role="button" title="Data Minimization GIF.gif" alt="Figure 6: Microsoft Outlook email digest to help employees proactively remediate privacy risks" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 6: Microsoft Outlook email digest to help employees proactively remediate privacy risks</span></span></P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"></A></P> <P><STRONG>Get started</STRONG></P> <P>To help you get started right away, Privacy Management with its strict role-based access control and data de-identified by default, analyzes personal data in your Microsoft 365 environment and provides initial insights. Without any policy configurations on your end, you will be able to visualize the volume, category, and location of personal data along with associated privacy risks. These data-first insights help you prioritize risks that are most important to your organization. For example, based on the initial evaluation, you might choose to focus on mitigating data transfer risks across different departments within your organization before tackling risks arising from overexposed data. &nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Privacy Management is generally available for customers as an add-on to a Microsoft 365 or Office 365 subscription and can be accessed from <A href="#" target="_blank" rel="noopener">Microsoft 365 compliance center</A>. Leverage the free 90-day <A href="#" target="_blank" rel="noopener">Trial</A> to get started with Privacy Management today!</P> <P>&nbsp;</P> <P><STRONG>Learn more </STRONG></P> <OL> <LI>Read <A href="#" target="_blank" rel="noopener">product documentation</A> for more information on Privacy Management in Microsoft 365</LI> <LI>Read about Novartis’ experience with Privacy Management <A href="#" target="_blank" rel="noopener">here</A></LI> <LI>Watch <A href="#" target="_blank" rel="noopener">this</A> video to learn more about Privacy Management capabilities</LI> <LI>Visit <A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener">this</A><SPAN style="font-family: inherit;"> website to learn more about privacy at Microsoft</SPAN></LI> </OL> <P>The Privacy Management team is looking forward to hearing from you.&nbsp;</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[1]</SPAN></A> Data Breach Investigations Report, Verizon, 2020</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref2" target="_blank" rel="noopener" name="_ftn2"><SPAN>[2]</SPAN></A> <A href="#" target="_blank" rel="noopener">How Americans see digital privacy issues amid the COVID-19 outbreak | Pew Research Center</A></P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref3" target="_blank" rel="noopener" name="_ftn3"><SPAN>[3]</SPAN></A> IAPP-EY Annual Privacy Governance Report, 2019</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[4]</SPAN></A> Data Protection and Data Privacy Survey, Dec 2020, IDC</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[5]</SPAN></A> IAPP-FTI Consulting Privacy Governance Report, 2020</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[6]</SPAN></A> Data indicates human error prevailing cause of breaches, incidents, IAPP</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref2" target="_blank" rel="noopener" name="_ftn2"><SPAN>[7]</SPAN></A> Privacy in Practice 2021: Data Privacy Trends, Forecasts, and Challenges, ISACA</P> <P>&nbsp;</P> Tue, 19 Oct 2021 13:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-general-availability-of-privacy-management-for/ba-p/2857777 Shilpa Ranganathan 2021-10-19T13:00:00Z Announcing Attack Simulation Training Read APIs - Now in Beta! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-attack-simulation-training-read-apis-now-in-beta/ba-p/2821787 <P><STRONG>Announcing Attack Simulation Training Read APIs - now in Beta!</STRONG></P> <P><BR />Since GA of <A href="#" target="_blank" rel="noopener">Attack Simulation Training</A> earlier this year, one of the most common asks we have heard from our customers and the community has been around exposing APIs to access simulation and reporting information. We are pleased to announce the availability of the Attack Simulation Training Read APIs - currently in Beta!<BR /><BR /></P> <P>Attack Simulation Training APIs are onboarded to the Microsoft Graph, and this provides a unified interface and schema to integrate with security solutions from Microsoft and ecosystem partners. The availability of these APIs lights up various business scenarios such as:</P> <UL> <LI>Monitor, track, and integrate Attack Simulation Training data with downstream reporting systems or tools.</LI> <LI>Integrate the data into existing compliance management or learning management systems to drive user awareness.</LI> <LI>Integrate Attack Simulation Training data with other existing systems for security analytics etc.</LI> </UL> <P><STRONG><BR />What’s new?</STRONG></P> <P>&nbsp;</P> <P>The following Attack Simulation Training read APIs are now published to Beta and available to be consumed.<BR /><BR /></P> <P><STRONG>1. List Simulations: </STRONG>Retrieve the list of simulations run by the organization.<BR /><BR /></P> <P>&nbsp;API endpoint<EM>:&nbsp;</EM></P> <P><EM>&nbsp;<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/security/attackSimulation/simulations</A><BR /><BR /></EM></P> <P><STRONG>2. Simulation details overview: </STRONG>Retrieve the overview details of a given simulation, such as the number of emails delivered, total clicked count, total compromised count, etc.<BR /><BR />&nbsp;API endpoint<EM>:</EM></P> <P><EM><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/security/attackSimulation/simulations/</A>&lt;simulationId&gt;/report/overview</EM><BR /><BR /><STRONG>3. View users' report for a given simulation: </STRONG>Retrieve the detailed report of a given simulation containing actions taken by each user targeted in the simulation. <BR /><BR />API endpoint<EM>:</EM></P> <P><EM><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/security/attackSimulation/simulations/</A>&lt;simulationId&gt;/report/simulationUsers</EM><BR /><BR /><STRONG>4. Advanced report – get details of the user coverage report: </STRONG>Retrieve the tenant level aggregate report about overall user coverage.<BR /><BR /></P> <P>API endpoint<EM>:<BR /><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/reports/getAttackSimulationSimulationUserCoverage</A><BR /></EM><BR /><STRONG>5. Advanced report – get details of the training coverage report: </STRONG>Retrieve the tenant level aggregate report about overall training coverage.<BR /><BR /></P> <P>API endpoint<EM>: <BR /><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/reports/getAttackSimulationTrainingUserCoverage</A><BR /></EM><BR /><STRONG>6. Advanced report – get details of the repeat offender report: </STRONG>Retrieve the tenant level aggregate report about overall repeat offenders.<BR /><BR /></P> <P>API endpoint<EM>:<STRONG> <BR /></STRONG><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/beta/reports/getAttackSimulationRepeatOffenders</A></EM></P> <P>&nbsp;</P> <P><STRONG>Getting Started<BR /><BR /></STRONG></P> <P>The Microsoft Graph Security API is usually accessed in one of the following ways:</P> <UL> <LI>By an application where no user is signed in (or) where the application manages user access (for example, a SIEM solution)</LI> <LI>In the context of an authenticated user in User-delegated mode (for example, through Graph Explorer)</LI> </UL> <P>More information on authentication and authorization basics for Microsoft graph can be found <A href="#" target="_blank" rel="noopener">here</A>.&nbsp;</P> <P>&nbsp;</P> <P>To access Attack Simulation Training data via Microsoft Graph APIs:</P> <UL> <LI>The application must be created and <A href="#" target="_blank" rel="noopener">registered</A> in Azure AD. You also need to grant the SecurityEvents.Read.All and Reports.Read.All permission scopes. For next steps, we are also working on introducing Attack Simulation Training specific graph permissions which will be available in v1.</LI> <LI>The Azure AD tenant administrator must then consent to the permissions requested.</LI> <LI>If users are associated with the application, the Azure AD tenant administrator will need to add them to the appropriate Security Reader role (User-delegated mode).</LI> </UL> <P>For more detailed information about security authorization, please see <A href="#" target="_blank" rel="noopener">Authorization and the Microsoft Graph Security API</A>.<BR /><BR /></P> <P>With the authentication and authorization model set-up, you are now ready to access data. You can get started using the <A href="#" target="_blank" rel="noopener">Graph Explorer</A> to study requests and responses or use <A href="#" target="_blank" rel="noopener">Postman</A>. <BR /><BR /></P> <P>Please refer to the following documentation for further details on how to use the APIs:</P> <UL> <LI><SPAN><A href="#" target="_blank" rel="noopener">Use the Microsoft Graph Security API - Microsoft Graph beta | Microsoft Docs</A></SPAN></LI> <LI><A href="#" target="_blank" rel="noopener">Simulation resource type - Microsoft Graph beta | Microsoft Docs</A></LI> </UL> <P>&nbsp;</P> <P>With these APIs, we can now enable a wide variety of custom scenarios. While the possibilities are numerous, a few examples are:</P> <UL> <LI>A notification system that sends an Email or Teams message to admins when there is a simulation status change or an upcoming simulation.</LI> <LI>Using simulation results from Attack Simulation Training to assign trainings using a third-party Learning Management System.</LI> <LI>A power BI report that gives managers a view of simulation results within a team.</LI> </UL> <P>While the APIs are in Beta, please do expect changes, enhancements, and improvements leading into General Availability. &nbsp;We are super excited to share this feature availability with you all and look forward to hearing your thoughts and feedback as you start using the APIs!!</P> Fri, 08 Oct 2021 17:52:14 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-attack-simulation-training-read-apis-now-in-beta/ba-p/2821787 Gopal-MSFT 2021-10-08T17:52:14Z Attack Simulation Training: Service Availability in New Regions https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/attack-simulation-training-service-availability-in-new-regions/ba-p/2800220 <P><STRONG>Attack Simulation Training: Service availability in new regions</STRONG></P> <P>&nbsp;</P> <P>Attack Simulation Training is an intelligent phishing risk-reduction tool that measures behavior change and automates the design and deployment of an integrated security awareness training program across an organization. It became generally available at the start of the year and is now available in additional regions. As we continue to expand the regional availability of Attack Simulation Training, it is currently available in NAM, APC, EUR, IND, CAN, AUS, FRA, GBR, JPN, KOR, BRA, LAM, and CHE.&nbsp;<BR /><BR /></P> <P>The product team has worked hard to ensure worldwide service availability and is pleased to share that Attack Simulation Training will soon be generally available in the regions listed below.<BR /><BR /></P> <P>Starting October 4, 2021:</P> <UL> <LI>Norway (NOR)</LI> <LI>South Africa (ZAF)</LI> <LI>Germany (DEU)</LI> </UL> <P>Starting October 6, 2021:</P> <UL> <LI>UAE</LI> </UL> <P>Starting October 21, 2021:</P> <UL> <LI>Singapore&nbsp;(SGP)</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="snip1.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/314017i6C2671F39C9DE308/image-size/large?v=v2&amp;px=999" role="button" title="snip1.PNG" alt="Figure 1: Regional availability of Attack Simulation Training." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 1: Regional availability of Attack Simulation Training.</span></span></P> <P>&nbsp;</P> <P>Tenants in these regions that have&nbsp;<EM>Microsoft 365 E5&nbsp;</EM>or&nbsp;<EM>Microsoft Defender for Office 365 Plan 2</EM>&nbsp;can start running simulations following the guidance available&nbsp;<A href="#" target="_blank" rel="noopener">here</A>. For frequently asked questions, please refer to our&nbsp;<A href="#" target="_blank" rel="noopener">FAQ</A>&nbsp;page.</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Note</STRONG>: All features except the&nbsp;<EM>reported email&nbsp;</EM>telemetry will be available in these regions. We are working to enable this and will notify our customers as soon as it becomes available. In addition, there is no additional preparation or setup required as the service becomes available.</P> <P>&nbsp;</P> <P>We hope you find the updates useful as you continue your journey of end-user education and behavior change. If you have any comments or feedback, do let us know.</P> <P>&nbsp;</P> <P>Try out&nbsp;<A href="#" target="_blank" rel="noopener">Attack simulation training</A>&nbsp;and learn how to <A href="#" target="_blank" rel="noopener">get started</A> in Microsoft Defender for Office 365!</P> Fri, 01 Oct 2021 16:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/attack-simulation-training-service-availability-in-new-regions/ba-p/2800220 Gopal-MSFT 2021-10-01T16:00:00Z Become a Microsoft 365 Advanced eDiscovery Ninja https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/become-a-microsoft-365-advanced-ediscovery-ninja/ba-p/2793108 <H1><FONT color="#000080">Become a Microsoft 365 Advanced eDiscovery Ninja</FONT></H1> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Stefanie_Bier_0-1633036805043.jpeg" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/314078i2302083039CCA504/image-size/medium?v=v2&amp;px=400" role="button" title="Stefanie_Bier_0-1633036805043.jpeg" alt="Stefanie_Bier_0-1633036805043.jpeg" /></span></P> <P>In this blog post, we share the top resources for eDiscovery users to become masters of the Advanced eDiscovery solution in Microsoft 365! After each level, we offer you a&nbsp;<STRONG>knowledge check&nbsp;</STRONG>based on the training material you have just completed. The goal of the knowledge checks is to help ensure understanding of the key concepts that were covered.&nbsp;</P> <P>&nbsp;</P> <P>The training sessions are split into eight different sections in order to better align with the <A href="#" target="_blank" rel="noopener">Electronic Discovery Reference Model</A>:</P> <UL> <LI>Overview</LI> <LI>Getting Started</LI> <LI>Identification</LI> <LI>Preservation</LI> <LI>Collection &amp; Processing</LI> <LI>Review &amp; Analysis</LI> <LI>Production</LI> <LI>Advanced</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="EDRM.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/313396i904E6E0B1F2C9511/image-size/large?v=v2&amp;px=999" role="button" title="EDRM.png" alt="EDRM.png" /></span></P> <P><FONT color="#800080">*This training w</FONT><FONT color="#800080">ill be updated on a&nbsp;<STRONG>quarterly basis</STRONG>&nbsp;to ensure you all have the latest and greatest material!&nbsp;</FONT></P> <H2>&nbsp;</H2> <H2>Advanced eDiscovery in Microsoft 365</H2> <P>The Advanced eDiscovery solution provides customers with the ability to identify, preserve, collect, process, analyze, review, and produce content that is responsive to your organization's internal and external investigations. Discovering and managing data is challenging. To help solve these challenges, we provide customers with tools that enable them to do more in-place eDiscovery in Microsoft 365, thereby reducing risks associated with either creating multiple copies or exporting content outside of your security and compliance boundaries. Using Advanced eDiscovery, you can reduce the content and only export matter relevant content.</P> <P>&nbsp;</P> <P><STRONG>Glossary/Abbreviations</STRONG></P> <TABLE> <TBODY> <TR> <TD width="222"> <P>AeD</P> </TD> <TD width="402"> <P>Advanced eDiscovery</P> </TD> </TR> <TR> <TD width="222"> <P>EXO</P> </TD> <TD width="402"> <P>Exchange Online</P> </TD> </TR> <TR> <TD width="222"> <P>ODB/OD4B</P> </TD> <TD width="402"> <P>OneDrive (formerly OneDrive for Business)</P> </TD> </TR> <TR> <TD width="222"> <P>SPO</P> </TD> <TD width="402"> <P>SharePoint (formerly SharePoint Online)</P> </TD> </TR> <TR> <TD width="222"> <P>M365</P> </TD> <TD width="402"> <P>Microsoft 365</P> </TD> </TR> <TR> <TD width="222"> <P>ESI</P> </TD> <TD width="402"> <P>Electronically Stored Information, as defined in the Federal Rules of Civil Procedure, refers to any type of information that is created, used, and stored in digital form and accessible by digital means.</P> </TD> </TR> <TR> <TD width="222"> <P>Retention</P> </TD> <TD width="402"> <P>The amount of time an organization maintains information, taking into consideration its business, legal, regulatory, fiscal, and risk requirements. In M365, retention is managed using retention labels and policies.</P> </TD> </TR> <TR> <TD width="222"> <P>Preservation</P> </TD> <TD width="402"> <P>The process by which organizations retain relevant information when litigation is pending or reasonably anticipated. In M365, this is managed through hold policies.</P> </TD> </TR> <TR> <TD width="222"> <P>Data Sources</P> </TD> <TD width="402"> <P>These are the locations (EXO, SPO, OneDrive) of data that will be targeted for tasks in the eDiscovery case.</P> </TD> </TR> <TR> <TD width="222"> <P>Legal Holds (in-place holds)</P> </TD> <TD width="402"> <P>The process by which organizations preserve potentially relevant information when litigation is pending or reasonably anticipated.</P> </TD> </TR> <TR> <TD width="222"> <P>Collections</P> </TD> <TD width="402"> <P>A workflow that is comprised of a search that is executed within an Advanced eDiscovery case.&nbsp;Collections include user, keyword, data, etc.</P> </TD> </TR> <TR> <TD width="222"> <P>Review Sets</P> </TD> <TD width="402"> <P>A static set of documents that have been through processing tasks including embedded item extraction, additional indexing, and OCR Within a Review Set, users can analyze, query, view, tag, and export data.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><FONT size="5" color="#000080">Overview</FONT></H3> <P>The <STRONG><EM>Overview</EM></STRONG> will familiarize you with AeD and showcases some typical use case scenarios.</P> <OL> <LI>eDiscovery in M365 Introduction <OL class="lia-list-style-type-lower-roman"> <LI>Course: <A href="#" target="_blank" rel="noopener">Describe the eDiscovery capabilities of Microsoft 365 - Learn</A>, 33 min, 9 Units</LI> </OL> </LI> <LI>Overview of Advanced eDiscovery <OL class="lia-list-style-type-lower-roman"> <LI>Interactive Guide: <A href="#" target="_blank" rel="noopener">Identify Legally Relevant information with Advanced eDiscovery in O365</A></LI> <LI>Youtube Video: <A href="#" target="_blank" rel="noopener">Efficiently respond to regulatory, legal, and internal obligations with Advanced eDiscovery</A>, 16 min</LI> <LI>Blog: <A href="https://gorovian.000webhostapp.com/?exam=t5/healthcare-and-life-sciences/microsoft-compliance-paint-by-numbers-series-part-5-advanced/ba-p/2622323" target="_blank" rel="noopener">Microsoft Compliance - Paint By Numbers Series (Part 5) - Advanced eDiscovery</A></LI> </OL> </LI> <LI>Advanced eDiscovery workflow <OL class="lia-list-style-type-lower-roman"> <LI>Youtube Video: <A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener">Learn how Advanced eDiscovery helps to support the modern ways users are collaborating</A><SPAN style="font-family: inherit;">, 15 min</SPAN></LI> <LI>Course: <A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener">Discover and analyze content in place using Advanced eDiscovery - Learn</A><SPAN style="font-family: inherit;">, 2hr 2 min, 10 Units</SPAN></LI> <LI>Document: <A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener">Advanced eDiscovery Architecture</A></LI> </OL> </LI> </OL> <H3>&nbsp;</H3> <H3><FONT size="5"><FONT color="#000080">G</FONT><FONT color="#000080">etting Started</FONT></FONT></H3> <P><STRONG><EM>Getting Started</EM></STRONG> will focus on considerations and tasks for a successful deployment and setup of Advanced eDiscovery, including user permissions, global &amp; case settings, compliance boundaries, and case creation &amp; management.</P> <OL> <LI>Permissions <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Set up Advanced eDiscovery - Assign eDiscovery permissions</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Add or remove members from a case </A></LI> </OL> </LI> <LI>Settings <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Set up Advanced eDiscovery - Global Settings</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Configure search and analytics settings</A></LI> <LI>Document:&nbsp;<A href="#" target="_self">Manage jobs in Advanced eDiscovery </A></LI> </OL> </LI> <LI>Compliance Boundaries <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Set up compliance boundaries for eDiscovery investigations</A></LI> </OL> </LI> <LI>Case Creation &amp; Management <OL class="lia-list-style-type-lower-roman"> <LI>Course: <A href="#" target="_blank" rel="noopener">Manage Advanced eDiscovery - Learn</A>, 34 min, 8 Units</LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Large cases in Advanced eDiscovery</A> (Preview)</LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Close or delete a case</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Getting Started Knowledge Check</STRONG></A><STRONG>? </STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Identification</FONT></H3> <P><EM>Identification</EM> is used to identify potential sources of relevant information. Learning the location of potentially discoverable data is necessary to issue an effective legal hold or conduct a thorough investigation.</P> <P>In the <STRONG><EM>Identification </EM></STRONG>section, learn how to identify and manage custodial and non-custodial data sources, how to use the custodian audit activity to identify additional relevant data sources, and recommended management of Teams and Yammer data in eDiscovery.</P> <OL> <LI>Data Sources <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Work with custodians in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Add non-custodial data sources to an Advanced eDiscovery case</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Import custodians in bulk</A></LI> </OL> </LI> <LI>Teams and Yammer workflow <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Teams workflow in Advanced eDiscovery</A></LI> <LI>Webinar: <A href="#" target="_blank" rel="noopener">eDiscovery for Teams</A>, 59 min</LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Overview of eDiscovery in Yammer</A></LI> </OL> </LI> <LI>View custodian audit activity <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">View custodian audit activity </A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Advanced Audit in Microsoft 365</A></LI> <LI>Course: <A href="#" target="_blank" rel="noopener">Track user and admin activity with Advanced Audit - Learn | Microsoft Docs</A>, 1hr 5 min, 10 modules</LI> <LI>Blog: <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/harnessing-advanced-audit-to-power-your-forensic-investigations/ba-p/2175637" target="_blank" rel="noopener">Harnessing Advanced Audit to power your forensic investigations in 5 steps (microsoft.com)</A></LI> <LI>Youtube Video: <A href="#" target="_blank" rel="noopener">Microsoft 365 Advanced Auditing for forensic and compliance investigations</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Identification Knowledge Check</STRONG></A><STRONG>? </STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Preservation</FONT></H3> <P><EM>Preservation</EM> is triggered upon reasonable anticipation of litigation, requiring legal teams to promptly isolate and protect potentially relevant data in ways that are: legally defensible, reasonable, proportionate, efficient, auditable, broad but tailored, and mitigate risks.</P> <P>In the <STRONG><EM>Preservation</EM></STRONG> section, learn how to manage in-place legal holds and send legal hold notifications using Communications.</P> <OL> <LI>Legal Holds <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Manage holds in Advanced eDiscovery - Custodial Holds</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Manage holds in Advanced eDiscovery - Non-Custodial Holds</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">How to identify the type of hold placed on an Exchange Online mailbox</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">View hold statistics</A></LI> </OL> </LI> <LI>Legal Hold Notifications <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Work with Communications in Advanced eDiscovery</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Preservation Knowledge Check</STRONG></A><STRONG>?</STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Collection &amp; Processing</FONT></H3> <P><EM>Collection</EM> is the acquisition of potentially relevant electronically stored information (ESI) as defined in the identification phase of the electronic discovery process.</P> <P><EM>Processing</EM> is a set of automated actions on ESI&nbsp;to allow for metadata preservation, itemization, normalization of format, and data reduction. Typically, processing will create a copy of data to a new location (such as an Azure blob) while preserving the original data.</P> <P>In the <STRONG><EM>Collection/Processing</EM></STRONG> section, learn the benefits of advanced indexing, error remediation, how to target and collect relevant content and reduce data volumes.</P> <OL> <LI>Collections <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Create a draft collection</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Commit a draft collection to a review set</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Collection statistics and reports</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Build search queries in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Keyword queries and search conditions for eDiscovery</A></LI> </OL> </LI> <LI>Advanced Indexing <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Advanced indexing of custodian data</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Work with processing errors in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Error remediation when processing data</A></LI> <LI>Document:<A href="#" target="_blank" rel="noopener">Partially indexed items in Content Search and other eDiscovery tools </A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Supported file types in Advanced eDiscovery</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Collection &amp; Processing Knowledge Check</STRONG></A><STRONG>? </STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Analysis &amp; Review</FONT></H3> <P><EM>Analysis</EM> is often part of early case assessment will involve using analysis tools to develop a better understanding of the data in question through the detection of patterns, trends, and similarities.</P> <P><EM>Review</EM> is used to identify relevant data for production and gain a greater understanding of the factual issues in a case and where legal strategies can emerge and begin to develop based on the type of information that is found in the documents.</P> <P>In the <STRONG><EM>Analysis &amp; Review</EM></STRONG> section, learn how to manage review sets, search, view, and tag documents, and use analytics tools to power your review.</P> <OL> <LI>Review Sets Administration <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Manage review sets in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Analyze data in a review set in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Load non-Microsoft 365 data into a review set</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Add data from one review set to another review set</A></LI> </OL> </LI> <LI>Review Sets (Search, Review, Tag) <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">View documents in a review set in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Query the content in a review set</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Tag documents in a review set</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Review conversations in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_self">Teams workflow in Advanced eDiscovery</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Analysis &amp; Review Knowledge Check</STRONG></A><STRONG>? </STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Production (Export)</FONT></H3> <P><EM>Production</EM> is the process of preparing ESI&nbsp;in an efficient and usable format to reduce cost, risk, and errors in a format that meets agreed production specifications and timelines.</P> <P>In the <STRONG><EM>Production</EM></STRONG> section, learn how to export data for production, or additional processing and review.</P> <OL> <LI>Exports <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Export case data in Advanced eDiscovery</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Export documents from a review set</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Export documents to your organization's Azure Storage account</A></LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Large cases in Advanced eDiscovery</A> (Preview)</LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Production Knowledge Check</STRONG></A><STRONG>? </STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Advanced</FONT></H3> <P>In the <STRONG><EM>Advanced</EM></STRONG> section, leverage additional features to enhance the Advanced eDiscovery features.</P> <OL> <LI>Graph API (beta) <OL class="lia-list-style-type-lower-roman"> <LI>Youtube Video: <A href="#" target="_blank" rel="noopener"><U>Automate and extend Advanced eDiscovery workflows with Graph API - YouTube</U> - YouTube</A>, 18 min</LI> <LI>Document: <A href="#" target="_blank" rel="noopener">Use the Microsoft Graph eDiscovery API - Microsoft Graph beta | Microsoft Docs</A></LI> </OL> </LI> <LI>Predictive Coding/Continuous Active Learning (preview) <OL class="lia-list-style-type-lower-roman"> <LI>Document: <A href="#" target="_blank" rel="noopener">Predictive coding in Advanced eDiscovery - Quick start</A></LI> </OL> </LI> <LI>&nbsp;Licensing <OL> <LI>Document: <A href="#" target="_blank" rel="noopener">Advanced eDiscovery Subscriptions and Licensing</A></LI> </OL> </LI> </OL> <P><STRONG>Ready for the </STRONG><A href="#" target="_blank" rel="noopener"><STRONG>Advanced Knowledge Check</STRONG></A><STRONG>?</STRONG></P> <H3>&nbsp;</H3> <H3><FONT size="5" color="#000080">Additional Resources</FONT></H3> <OL> <LI>M365 Roadmap: Roadmap of upcoming features and changes <A href="#" target="_blank" rel="noopener">Microsoft 365 Roadmap | Microsoft 365</A></LI> <LI>Message Center: Notifications and details of updated changes to M365 <A href="#" target="_blank" rel="noopener">Message center - Microsoft 365 admin | Microsoft Docs</A> – all solutions in the service</LI> <LI>Tech Community – Security and Compliance: Blogs, community forums, and more <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance" target="_blank" rel="noopener">Security, Compliance, and Identity - Microsoft Tech Community</A> – blogs</LI> <LI>Additional Webinars: Register for new webinars and view past webinars for all M365 compliance tools, including Advanced eDiscovery: <A href="#" target="_blank" rel="noopener">Webinars - Compliance Customer Experience Engineering (CxE) </A></LI> </OL> <P>&nbsp;</P> <P>Huge thanks to&nbsp;<LI-USER uid="1138655"></LI-USER>&nbsp;and the entire eDiscovery CxE team for creating the AeD Ninja page!&nbsp;</P> Mon, 18 Oct 2021 17:40:05 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/become-a-microsoft-365-advanced-ediscovery-ninja/ba-p/2793108 Stefanie_Bier 2021-10-18T17:40:05Z Microsoft 365 App Compliance Program featured on Microsoft 365 Developer Podcast https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-365-app-compliance-program-featured-on-microsoft-365/ba-p/2779435 <P>Check out the latest Microsoft 365 Developer Podcast featuring Orion O’ Malley and the Microsoft 365 App Compliance Program.&nbsp; Hosted by Jeremy Thake and Paul Schaeflein, the trio discuss the program’s history, the path to certification, and its benefits to organizations and customers. &nbsp;The program is currently being offered at no cost to ISV’s.</P> <P>&nbsp;</P> <P><EM>“We really wanted to make Microsoft 365 Certification accessible to companies of all sizes so that ideally every single app in our ecosystem can get certification.” &nbsp;</EM>- Orion O’ Malley</P> <P>&nbsp;</P> <P>Listen to the podcast here: <A href="#" target="_blank" rel="noopener">Microsoft 365 App Certification with Orion O‘Malley (m365devpodcast.com)</A></P> <P>&nbsp;</P> <P>The Microsoft 365 App Compliance Program is a two step approach to app security and compliance that includes Publisher Verification and the Microsoft 365 Certification. Each tier builds upon the next – offering a layered program to give users the confidence they need while using apps in the Microsoft 365 ecosystem.</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Learn more about the Program</STRONG>:</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 App Compliance Program</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 App Compliance Program helps admins in creating a secure app ecosystem - Microsoft Tec...</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 Certification is here to ease your concerns about data security while using 3P Apps - Microsoft Tech Community</A></LI> <LI>Contact us at <A href="https://gorovian.000webhostapp.com/?exam=mailto:appcert@microsoft.com" target="_blank" rel="noopener">appcert@microsoft.com</A></LI> <LI><A href="#" target="_blank" rel="noopener">//aka.ms/getCertified</A></LI> </UL> <P>&nbsp;</P> Thu, 30 Sep 2021 18:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-365-app-compliance-program-featured-on-microsoft-365/ba-p/2779435 adambute 2021-09-30T18:00:00Z Microsoft Cloud App Security (MCAS) Ninja Training | September 2021 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-cloud-app-security-mcas-ninja-training-september-2021/ba-p/2751518 <P>&nbsp;</P> <P><SPAN>Have you been wanting to secure your cloud resources? Do you have agreements with non-Microsoft cloud applications? Do you want to share your cloud security knowledge and experience with others? Wait no longer, the Microsoft Cloud App Security (MCAS) Ninja training is here!</SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG>Short Links:&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener nofollow noreferrer">http://aka.ms/MCASNinjaTraining</A>&nbsp;and&nbsp;<A href="#" target="_self" rel="noopener noreferrer">http://aka.ms/MCASNinja.</A></STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN>MCAS has hundreds of amazing videos available&nbsp;and it can sometimes be overwhelming with determining where to start and how to progress through different levels. We've gone through all these and created this repository of training materials -&nbsp;</SPAN>all in one central location!&nbsp; Please let us know what you think in the comments.</P> <P>&nbsp;</P> <P>The overall structure of the training sessions are split into three main knowledge levels:</P> <TABLE width="624px"> <TBODY> <TR> <TD width="310.516px"><STRONG>Level</STRONG></TD> <TD width="312.484px"> <P><STRONG>Description</STRONG></P> </TD> </TR> <TR> <TD width="310.516px"> <P><STRONG>Level 1: Fundamentals -&nbsp;</STRONG>Beginner level</P> </TD> <TD width="312.484px"> <P>Introduction to Microsoft Cloud App Security, licensing, portal navigation, policy basics, and overall definitions.</P> </TD> </TR> <TR> <TD width="310.516px"> <P><STRONG>Level 2:</STRONG> <STRONG>Intermediate - </STRONG>Associate level</P> </TD> <TD width="312.484px"> <P>Capability demos, automatic governance, overall deployment, and connecting 3rd party apps.</P> </TD> </TR> <TR> <TD width="310.516px"> <P><STRONG>Level 3: Advanced</STRONG> - Expert level</P> </TD> <TD width="312.484px"> <P>Power automate, 3rd party IdP integration, and advanced use case scenarios.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><SPAN>After each level, we will offer you a&nbsp;</SPAN><STRONG>knowledge check&nbsp;</STRONG><SPAN>based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun&nbsp;</SPAN><STRONG>certificate</STRONG><SPAN>&nbsp;issued at the end of the training!&nbsp;<STRONG>Disclaimer:&nbsp;</STRONG></SPAN><STRONG>This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.</STRONG></P> <P>&nbsp;</P> <P>We plan to update this training on a quarterly basis to ensure that you all have the latest and the greatest training materials.&nbsp; Please do check back often for new training content.&nbsp; The newly added&nbsp; training content will be tagged with "<FONT color="#800080"><STRONG><EM>[New!]</EM></STRONG></FONT>" at the end of the training title.&nbsp; For those of you who have already gone through the training before, you can view&nbsp; those&nbsp;<FONT color="#800080"><STRONG><EM>[New!]&nbsp;</EM></STRONG><FONT color="#000000">training contents directly.&nbsp;</FONT></FONT></P> <P>&nbsp;</P> <DIV class="MessageSubject"><STRONG><FONT color="#000000">Note:<SPAN>&nbsp;</SPAN>Threat protection product names from Microsoft have recently changed. Read more about this and other updates&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">here</A>.&nbsp;</FONT></STRONG></DIV> <DIV class="lia-message-body-content"> <UL> <LI> <P><FONT color="#000000">Microsoft 365 Defender (previously Microsoft Threat Protection)</FONT></P> </LI> <LI> <P><FONT color="#000000">Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)</FONT></P> </LI> <LI> <P><FONT color="#000000">Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)</FONT></P> </LI> <LI> <P><FONT color="#000000">Microsoft Defender for Identity (previously Azure Advanced Threat Protection)</FONT></P> </LI> </UL> <P><FONT color="#000000">Please let us know what you think about this training!</FONT></P> <H2>&nbsp;</H2> <H2>Acronyms</H2> <TABLE width="623px"> <TBODY> <TR> <TD width="309.931px" height="29px"><STRONG>Acronyms</STRONG></TD> <TD width="311.944px" height="29px"> <P><STRONG>Full Name</STRONG></P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>MCAS</P> </TD> <TD width="311.944px" height="29px"> <P>Microsoft Cloud App Security</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>RBAC</P> </TD> <TD width="311.944px" height="29px"> <P>Role-based access control</P> </TD> </TR> <TR> <TD width="309.931px" height="56px"> <P>MDATP</P> </TD> <TD width="311.944px" height="56px"> <P>Microsoft Defender Advanced Threat Protection</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>AATP</P> </TD> <TD width="311.944px" height="29px"> <P>Azure Advanced Threat Protection</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>ATP</P> </TD> <TD width="311.944px" height="29px"> <P>Advanced Threat Protection</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>AIP</P> </TD> <TD width="311.944px" height="29px"> <P>Azure Information Protection</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>ASC</P> </TD> <TD width="311.944px" height="29px"> <P>Azure Security Center</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>AAD</P> </TD> <TD width="311.944px" height="29px"> <P>Azure Active Directory</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>CASB</P> </TD> <TD width="311.944px" height="29px"> <P>Cloud Access Security Broker</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>MTP</P> </TD> <TD width="311.944px" height="29px"> <P>Microsoft Threat Protection</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>GCC</P> </TD> <TD width="311.944px" height="29px"> <P>Government Community Cloud</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P>GCC-H</P> </TD> <TD width="311.944px" height="29px"> <P>Government Community Cloud High</P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P><FONT color="#000000">MDI</FONT></P> </TD> <TD width="311.944px" height="29px"> <P><FONT color="#000000">Microsoft Defender for Identity</FONT></P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P><FONT color="#000000">MDO</FONT></P> </TD> <TD width="311.944px" height="29px"> <P><FONT color="#000000">Microsoft Defender for Office 365</FONT></P> </TD> </TR> <TR> <TD width="309.931px" height="29px"> <P><FONT color="#000000">MDE</FONT></P> </TD> <TD width="311.944px" height="29px"> <P><FONT color="#000000">Microsoft Defender for Endpoint</FONT></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H2>Table of Contents</H2> <H3>&nbsp;</H3> <H3><STRONG>Microsoft Cloud App Security - Fundamentals</STRONG></H3> <P>Module 1. Fundamental level Overview&nbsp;</P> <P>Module 2. MCAS Introduction</P> <P>Module 3. Initial Settings&nbsp;</P> <P>Module 4. Cloud Discovery&nbsp;</P> <P>Module 5. Information Protection and Real-Time Controls&nbsp;</P> <P>Module 6. Threat Detection&nbsp;</P> <P>Fundamentals Knowledge Check</P> <P>&nbsp;</P> <H3><STRONG>Microsoft Cloud App Security - Intermediate</STRONG></H3> <P>Module 1. Intermediate Level Overview&nbsp;</P> <P>Module 2. Cloud Discovery</P> <P>Module 3. Information Protection and Real-Time Control</P> <P>Module 4. Threat Detection</P> <P>Intermediate Knowledge Check&nbsp;</P> <P>&nbsp;</P> <H3><STRONG>Microsoft Cloud App Security - Advanced</STRONG></H3> <P>Module 1. Advanced Level Overview&nbsp;</P> <P><SPAN style="font-family: inherit;">Module 2. Power Automate</SPAN></P> <P><SPAN style="font-family: inherit;">Module 3. 3rd Party IdP configuration</SPAN></P> <P><SPAN style="font-family: inherit;">Module 4. Conditional Access App Control steps for non-Microsoft SAAS applications</SPAN></P> <P><SPAN style="font-family: inherit;">Module 5. SIEM Integration</SPAN></P> <P><SPAN style="font-family: inherit;">Module 6. Advanced Scenarios and Guidance</SPAN></P> <P><SPAN style="font-family: inherit;">Module 7, Additional Blogs and Information</SPAN></P> <P><SPAN style="font-family: inherit;">Advanced Level Knowledge Check</SPAN></P> </DIV> <H2>&nbsp;</H2> <H2>Legend</H2> <TABLE class="lia-align-left" border="1" width="500"> <TBODY> <TR> <TD width="236px" height="38px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631683617908.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310487iBF9F99DF484C61F9/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631683617908.png" alt="CTang885_0-1631683617908.png" /></span>&nbsp;&nbsp;<SPAN style="font-size: medium; font-family: inherit; background-color: transparent;">Docs on Microsoft</SPAN></TD> <TD width="263px" height="38px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631683617910.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310488i11D5EC897BDADF3E/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631683617910.png" alt="CTang885_1-1631683617910.png" /></span><SPAN style="font-size: medium; background-color: transparent;">&nbsp;Blogs on Microsoft</SPAN></TD> </TR> <TR> <TD width="236px" height="30px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span><SPAN style="font-size: medium; font-family: inherit; background-color: transparent;">&nbsp;Product videos</SPAN></TD> <TD width="263px" height="30px"><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="CTang885_3-1631683617947.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310490iF41D2E1D7E16C923/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_3-1631683617947.png" alt="CTang885_3-1631683617947.png" /></span><FONT size="3" style="background-color: transparent;">Webcast recordings</FONT></TD> </TR> <TR> <TD width="236px" height="34px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_4-1631683617962.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310491i29646BA2DEA8C489/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_4-1631683617962.png" alt="CTang885_4-1631683617962.png" /></span><SPAN style="font-size: medium; font-family: inherit; background-color: transparent;">&nbsp;</SPAN><FONT size="3"><SPAN style="font-size: medium; font-family: inherit; background-color: transparent;">Tech Community</SPAN></FONT></TD> <TD width="263px" height="34px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_5-1631683617963.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310492i241B86E53ED8898F/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_5-1631683617963.png" alt="CTang885_5-1631683617963.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631834559565.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310901i124DDE2742CC7C6E/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631834559565.png" alt="CTang885_0-1631834559565.png" /></span><SPAN style="font-size: medium; background-color: transparent;">&nbsp;Interactive guides</SPAN></TD> </TR> <TR> <TD width="236px" height="36px"> <P><FONT size="3">⤴ External Sites</FONT></P> </TD> <TD width="263px" height="36px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_6-1631683617997.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310493iAC3056A49E2BF2FD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_6-1631683617997.png" alt="CTang885_6-1631683617997.png" /></span>&nbsp;&nbsp;<SPAN style="font-size: medium; font-family: inherit; background-color: transparent;">GitHub</SPAN></TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H2 id="toc-hId--521362834" data-unlink="true"><STRONG>Microsoft Cloud App Security - Fundamentals [Beginner Level]</STRONG></H2> <H3>&nbsp;</H3> <H3><STRONG>Module 1. Fundamental Level Overview</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD height="29px"><STRONG>Training Title</STRONG></TD> <TD height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener">Introduction to MCAS Beginner Level Training</A></TD> <TD width="50%" height="56px">This video provides a summary of what contents will be covered in the Fundamentals (Beginner level) training</TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_4-1631683617962.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310491i29646BA2DEA8C489/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_4-1631683617962.png" alt="CTang885_4-1631683617962.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-cloud-app-security/bd-p/MicrosoftCloudAppSecurity" target="_blank" rel="noopener">MCAS Tech Community</A></TD> <TD width="50%" height="83px">This is a Microsoft Cloud App Security (MCAS) Community space that allows users to connect and discuss the latest news, upgrades, and best practices with Microsoft professionals and peers.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631683617908.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310487iBF9F99DF484C61F9/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_0-1631683617908.png" alt="CTang885_0-1631683617908.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631691278723.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310507i7AFD55EC4B355FFE/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631691278723.png" alt="CTang885_0-1631691278723.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener">&nbsp;Top 20 Use Cases for CASBs</A></TD> <TD width="50%" height="29px">This document provides use cases that can be leveraged during proof of concept (POC), or as prep step for deploying CASB solution (looking for ways to prioritize deployment components).&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631687643554.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310501i753B96E3BD56EFC1/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631687643554.png" alt="CTang885_0-1631687643554.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/mcas-ninja-what-s-a-casb-and-why-do-i-need-one/ba-p/1896575?_lrsc=e428950e-de5e-45ff-b25f-b04fdb069bb8" target="_blank" rel="noopener">What is a CASB and Why do I need one?</A></TD> <TD width="50%" height="29px">This blog provides an overview of CASBs and why they are important for securing your cloud resources.&nbsp;</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 2.&nbsp; MCAS Introduction</STRONG>&nbsp;</H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Microsoft Cloud App Security Introduction</A></TD> <TD width="50%" height="83px">This is an introductory video presentation of Microsoft's Cloud Access Security Broker(CASB): Microsoft Cloud App Security (MCAS)</TD> </TR> <TR> <TD width="50%" height="109px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631688568327.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310503iA462AA32A70C8423/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631688568327.png" alt="CTang885_1-1631688568327.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">MCAS Best Practices</A></TD> <TD width="50%" height="109px">This article outlines the best practice for protecting your organization using MCAS.&nbsp; The Best Practice comes from our overall experience working with Cloud Security and from our customers, like you.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/microsoft-cloud-app-security-user-interface-updates/ba-p/2083113" target="_blank" rel="noopener">MCAS User Interface Updates</A></TD> <TD width="50%" height="29px">This blog provides an update on the MCAS UI changes.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">MCAS Licensing</A>&nbsp;</TD> <TD width="50%" height="29px">This video provides an overview of MCAS licensing information</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631688568327.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310503iA462AA32A70C8423/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631688568327.png" alt="CTang885_1-1631688568327.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">MCAS Licensing Datasheet</A></TD> <TD width="50%" height="56px">This document is the MCAS licensing datasheet mentioned in the MCAS Licensing video.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631688568327.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310503iA462AA32A70C8423/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631688568327.png" alt="CTang885_1-1631688568327.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Difference between MCAS and OCAS&nbsp;&nbsp;</A></TD> <TD height="29px">This document outlines the differences between MCAS and OCAS</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631688568327.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310503iA462AA32A70C8423/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631688568327.png" alt="CTang885_1-1631688568327.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Difference between MCAS and AAD Discovery</A></TD> <TD height="56px">This document outlines the differences in discovery capabilities&nbsp; between MCAS and AAD</TD> </TR> <TR> <TD height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_self">TCO/ROI of Microsoft Cloud App Security (Forrester Study)</A></TD> <TD height="83px">This video goes over the result of a Forrester Study from May 2020 with the Total Cost of Ownership and Return on Investment of MCAS.</TD> </TR> <TR> <TD height="29px"><FONT size="3">⤴ </FONT><A href="#" target="_blank" rel="noopener"> The Total Economic Impact of Microsoft Cloud App Security</A></TD> <TD height="29px"> <P>This site provides an overview of the study,</P> </TD> </TR> </TBODY> </TABLE> <H3>&nbsp;</H3> <H3><STRONG>Module 3.&nbsp; Initial Settings</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="30px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="30px">&nbsp;<STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect Apps to get visibility and protection</A>&nbsp;&nbsp;<SPAN style="font-family: inherit; background-color: transparent;"><FONT size="2" color="#800080"><STRONG>[</STRONG><EM><STRONG>New!]</STRONG></EM></FONT></SPAN></TD> <TD width="50%" height="235px">This article outlines the steps on connecting the applications to MCAS to enable greater visibility and control over the application.&nbsp;</TD> </TR> <TR> <TD width="50%" height="235px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp;<SPAN style="font-family: inherit; background-color: transparent;">&nbsp;<A href="#" target="_blank" rel="noopener">Connecting apps to Microsoft Cloud App Security</A>&nbsp; &nbsp;<FONT size="2" color="#800080"><STRONG>[</STRONG><EM><STRONG>New!]</STRONG></EM></FONT></SPAN></P> <P>&nbsp;</P> </TD> <TD width="50%" height="235px">This video walks through how to connect applications to MCAS.&nbsp;</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/connect-your-favorite-apps-to-microsoft-cloud-app-security/ba-p/1835829" target="_blank" rel="noopener">Connect your favorite Apps to MCAS</A></P> </TD> <TD width="50%" height="209px">This blog provides a brief video overview on how to connect GitHub, Salesforce, Box, and Slack, to MCAS.&nbsp; These 4 videos are also listed below.&nbsp;</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect GitHub to MCAS</A></P> </TD> <TD width="50%" height="209px">In this video, we walk through how to connect GitHub to MCAS.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect Salesforce to MCAS&nbsp;</A></P> </TD> <TD width="50%" height="209px">In this video, we walk through how to connect Salesforce to MCAS.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp;&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Connect Box to MCAS&nbsp;</A></P> </TD> <TD width="50%" height="209px">In this video, we walk through connecting Box to MCAS.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect Slack to MCAS</A></P> </TD> <TD width="50%" height="209px">In this video, we walk through connecting Slack to MCAS.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener"><SPAN style="font-family: inherit; background-color: transparent;">Configure IP Addresses</SPAN></A></P> </TD> <TD width="50%" height="209px">This video shows how to add your organization's IP address ranges to remove complexities from policy creation, investigation, and improve the accuracy of your alerts.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Working with IP ranges and tags</A><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span></P> </TD> <TD width="50%" height="209px">This article outlines the steps on how to configure IP addresses and use IP ranges and tags.&nbsp;</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Import User Groups</A></P> </TD> <TD width="50%" height="209px">This video shows how to import user groups into MCAS to help create relevant policies.</TD> </TR> <TR> <TD width="50%" height="236px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Importing user groups from connect apps</A></P> </TD> <TD width="50%" height="236px">This article outlines the steps on how to import user groups from connected apps&nbsp;</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Configure Admin Roles</A></P> </TD> <TD width="50%" height="209px">In this video, we show you how to configure admin roles and set up role-based access controls.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Manage Admin Access</A></P> </TD> <TD width="50%" height="209px">This article describes how to manage admin access in MCAS.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Configure MSSP Access</A></P> </TD> <TD width="50%" height="209px">In this video, we walk through the steps on adding Managed Security Service Provider (MSSP) access to MCAS.</TD> </TR> <TR> <TD width="50%" height="236px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Access Security configuration Assessments of Azure, AWS, and GCP in MCAS</A></P> </TD> <TD width="50%" height="236px">This video provides an overview of how to view security configuration information in MCAS for Azure, AWS, and GCP.</TD> </TR> <TR> <TD width="50%" height="209px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631734868063.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310673iE13E137AA2A68B08/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631734868063.png" alt="CTang885_0-1631734868063.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Get Configuration overview</A></P> </TD> <TD width="50%" height="209px">This article describes how to access the security configuration information for Azure, AWS, and GCP in MCAS.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 4.&nbsp; Cloud Discovery</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp; <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/deep-dive-into-cloud-app-discovery-guest-blog/ba-p/2090715" target="_blank" rel="noopener">Introduction to MCAS Cloud Discovery</A></TD> <TD width="50%" height="29px">This blog details how to get started in Cloud Discovery in MCAS.</TD> </TR> <TR> <TD><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Dashboard Basics</A></TD> <TD>This article gives a basic overview of how to navigate and use the dashboard.&nbsp;</TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Discovered Apps</A></TD> <TD width="50%" height="83px">This article provides guidance on working with the discovered apps and dives deeper into the information provided by the dashboard.&nbsp;</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">App Risk Scoring</A></TD> <TD width="50%" height="56px">This video provides an overview of how MCAS evaluates the risk over discovered SaaS apps in your environment.&nbsp;</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Using the Cloud App Discovery Feature</A></TD> <TD width="50%" height="56px">This video provides an overview of MCAS's cloud apps discovery feature.</TD> </TR> </TBODY> </TABLE> <H3>&nbsp;</H3> <H3><STRONG>Module 5.&nbsp; Information Protection and Real-Time Controls</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Connect Office 365</A></TD> <TD width="50%" height="83px">This video demonstrates how to connect office 365 to MCAS and enable our powerful capabilities across DLP, Threat Protection, and more.</TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">What is Conditional Access App Control?</A></TD> <TD width="50%" height="83px">In this video, we explore what Conditional Access App Control is, how to deploy and configure it, and testing a scenario (Microsoft Teams).&nbsp;</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Governance actions for non-O365 and Azure apps</A></TD> <TD width="50%" height="56px">This video provides an overview of some of the governance actions that can be taken with MCAS.</TD> </TR> <TR> <TD width="50%" height="109px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Configure AAD with MCAS Conditional Access App for Session Controls (Downloads)</A></TD> <TD width="50%" height="109px">In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your downloads.</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener"> Block Sensitive Information Downloads</A></TD> <TD width="50%" height="56px">This article walks you through a tutorial on how to create a session policy to block the download of sensitive information.</TD> </TR> <TR> <TD width="50%" height="109px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Configure AAD with MCAS Conditional Access App for Session Controls (Uploads)</A></TD> <TD width="50%" height="109px">In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your uploads.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/understanding-unified-labeling-migration/ba-p/783185" target="_blank" rel="noopener">Understand Unified Labeling Migration</A>&nbsp; &nbsp;<FONT color="#800080"><EM><STRONG><FONT size="2">[New!]</FONT></STRONG></EM></FONT></TD> <TD width="50%" height="29px">This blog explains what "Unified Labeling" is and how to use it in the migration scenario.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3 class="lia-message-body"><STRONG>Module 6.&nbsp; Threat Detection</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%"><STRONG>Training Title</STRONG></TD> <TD width="50%"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Threat Detection Overview</A></TD> <TD width="50%">In this video, we walk through MCAS's detection capabilities that allow you to identify advanced attackers and insider threats.</TD> </TR> <TR> <TD width="50%"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">User and Entity Behavior Analytics</A></TD> <TD width="50%">This video provides a brief overview of User &amp; Entity Analytics (UEBA) in MCAS.</TD> </TR> <TR> <TD width="50%"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Discover and Manage Risky OAuth applications</A></TD> <TD width="50%">In this video, we explore how MCAS can help you identify when users authorized OAuth apps, detect risky apps, and evoke access to risky apps.</TD> </TR> <TR> <TD width="50%"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">How to investigate anomaly detection alerts</A>&nbsp; <FONT color="#800080"><STRONG><EM><FONT size="2">&nbsp;[New!]</FONT></EM></STRONG></FONT></TD> <TD width="50%">This article provides general information on alerts that are detected by MCAS, and practical guidance on what needs to be done for alert investigation and remediation.</TD> </TR> <TR> <TD width="50%"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Manage OAuth apps - Working with the OAuth app page</A>&nbsp;<FONT color="#800080"><STRONG><EM><FONT size="2">[New!]</FONT></EM></STRONG></FONT></TD> <TD width="50%">This article provides instructions on using MCAS to manage OAuth applications.&nbsp;</TD> </TR> </TBODY> </TABLE> <H2 class="lia-message-body-wrapper lia-component-message-view-widget-body"><A title="MCAS Fundamentals Knowledge Check" href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="CTang885_1-1631773341527.png" style="width: 94px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310743i07EE7B080B224DAC/image-dimensions/94x106?v=v2" width="94" height="106" role="button" title="CTang885_1-1631773341527.png" alt="CTang885_1-1631773341527.png" /></span></A>&nbsp;<STRONG><FONT size="6"><A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener"><FONT style="font-family: inherit;"><SPAN style="color: inherit; font-family: inherit; font-size: 18px;">Knowledge Check - MCAS Fundamentals&nbsp;</SPAN></FONT></A></FONT><SPAN style="color: inherit; font-family: inherit;"><FONT size="6">&nbsp;</FONT>&nbsp;</SPAN></STRONG></H2> <H3 class="lia-message-body-wrapper lia-component-message-view-widget-body">&nbsp;</H3> <H2 data-unlink="true">&nbsp;</H2> <P>&nbsp;</P> <H2 id="toc-hId--521362834" data-unlink="true"><STRONG>Microsoft Cloud App Security - Intermediate [Associate Level]</STRONG></H2> <P>&nbsp;</P> <H3><STRONG>Module 1. Intermediate Level Overview</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD height="236px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener"> Introduction to MCAS Intermediate Level Training</A></TD> <TD height="236px">This video provides a summary of what contents will be covered in the Intermediate (Associate level) training</TD> </TR> <TR> <TD width="50%" height="236px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Microsoft Cloud App Security: Overview</A></TD> <TD width="50%" height="236px">This is an overview video that discusses the different pillars and configuration steps for MCAS with demo.</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/secure-access-for-applications-with-microsoft-cloud-app-security/ba-p/2157495" target="_blank" rel="noopener"> Secure Access for applications with Microsoft Cloud App Security&nbsp;</A> <FONT color="#800080"><STRONG><EM>[New!]</EM></STRONG></FONT></TD> <TD width="50%" height="56px">This article walks through how to secure access for applications with MCAS.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 2. Cloud Discovery</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631834559565.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310901i124DDE2742CC7C6E/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631834559565.png" alt="CTang885_0-1631834559565.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Cloud Discovery Interactive Guide</A></TD> <TD width="50%" height="56px">This interactive guide walks through discovering, protecting, and controlling your apps.</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Cloud Discovery Policies</A></TD> <TD width="50%" height="56px">This article goes over on what are the cloud discovery policies within your MCAS environment.</TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">How to exclude&nbsp;&nbsp;entities from discovery data</A>&nbsp;&nbsp;<FONT size="2" style="font-family: inherit; background-color: transparent;" color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT></TD> <TD width="50%" height="83px">This article provides you with instructions on excluding certain entities' data from being part of the Cloud Discovery data for reporting.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">MCAS and MDE integration</A></TD> <TD width="50%" height="29px">This article walks through the process of integrating MDE (formerly MDATP) and MCAS and how simple the integration is - without requiring an extra agent or proxy.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631683617982.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310489i016B8CE51018C6CD/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631683617982.png" alt="CTang885_2-1631683617982.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">How to design and deploy a Log Collector for MCAS&nbsp;</A> &nbsp;</TD> <TD width="50%" height="29px">This video details the MCAS cloud discovery pillar and how to deploy a log collector.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Integrate with Zscaler</A></TD> <TD width="50%" height="29px">If you work with both Cloud App Security and Zscaler, you can integrate the two products to enhance your security Cloud Discovery experience.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Integrate with iboss</A></TD> <TD width="50%" height="29px">If you work with both Cloud App Security and iboss, you can integrate the two products to enhance your security Cloud Discovery experience.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Integrate with Corrata</A></TD> <TD width="50%" height="29px">If you work with both Cloud App Security and Corrata, you can integrate the two products to enhance your security Cloud Discovery experience.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Integrate with Menlo</A></TD> <TD width="50%" height="29px">&nbsp;If you work with both Cloud App Security and Menlo, you can integrate the two products to enhance your security Cloud Discovery experience.&nbsp;</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3>&nbsp;<STRONG>Module 3.&nbsp;Information Protection and Real-Time&nbsp; Controls</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="30px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="30px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631743524020.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310699i29A95A9BE16E6D94/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631743524020.png" alt="CTang885_0-1631743524020.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Set up Document Fingerprinting in MCAS</A></TD> <TD width="50%" height="235px">In this video, we walk through how to configure a file policy to detect document fingerprinting in your file repositories using MCAS.</TD> </TR> <TR> <TD width="50%" height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Document fingerprinting in Microsoft 365 Compliance</A></TD> <TD width="50%" height="235px">In this video, we walk through how to set up policies to detect document fingerprinting using Microsoft 365.</TD> </TR> <TR> <TD width="50%" height="435px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_5-1631683617963.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310492i241B86E53ED8898F/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_5-1631683617963.png" alt="CTang885_5-1631683617963.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631743975895.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310701i53582AC43633EA6A/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631743975895.png" alt="CTang885_2-1631743975895.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener"><SPAN style="font-family: inherit; background-color: transparent;">Protect and Control Information with MCAS</SPAN></A></TD> <TD width="50%" height="435px">In this interactive guide, we walk through common scenarios where you can control your information with MCAS.</TD> </TR> <TR> <TD width="50%" height="205px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/secure-your-github-deployment-using-microsoft-cloud-app-security/ba-p/1882423" target="_blank" rel="noopener">Secure and Connect GitHub</A></TD> <TD width="50%" height="205px">This blog walks through how to secure and connect your GitHub instance in MCAS.</TD> </TR> <TR> <TD width="50%" height="205px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Protecting GitHub</A></TD> <TD width="50%" height="205px">This video walks through how to protect your GitHub instance using MCAS.</TD> </TR> <TR> <TD width="50%" height="205px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/protect-your-box-environment-and-data-using-microsoft-cloud-app/ba-p/2080226" target="_blank" rel="noopener">Secure and Connect Box</A></TD> <TD width="50%" height="205px">This blog walks through how to secure and connect your Box instance in MCAS.</TD> </TR> <TR> <TD width="50%" height="205px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Protecting Box</A></TD> <TD width="50%" height="205px">This video walks through how to protect your data in Box using MCAS.</TD> </TR> <TR> <TD width="50%" height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/protect-your-slack-environment-using-microsoft-cloud-app/ba-p/2595474" target="_blank" rel="noopener">&nbsp;Protect your Slack environment using Microsoft Cloud App Security</A>&nbsp;&nbsp;<STRONG><EM><FONT color="#800080">[New!]</FONT></EM></STRONG></TD> <TD width="50%" height="235px">This blog walks through how to protect your Slack environment using MCAS.</TD> </TR> <TR> <TD width="50%" height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">How Cloud App Security helps protect your Slack Enterprise</A><STRONG><EM><FONT color="#800080">&nbsp;[New!}</FONT></EM></STRONG></TD> <TD width="50%" height="235px">This article goes over the capabilities in MCAS that can protect the Slack Enterprise environment.&nbsp;</TD> </TR> <TR> <TD height="235px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/protect-your-aws-environment-using-microsoft-cloud-app-security/ba-p/2150380" target="_blank" rel="noopener">Protect your AWS environment using Microsoft Cloud App Security</A>&nbsp;<FONT color="#800080"><EM><STRONG>[New!}</STRONG></EM></FONT>&nbsp;&nbsp;</TD> <TD height="235px">This blog walks through how to secure and connect your AWS instance in MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect AWS for security auditing in MCAS</A></TD> <TD height="56px">This video walks through how to connect to AWS for security auditing in MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect AWS for security configuration in MCAS</A></TD> <TD height="56px">This video walks through how to connect to AWS for security configuration in MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/medium?v=v2&amp;px=400" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect AWS for laaS protection in MCAS</A></TD> <TD height="56px">This video walks through how to connect to AWS for laaS protection in MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">How Cloud App Security helps protect your oneLogin (Preview)&nbsp;</A>&nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT>&nbsp;</TD> <TD height="56px">This article provides information on how MCAS protects the One Login environment.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">How Cloud App Security helps protect your Zendesk (Preview)</A>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</TD> <TD height="56px">This article provides information on how MCAS protects the Zendesk environment.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Connect ServiceNow to Microsoft Cloud App Security (Preview)</A>&nbsp;&nbsp;&nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT>&nbsp;</TD> <TD height="56px">This article steps through how to connect MCAS to your existing ServiceNow account using the application's API.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span>&nbsp;&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Protecting Storage Apps and Malware Detection</A></TD> <TD height="56px">This video shows you how MCAS can help you protect your cloud storage apps and ensure that they are not infected with malware.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Malware detection in MCAS</A></TD> <TD height="29px">This article explains how malware detection work in MCAS.</TD> </TR> <TR> <TD height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631743558581.png" style="width: 0px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310700i3F5BAA996E6DB6F5/image-size/small?v=v2&amp;px=200" width="0" height="0" role="button" title="CTang885_1-1631743558581.png" alt="CTang885_1-1631743558581.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Configuring a read-only mode for external users</A></TD> <TD height="83px">This video walks you through one of the many use-cases focused on external users using Conditional Access App Control - our reverse proxy solution.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Block unauthorized browsers from accessing corporate web apps</A></TD> <TD height="56px">This video detailing the policy configuration required to block unauthorized browsers from accessing corporate web applications.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Using Admin Quarantine to investigate files</A></TD> <TD height="56px">This article is a tutorial that walks through how to use admin quarantine to protect your files.&nbsp;</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Automatically apply labels to your sensitive files</A></TD> <TD height="56px">This article is a tutorial that walks through applying labels to a sensitive file.&nbsp;</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Information Protection Policies</A></TD> <TD height="56px">This article walks you through how to create information protection policies in MCAS.&nbsp;</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/mcas-data-protection-blog-series-do-i-use-mcas-or-mip/ba-p/2011039" target="_blank" rel="noopener">MCAS or MIP?</A></TD> <TD height="56px">This blog walks you through some of the top use cases and questions asked regarding when to use MCAS vs when to use MIP.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">AWS with AAD and MCAS</A></TD> <TD height="56px">In this video, we walk through the architecture used to configure AWS with AAD and use MCAS to apply additional protections.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mcas-how-to-protect-aws-admins-and-developers/ba-p/1995938" target="_blank" rel="noopener">MCAS:&nbsp; How to protect AWS admins and Developers</A></TD> <TD height="56px">This blog shows you how to use MCAS to protect AWS Admins and Developers.&nbsp;</TD> </TR> <TR> <TD height="74px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Azure Information Protection integration - How to integrate Azure information Protection with Cloud Apps Security</A>&nbsp;&nbsp;<EM><STRONG><FONT color="#800080">[New!]</FONT></STRONG></EM></TD> <TD height="74px">This article steps through how to integrate Azure information Protection with MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">Recommended Microsoft Cloud App Security policies for SaaS apps - Microsoft 365 Enterprise - Office 365</A>&nbsp;&nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT>&nbsp; &nbsp; &nbsp;&nbsp;</TD> <TD height="56px">This article provides the recommended MCAS policies to use for SaaS applications.&nbsp;</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631688701356.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310504i0B7E984E60691F62/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631688701356.png" alt="CTang885_2-1631688701356.png" /></span>&nbsp;&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/mcas-data-protection-blog-series-mcas-dlp-walk-through/ba-p/2169900" target="_blank" rel="noopener">MCAS Data Protection Blog Series: MCAS DLP Walk-through</A>&nbsp;&nbsp;<STRONG><EM><FONT color="#800080">[New!]&nbsp;</FONT></EM></STRONG>&nbsp;&nbsp;</TD> <TD height="56px">This blog walks through how to configure DLP policies using MCAS.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631751626423.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310713i08C7C8D163D2F5C2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631751626423.png" alt="CTang885_1-1631751626423.png" /></span>&nbsp;&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mcas-top-5-queries-you-need-to-save/ba-p/2274518" target="_self">MCAS:&nbsp; Top 5 Queries you need to save</A> &nbsp;<STRONG><EM><FONT color="#800080">[New!]&nbsp;</FONT></EM></STRONG>&nbsp;&nbsp;</TD> <TD height="56px">This blog shares our top five custom queries to save for the five use cases.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 4.&nbsp;Threat Detection</STRONG></H3> <TABLE style="height: 382px; width: 100%;" border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"> <P><STRONG>Training Title</STRONG></P> </TD> <TD width="50%" height="29px"> <P>&nbsp;<STRONG>Description</STRONG></P> </TD> </TR> <TR> <TD width="50%" height="29px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener"> Threat Detection Policies</A></P> </TD> <TD width="50%" height="29px"> <P>This article shows you how to create threat protection policies within your MCAS environment.&nbsp;</P> </TD> </TR> <TR> <TD width="50%" height="29px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">How Microsoft Defender for identity integrates with MCAS</A></P> </TD> <TD width="50%" height="29px">This article is designed to help you understand and navigate the enhanced investigation experience in MCAS and MDL&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener"> Microsoft Defender for Identity Overview</A></P> </TD> <TD width="50%" height="29px">This video provides an overview of MDI capability&nbsp;</TD> </TR> <TR> <TD height="202px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp; <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-ninja-training/ba-p/2117904" target="_blank" rel="noopener">Microsoft Defender for Identity Ninja Training</A></TD> <TD height="202px">&nbsp;This blog provides information on where you learn more about Microsoft Defender for Identity</TD> </TR> <TR> <TD width="50%" height="29px"> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631834559565.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310901i124DDE2742CC7C6E/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631834559565.png" alt="CTang885_0-1631834559565.png" /></span>&nbsp;&nbsp;<A href="#" target="_blank" rel="noopener">Detect Threats and Microsoft Alerts</A></P> </TD> <TD width="50%" height="29px">This interactive guide shows you the steps on how to manage threats in MCAS.</TD> </TR> <TR> <TD width="50%" height="29px"> <P><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span></STRONG>&nbsp; <A href="#" target="_blank" rel="noopener">Microsoft 365 Defender - Hunting with Microsoft Cloud App Security data</A>&nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT>&nbsp;</P> </TD> <TD width="50%" height="29px">This video steps you through how to use the advanced hunting capability to investigate incidence using MCAS.&nbsp;</TD> </TR> </TBODY> </TABLE> <H2 class="lia-message-body-wrapper lia-component-message-view-widget-body"><A title="MCAS Intermediate Knowledge Check" href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="CTang885_1-1631773341527.png" style="width: 102px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310743i07EE7B080B224DAC/image-dimensions/102x115?v=v2" width="102" height="115" role="button" title="CTang885_1-1631773341527.png" alt="CTang885_1-1631773341527.png" /></span></A><STRONG><FONT size="6"><A style="font-family: inherit; background-color: #ffffff;" href="#" target="_blank" rel="noopener"><FONT style="font-family: inherit;"><SPAN style="color: inherit; font-family: inherit; font-size: 18px;">Knowledge Check - MCAS Intermediate</SPAN></FONT></A></FONT></STRONG><STRONG style="color: inherit; font-family: inherit;"><SPAN style="color: inherit; font-family: inherit;"><FONT size="6">&nbsp;</FONT></SPAN></STRONG></H2> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">&nbsp;</P> <H2 id="toc-hId--521362834" data-unlink="true"><STRONG>Microsoft Cloud App Security - Advanced [Expert Level]</STRONG></H2> <P>&nbsp;</P> <H3 class="lia-message-body-wrapper lia-component-message-view-widget-body"><STRONG>Module 1. Advanced Level Overview</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="56px">&nbsp;<STRONG style="font-family: inherit; background-color: transparent;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;</STRONG><A style="font-family: inherit;" href="#" target="_blank" rel="noopener">Introduction to MCAS Advanced Level Training</A></TD> <TD width="50%" height="56px">This video provides a summary of what contents will be covered in the Advanced (Expert level) training.</TD> </TR> <TR> <TD height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp; <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/auto-triage-infrequent-country-alerts-using-mcas-amp-power/ba-p/1644980" target="_blank" rel="noopener">Power Automate Blog Series:</A>&nbsp; <P><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/auto-triage-infrequent-country-alerts-using-mcas-amp-power/ba-p/1644980" target="_blank" rel="noopener"><SPAN>Auto-Triage Infrequent Country Alerts using MCAS &amp; Power Automate</SPAN></A></P> </TD> <TD height="83px">This blog is part of the Power Automate Blog Series.&nbsp; This blog walks through how to auto-triage country alerts using MCAS and Power Automate.</TD> </TR> <TR> <TD width="50%" height="83px"><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;</STRONG><A href="#" target="_blank" rel="noopener">Triage Infrequent County Alerts using Power Automate and MCAS.</A></TD> <TD width="50%" height="83px">This video walks through creating a new Power Automate Flow to automate the triage of infrequent Country alerts in MCAS (Threat Protection Pillar).</TD> </TR> <TR> <TD height="56px"><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;</STRONG><A href="#" target="_blank" rel="noopener">Request user validation to reduce your SOC workloads</A></TD> <TD height="56px">This video walks through how to use Power Automate Flow to request user validation for file sharing (Data Protection Pillar).</TD> </TR> <TR> <TD height="56px"><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;<A href="#" target="_blank" rel="noopener">&nbsp;</A></STRONG><A href="#" target="_blank" rel="noopener">Request for Manager Action using Power Automate &amp; MCAS</A></TD> <TD height="56px">In this video,&nbsp; we walk through how to use Power Automate Flow to request manager validation for their team.</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/request-for-manager-action-using-mcas-amp-power-automate/ba-p/1694628" target="_blank" rel="noopener"> Request for Manager Action : Step-by-step guidance</A></TD> <TD height="56px">This blog outlines the steps and guidance on using Power Automate Flow to request manager validation for their team.</TD> </TR> <TR> <TD height="29px"><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;</STRONG><A href="#" target="_blank" rel="noopener">Auto-disable malicious inbox rules using MCAS &amp; Power Automate</A></TD> <TD height="29px">This video walks you through a new Power Automate Flow on how to remove malicious inbox rules detected in your cloud environment.&nbsp;</TD> </TR> </TBODY> </TABLE> <P data-unlink="true">&nbsp;</P> <H3 class="MessageSubject"><STRONG>Module 2. Non-Microsoft Party IdP configuration</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">PingOne</A></TD> <TD width="50%" height="56px">This article walks you through integrating PingOne with MCAS for Conditional Access App Control using Salesforce as an example.</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">ADFS</A></TD> <TD width="50%" height="56px">This article walks you through integrating ADFS with MCAS for Conditional Access App Control using Salesforce as an example.</TD> </TR> <TR> <TD width="50%" height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Okta</A></TD> <TD width="50%" height="56px">This article walks you through integrating Okta with MCAS for Conditional Access App Control using Salesforce as an example.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 3. Conditional Access App Control Steps for non-Microsoft SAAS applications</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp; <A title="Workplace for Facebook" href="#" target="_blank" rel="noopener"><STRONG>Workplace for Facebook:</STRONG> Block/Apply DLP downloaded files in Workplace from Facebook with Microsoft Cloud App Security(CASB)</A></TD> <TD width="50%" height="29px">This video steps through how to use Conditional Access App Control in MCAS for Workplace for Facebook.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener"><STRONG>Box</STRONG></A></TD> <TD width="50%" height="29px">This video steps through how to use Conditional Access App Control in MCAS for Box.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp; <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mcas-data-protection-blog-series-box-real-time-protections/ba-p/1943256" target="_blank" rel="noopener">MCAS Data Protection Blog Series: Box Real-Time Protections</A></TD> <TD width="50%" height="29px">This blog provides additional guidance on real-time protection for Box.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;<A title="Slack: Block chats with sensitive data using MCAS" href="#" target="_blank" rel="noopener"><STRONG> Slack:&nbsp;</STRONG>Block chats with sensitive data using Microsoft Cloud App Security</A></TD> <TD height="29px">This video steps through how to block chats with sensitive data using Conditional Access APP Control in MCAS.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 4. SIEM integration</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO3873657" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO3873657" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO3873657">Connect Azure Sentinel</SPAN></SPAN></A></TD> <TD width="50%" height="29px">This video details how to connect Azure Sentinel (Microsoft's SIEM + SOAR product) to MCAS.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO162441285" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO162441285" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO162441285">Azure Sentinel Entities Enrichment (Users)</SPAN></SPAN></A></TD> <TD width="50%" height="29px">This video looks at how you can use the provided playbooks to enrich your impacted user profiles, and then consume it in Sentinel, ServiceNow, or Postman.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO103806654" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO103806654" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO103806654">Microsoft CAS Infrequent Country triage with Azure Sentinel and Logic Apps</SPAN></SPAN></A></TD> <TD width="50%" height="29px">This video walks you through the deployment of a playbook to use to triage your Azure Sentinel incidents.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO25894092" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO25894092" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO25894092">Connect a 3</SPAN></SPAN><SPAN class="TextRun BCX8 SCXO25894092" data-contrast="auto"><SPAN class="NormalTextRun Superscript BCX8 SCXO25894092" data-fontsize="11">rd</SPAN></SPAN><SPAN class="TextRun BCX8 SCXO25894092" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO25894092"> Party SIEM</SPAN></SPAN></A></TD> <TD height="29px">This video details how to connect to third-party SIEM to MCAS.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 5. Advanced Scenarios and Guidance</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="29px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="29px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO10434486" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO10434486" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO10434486">Indicators of Compromise</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO10434486" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO10434486"> </SPAN></SPAN></TD> <TD width="50%" height="29px">This video walks you through how to create custom Indicators of Compromise in MCAS.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO255863213" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO255863213" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO255863213">MCAS and Microsoft Threat Protection</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO255863213" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO255863213"> </SPAN></SPAN></TD> <TD width="50%" height="29px">This video guides you on how Microsoft is unifying our threat products.</TD> </TR> <TR> <TD width="50%" height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631748312424.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310711iE364068BD02426E2/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631748312424.png" alt="CTang885_0-1631748312424.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO61351158" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO61351158" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO61351158">Block Apps/Sites on iOS (Defender for Endpoint + MCAS)</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO61351158" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO61351158"> </SPAN></SPAN></TD> <TD width="50%" height="29px">This video walks through blocking apps and sites on iOS, suing Defender for iOS, and using custom indicators of compromise from Microsoft Cloud App Security and Defender for Endpoint integration.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO207804717" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO207804717" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO207804717">MCAS API Documentation</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO207804717" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO207804717"> </SPAN></SPAN></TD> <TD height="29px">This article describes how to interact with Cloud App Security over HTTPS.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO198177211" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO198177211" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO198177211">Configuring a Log Collector behind a Proxy</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO198177211" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO198177211"> </SPAN></SPAN></TD> <TD height="29px">This article provides more information on configurations to ensure your log collector works when behind a proxy.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_2-1631743975895.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310701i53582AC43633EA6A/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_2-1631743975895.png" alt="CTang885_2-1631743975895.png" /></span>&nbsp;&nbsp;<A class="Hyperlink BCX8 SCXO101615280" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO101615280" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO101615280">Automate MCAS Alerts with Power Automate</SPAN></SPAN></A></TD> <TD height="29px">This interactive guide walks through the steps needed to automate alert management using Power Automate</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp;<A class="Hyperlink SCXO200798987 BCX8" href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-365-defender/microsoft-cloud-app-security-the-hunt-in-a-multi-stage-incident/ba-p/2193484" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO200798987 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO200798987 BCX8">Microsoft Cloud App Security:&nbsp; The Hunt in a multi-stage incident</SPAN></SPAN></A>&nbsp;<FONT color="#800080"><EM><STRONG>[New!]&nbsp;</STRONG></EM></FONT></TD> <TD height="56px">This blog explains how to use Microsoft 365 Defender to address common alerts from MCAS to determine the threats' scope and impact.&nbsp;</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A class="Hyperlink SCXO68234344 BCX8" href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-365-defender/microsoft-cloud-app-security-the-hunt-for-insider-risk/ba-p/2346242" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO68234344 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO68234344 BCX8">Microsoft Cloud App Security:&nbsp; The Hunt for Insider Risk&nbsp;</SPAN></SPAN></A>&nbsp; &nbsp;<FONT color="#800080"><EM><STRONG>[New!]&nbsp;&nbsp;</STRONG></EM></FONT></TD> <TD height="29px">This blog outlines the use cases for using Microsoft 365 Defender to determine the "Insider Risk" alerts from MCAS.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A class="Hyperlink SCXO19641217 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO19641217 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO19641217 BCX8">Proactively hunt for threats with advanced hunting in Microsoft 365 Defender&nbsp;</SPAN></SPAN></A><FONT color="#800080"><EM><STRONG>[New!]&nbsp;</STRONG></EM></FONT>&nbsp; &nbsp; &nbsp;</TD> <TD height="29px">This article shows how to proactively hunt for threats using the Advance Hunting Tool in Microsoft 365 Defender.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp;&nbsp;<A class="Hyperlink SCXO255304814 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Highlight SCXO255304814 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO255304814 BCX8">GitHub - Microsoft/Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender</SPAN></SPAN></A> &nbsp; &nbsp;<FONT color="#800080"><EM><STRONG>[New!]&nbsp;</STRONG></EM></FONT>&nbsp;&nbsp;</TD> <TD height="29px">This blog provides a list of sample queries for Advance Hunting using Microsoft 365 Defender.</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Module 6.&nbsp; Additional Blogs and Information</STRONG></H3> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="50%" height="30px"><STRONG>Training Title</STRONG></TD> <TD width="50%" height="30px"><STRONG>Description</STRONG></TD> </TR> <TR> <TD width="50%" height="109px"> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp;&nbsp;</SPAN><A style="font-family: inherit;" href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/securing-administrative-access-to-microsoft-cloud-app-security/ba-p/1754139" target="_blank" rel="noopener"><SPAN data-contrast="auto">Securing Administrative Access to Microsoft Cloud App Security and Defender for Identities</SPAN></A><SPAN style="font-family: inherit; background-color: transparent;" data-contrast="none"> </SPAN></P> </TD> <TD width="50%" height="109px">This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Cloud App Security (MCAS) and Defender for Identity (Formerly Azure ATP)</TD> </TR> <TR> <TD width="50%" height="83px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp;&nbsp;<A class="Hyperlink SCXO77788109 BCX8" href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/security-admins-mcas-and-block/ba-p/1777167#:~:text=As%20you%20may%20know%2C%20access%20to%20MCAS%20can,on%20overall%20MCAS%20RBAC%2C%20check%20out%20our%20documentation%21" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO77788109 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO77788109 BCX8">Limiting Inherited Roles from Azure Active Directory in MCAS</SPAN></SPAN></A><SPAN class="TextRun SCXO77788109 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO77788109 BCX8"> </SPAN></SPAN></TD> <TD width="50%" height="83px">This blog goes over a customer scenario for MCAS and the steps that can be taken to meet their requirements on limiting inherited AAD roles' accesses in MCAS.&nbsp;</TD> </TR> <TR> <TD width="50%" height="29px"><FONT size="3">⤴&nbsp; &nbsp;<A href="#" target="_blank" rel="noopener">MCAS Learning Path</A></FONT></TD> <TD width="50%" height="29px">Check out these learning paths for MCAS</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Lifecycle management strategy | Microsoft Docs</A></TD> <TD height="56px">This blog provides information on Cloud App Security Lifecycle Management</TD> </TR> <TR> <TD height="56px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_1-1631836383855.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310908i4BA450DD40848E76/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_1-1631836383855.png" alt="CTang885_1-1631836383855.png" /></span>&nbsp; <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/bypass-blocking-pdf-previews-in-owa/ba-p/2194205" target="_blank" rel="noopener">Bypass Blocking PDF Preview in OWA</A>&nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT></TD> <TD height="56px">This blogs walks through use cases on using the "Real-Time Control" in MCAS to bypass blocking PDF previews in OWA.</TD> </TR> <TR> <TD height="29px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CTang885_0-1631725316135.png" style="width: 200px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310625i91572D49BDA0DE80/image-size/small?v=v2&amp;px=200" role="button" title="CTang885_0-1631725316135.png" alt="CTang885_0-1631725316135.png" /></span>&nbsp; <A href="#" target="_blank" rel="noopener">Tutorial:&nbsp; Require step-up authentication (authentication context) upon risky actions&nbsp;</A> &nbsp;<FONT color="#800080"><EM><STRONG>[New!]</STRONG></EM></FONT></TD> <TD height="29px">In this tutorial, we will show you how to protect your organization by requiring Azure AD Conditional Policies to be accessed during sensitive session actions using MCAS's Conditional Access Control.</TD> </TR> </TBODY> </TABLE> <P data-unlink="true">&nbsp;</P> <H2 class="lia-message-body-wrapper lia-component-message-view-widget-body"><A title="MCAS Advanced Knowledge Check" href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="CTang885_1-1631773341527.png" style="width: 102px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310743i07EE7B080B224DAC/image-dimensions/102x115?v=v2" width="102" height="115" role="button" title="CTang885_1-1631773341527.png" alt="CTang885_1-1631773341527.png" /></span></A>&nbsp;<A title="MCAS Advanced Level Knowledge Check" href="#" target="_blank" rel="noopener"><STRONG><FONT size="6"><FONT style="font-family: inherit;"><SPAN style="color: inherit; font-family: inherit; font-size: 18px;">Knowledge Check - MCAS Advanced</SPAN></FONT></FONT></STRONG></A></H2> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">Once you've finished the training and the knowledge checks, please go to our attestation portal to generate your certificate -&nbsp; you'll see it in your inbox within 3 to 5 business days (<FONT color="#0000FF"><A href="#" target="_blank" rel="noopener"><STRONG>Click Here</STRONG></A></FONT>).&nbsp;&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true">We have a great lineup of updates for the next rendition (next quarter).&nbsp; If you'd like anything covered, please comment below.&nbsp; In addition, please reach out to us if you have any content that you would like to include as well.&nbsp;</P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true"><FONT size="6"><EM><FONT color="#800080"><SPAN class="TextRun SCXO150082722 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO150082722 BCX8">We hope you all enjoy this training!</SPAN></SPAN><SPAN class="EOP SCXO150082722 BCX8">&nbsp;</SPAN></FONT></EM></FONT></P> <P data-unlink="true">&nbsp;</P> <P data-unlink="true"><FONT size="5" color="#000000">Feedback</FONT></P> <P>Let us know if you have any feedback or relevant use cases/requirements for this portion of Cloud App Security by emailing,&nbsp;<A class="Hyperlink BCX8 SCXO46985034" href="https://gorovian.000webhostapp.com/?exam=mailto:casfeedback@microsoft.com" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun BCX8 SCXO46985034" data-contrast="auto"><SPAN class="NormalTextRun BCX8 SCXO46985034">CASFeedback@microsoft.com</SPAN></SPAN></A><SPAN class="TextRun BCX8 SCXO46985034" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXO46985034"> and mention the core area of concern.</SPAN></SPAN></P> <P>&nbsp;</P> <P><FONT size="5" color="#000000">Learn More</FONT></P> <P><SPAN data-contrast="none">For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below: </SPAN><SPAN>&nbsp;</SPAN></P> <TABLE> <TBODY> <TR> <TD> <P><SPAN data-contrast="none">Join the conversation on </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Tech Community</SPAN></A><SPAN data-contrast="none">.  </SPAN><SPAN>&nbsp;</SPAN></P> <P data-unlink="true"><SPAN data-contrast="none">Stay up to date—subscribe to our &nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-cloud-app-security-mcas-ninja-training-september-2021/ba-p/2751518" target="_self">blog</A></SPAN><SPAN data-contrast="none">. </SPAN><SPAN>&nbsp;</SPAN>&nbsp;</P> </TD> <TD> <P><SPAN data-contrast="none">Upload a log file from your network firewall or enable logging via&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Microsoft Defender for Endpoint</SPAN></A>&nbsp;<SPAN data-contrast="none">to</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">&nbsp;discover Shadow IT&nbsp;</SPAN></A><SPAN data-contrast="none">in your network. </SPAN><SPAN>&nbsp;</SPAN></P> </TD> </TR> <TR> <TD> <P><SPAN data-contrast="none">Learn more—download </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Top 20 use cases for CASB</SPAN></A><SPAN data-contrast="none">. </SPAN><SPAN>&nbsp;</SPAN></P> </TD> <TD> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Connect your cloud apps&nbsp;</SPAN></A><SPAN data-contrast="none">to detect suspicious user activity and exposed sensitive data. </SPAN><SPAN>&nbsp;</SPAN></P> </TD> </TR> <TR> <TD> <P><SPAN data-contrast="none">Search documentation on&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Microsoft Cloud App Security</SPAN></A><SPAN data-contrast="none">.  </SPAN><SPAN>&nbsp;</SPAN></P> </TD> <TD> <P><SPAN data-contrast="none">Enable out-of-the-box</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">&nbsp;anomaly detection policies</SPAN></A>&nbsp;<SPAN data-contrast="none">and start detecting cloud threats in your environment. </SPAN><SPAN>&nbsp;</SPAN></P> </TD> </TR> <TR> <TD> <P><SPAN data-contrast="none">Understand your </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">licensing options</SPAN></A><SPAN data-contrast="none"> .  </SPAN><SPAN>&nbsp;</SPAN></P> </TD> <TD> <P><SPAN data-contrast="none">Continue with more advanced use cases across&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">information protection</SPAN></A><SPAN data-contrast="none">, compliance, and more. </SPAN><SPAN>&nbsp;</SPAN></P> </TD> </TR> <TR> <TD> <P><SPAN data-contrast="none">Follow the </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Microsoft Cloud App Security Ninja blog</SPAN></A><SPAN data-contrast="none"> and learn about </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Ninja Training</SPAN></A><SPAN data-contrast="none">.  </SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Go deeper with these interactive guides: </SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN data-contrast="none">·         </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Discover and manage cloud app usage</SPAN></A><SPAN data-contrast="none"> with Microsoft Cloud App Security </SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN data-contrast="none">·         </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Protect and control information</SPAN></A><SPAN data-contrast="none"> with Microsoft Cloud App Security </SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN data-contrast="none">·         </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Detect threats and manage alerts</SPAN></A><SPAN data-contrast="none"> with Microsoft Cloud App Security </SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN data-contrast="none">·         </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="auto">Automate alerts management with Microsoft Power Automate</SPAN></A><SPAN data-contrast="none"> and Cloud App Security  </SPAN><SPAN>&nbsp;</SPAN></P> </TD> <TD> <P><SPAN>&nbsp;</SPAN></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><SPAN class="TextRun SCXO5756954 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO5756954 BCX8">To experience the benefits of full-featured CASB, sign up for a &nbsp;</SPAN></SPAN><A class="Hyperlink SCXO5756954 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO5756954 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO5756954 BCX8">free trial—Microsoft Cloud App Security</SPAN></SPAN></A><SPAN class="TextRun SCXO5756954 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO5756954 BCX8">.</SPAN></SPAN><SPAN class="TextRun SCXO5756954 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO5756954 BCX8"> </SPAN></SPAN><SPAN class="EOP SCXO5756954 BCX8">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN class="EOP SCXO5756954 BCX8"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO214438589 BCX8">Follow us on LinkedIn as </SPAN></SPAN><A class="Hyperlink SCXO214438589 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO214438589 BCX8">#CloudAppSecurity</SPAN></SPAN></A><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO214438589 BCX8">. To learn more about Microsoft Security solutions, visit our</SPAN></SPAN><A class="Hyperlink SCXO214438589 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO214438589 BCX8">&nbsp;website.&nbsp;</SPAN></SPAN></A><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO214438589 BCX8">Bookmark the&nbsp;</SPAN></SPAN><A class="Hyperlink SCXO214438589 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO214438589 BCX8">Security blog</SPAN></SPAN></A>&nbsp;<SPAN class="TextRun SCXO214438589 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO214438589 BCX8">to keep up with our expert coverage on security matters. Also, follow us at&nbsp;</SPAN></SPAN><A class="Hyperlink SCXO214438589 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO214438589 BCX8">@MSFTSecurity</SPAN></SPAN></A><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXO214438589 BCX8"> on Twitter, and </SPAN></SPAN><A class="Hyperlink SCXO214438589 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun SCXO214438589 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXO214438589 BCX8">Microsoft</SPAN></SPAN></A><SPAN class="EOP SCXO214438589 BCX8">&nbsp;</SPAN></SPAN></P> <P>&nbsp;</P> Mon, 11 Oct 2021 21:26:41 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-cloud-app-security-mcas-ninja-training-september-2021/ba-p/2751518 CTang885 2021-10-11T21:26:41Z The Attack Simulation Training landing page is now customizable https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-attack-simulation-training-landing-page-is-now-customizable/ba-p/2777460 <P><STRONG>The Attack Simulation Training landing page is now customizable </STRONG></P> <P>Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates design and deployment of an integrated security awareness training program across an organization. The landing page, where targeted users are notified that they fell prey to a phishing simulation, is a key learning moment.</P> <P>&nbsp;</P> <P>The previous landing page offered a generic header and body, with limited customization capabilities. We’re pleased to announce the availability of a new landing page experience that allows customers to easily tailor the landing page to suit the requirements of their enterprise and include their own branding<SPAN>.</SPAN></P> <P>&nbsp;</P> <P>The new landing page provides three different options:</P> <P>&nbsp;</P> <OL> <LI><STRONG>Use Microsoft default landing page</STRONG></LI> </OL> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Enables you to choose from Microsoft curated landing pages for a ‘click and go’ experience.</P> <P>&nbsp;</P> <OL start="2"> <LI><STRONG>Use a custom URL</STRONG></LI> </OL> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Enables you to use in-house training assets through URL redirection.</P> <P>&nbsp;</P> <OL start="3"> <LI><STRONG>Create Your own landing page</STRONG></LI> </OL> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Enables you to tailor the landing page to your requirements. For example, include your own branding, messaging, code, and more.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Richa_Sharma_1-1632384818231.png" style="width: 849px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/312334i84BA8C58F3F928E3/image-dimensions/849x280?v=v2" width="849" height="280" role="button" title="Richa_Sharma_1-1632384818231.png" alt="Richa_Sharma_1-1632384818231.png" /></span></P> <P>&nbsp;</P> <P><EM>Figure 1:&nbsp;Landing page type selection view.</EM></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Use Microsoft default Landing Page</STRONG></P> <P>Microsoft has created five beautiful landing pages that cater to the needs of the enterprises who prefer a ‘Click and Go’ experience over creating it from scratch. With this option, you can choose a company logo of your choice and enable/disable the . The indicators are the clues or flags that a user missed to recognize a phishing email. For example, ‘The is not’ highlighted in blue in the phishing email below is an indicator of a grammar mistake made by an attacker. The box on the right is called a coach-mark, which describes the indicator in detail and lets you traverse through the other indicators using the previous or next buttons.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Richa_Sharma_2-1632384818247.png" style="width: 850px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/312336iDB41C35F5D578DF3/image-dimensions/850x1053?v=v2" width="850" height="1053" role="button" title="Richa_Sharma_2-1632384818247.png" alt="Richa_Sharma_2-1632384818247.png" /></span></P> <P>&nbsp;</P> <P><EM>Figure 2:&nbsp;Customized landing page view.</EM></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Use a custom URL</STRONG></P> <P>Custom URL is a great option for enterprises that prefer to use their preferred training solutions. It enables them to redirect the user to a custom URL which is used to host their own landing page. Customers will be responsible for the content of this destination page that the custom URL points to, as well as ensure the uptime of this destination page.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Richa_Sharma_3-1632384818256.png" style="width: 849px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/312335iDA3818F223C6EDD8/image-dimensions/849x280?v=v2" width="849" height="280" role="button" title="Richa_Sharma_3-1632384818256.png" alt="Richa_Sharma_3-1632384818256.png" /></span></P> <P>&nbsp;</P> <P><EM>Figure 3:&nbsp;Custom URL selection view.</EM></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Create your own custom landing page</STRONG></P> <P>Creating a custom landing page is a great option for enterprises who want to create a landing page from scratch using Rich Text Editor. The landing page can be created either by using the text tab (RTE) where the content can be created within the editor, copied from external sources, or by using the code tab to input the html code.</P> <OL> <LI>Dynamic tag: Allows you to choose the username/display name dynamically, to whom the landing page will be displayed.</LI> <LI>Training Link: Allows you to insert the training link to be clicked on that would take the user to the assigned training.</LI> <LI>Use from Default: Allows you to choose Microsoft defaults landing page with predefined formatting and make additional modifications as necessary.</LI> <LI>Company Logohttps://techcommunity.microsoft.com/images: Allows you to paste the image/logos of your choice and insert videos of up to .</LI> <LI>Body: Allows you to create content/text of your choice.</LI> <LI>Tips to Identify the phishing email: It shows the content of the payload chosen with enabled/disabled coach-marks.</LI> <LI>The&nbsp;“code”&nbsp;tab&nbsp;that comes along with the rich text editor can be leveraged for additional sophisticated&nbsp;design requirements using html code. The code can be saved and reused for new simulations.</LI> </OL> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Richa_Sharma_4-1632384818275.png" style="width: 850px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/312337iEE9E36B06E43EDDB/image-dimensions/850x792?v=v2" width="850" height="792" role="button" title="Richa_Sharma_4-1632384818275.png" alt="Richa_Sharma_4-1632384818275.png" /></span></P> <P>&nbsp;</P> <P><EM>Figure 4:&nbsp;View of where you can customize the landing page.</EM></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>We hope you enjoy using a fully customizable training landing page in a simulation. Looking forward to your experience and feedback!</P> <P>&nbsp;</P> <P><STRONG>Want to learn more about Attack Simulation Training? </STRONG></P> <P><A href="#" target="_blank" rel="noopener">Get started</A> with the <A href="#" target="_blank" rel="noopener">available documentation</A> today and check out the blogs for <A href="#" target="_blank" rel="noopener">Setting up a New Phish Simulation Program-Part One and Part Two</A>. In addition to these, you can read more details about <A href="#" target="_blank" rel="noopener">new features in Attack Simulation Training</A>.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 24 Sep 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-attack-simulation-training-landing-page-is-now-customizable/ba-p/2777460 Richa_Sharma 2021-09-24T15:00:00Z Microsoft Defender for Identity - new exclusion settings now in Public Preview https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-new-exclusion-settings-now-in/ba-p/2752111 <P>As part of ongoing efforts to make all experiences and features from Microsoft Defender for Identity available in Microsoft 365 Defender, the product group took the opportunity to not just lift and shift the exclusion configuration page, but to revamp the experience and make some new functionality available for security teams. This announcement confirms that these features are now available in public preview and will be made generally available soon.</P> <P>&nbsp;</P> <P>So first of all, the new home for the exclusion settings can be found in the <STRONG>Settings</STRONG> area of Microsoft 365 Defender, under the&nbsp;<STRONG>Identities</STRONG> section:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Exclusions1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311061i89142D4C3048B229/image-size/large?v=v2&amp;px=999" role="button" title="Exclusions1.png" alt="Exclusions1.png" /></span></P> <P>&nbsp;</P> <H6 class="lia-align-center">Figure 1 - A screenshot of the Microsoft 365 Defender settings screen, highlighting the Identities section</H6> <P>&nbsp;</P> <P>And then you'll see&nbsp;<STRONG>Excluded entities&nbsp;</STRONG>on the left-hand menu:</P> <P>&nbsp;</P> <P class="lia-align-center"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Exclusions2.png" style="width: 783px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311064i4D33B49C763F5B21/image-size/large?v=v2&amp;px=999" role="button" title="Exclusions2.png" alt="Exclusions2.png" /></span></P> <P>&nbsp;</P> <P class="lia-align-center">&nbsp;</P> <H6 class="lia-align-center">Figure 2 - A screenshot of the Microsoft Defender for Identity settings area, with the Excluded entities section highlighted</H6> <P>&nbsp;</P> <P>Under&nbsp;<STRONG>Excluded entities&nbsp;</STRONG>are two separate options. One for&nbsp;<STRONG>Exclusions by detection rule</STRONG> which you will be familiar with if you've played about with exclusions in Defender for Identity before. Any of the current exclusions you have set up in the Defender for Identity portal will automatically be ported across to this area:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Exclusions3.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311078i26B640327EA5C5EC/image-size/large?v=v2&amp;px=999" role="button" title="Exclusions3.png" alt="Exclusions3.png" /></span></P> <P class="lia-align-center">&nbsp;</P> <H6 class="lia-align-center">Figure 3 - An overview of any per-detection exclusions in the excluded entities area</H6> <P>&nbsp;</P> <P>You'll also see <STRONG>Global excluded entities</STRONG>, which is a new feature being introduced as part of this rollout. Global exclusions allow you to define certain entities (IP addresses, subnets, devices, or domains) to be excluded across all of the detections Defender for Identity has. So for example, if you exclude a device, it will only apply to those detections that have device identification as part of the detection.</P> <P>&nbsp;</P> <P>In both of these sections, you'll find a helpful search bar at the top of the screen. This quality of life improvement will help you quickly locate any particular detection that you're looking for.&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Exclusions4.png" style="width: 642px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/311087i994348E51132CED2/image-size/large?v=v2&amp;px=999" role="button" title="Exclusions4.png" alt="Exclusions4.png" /></span></P> <P class="lia-align-center">&nbsp;</P> <H6 class="lia-align-center">Figure 4 - A new search function at the top of each of the exclusion tables</H6> <P>&nbsp;</P> <P>Please check out the features for yourself in Microsoft 365 Defender (security.microsoft.com), and as always, we'd love your feedback on these changes. Please leave a comment here, and we'll strive to get back to you as quickly as possible.&nbsp;</P> <P>&nbsp;</P> Wed, 22 Sep 2021 16:33:26 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-new-exclusion-settings-now-in/ba-p/2752111 Ricky Simpson 2021-09-22T16:33:26Z Announcing Enhanced Malicious OAuth Activity Detection Capabilities in App Governance https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-enhanced-malicious-oauth-activity-detection/ba-p/2757011 <P>App governance is a security and policy management capability that customers can use to monitor and govern app behaviors and quickly identify, alert, and protect from risky app behaviors. App governance is designed for&nbsp;OAuth-enabled apps&nbsp;that access&nbsp;Microsoft 365&nbsp;data via <A href="#" target="_blank" rel="noopener">Microsoft Graph APIs</A>. &nbsp;</P> <P>&nbsp;</P> <P>App governance provides you with:</P> <UL> <LI><STRONG>Deep visibility &amp; insights</STRONG><STRONG>:</STRONG> Get deeper visibility into apps that access Microsoft 365 data and actionable insights on how the app is configured and behaving in the environment.</LI> <LI><STRONG>Policy-driven governance:</STRONG> Proactively define and enforce policies based on application metadata, permissions, and behaviors in accordance with your organization’s security and compliance posture for data access.</LI> <LI><STRONG>Comprehensive detection and remediation:</STRONG> Detect anomalous app behavior with machine-learning models, address issues with automated and manual remediation actions</LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Risks in the App Ecosystem</STRONG></P> <P>With the increase in popularity of global cloud platforms, the number of cloud applications developed by Service Providers, Independent Service Vendors (ISVs), and Citizen developers have been on a steep incline. This growth has, in turn, attracted malicious actors seeking to exploit the platform and its users to gain access to valuable data and resources resulting in an uptick of security incidents involving apps, both in terms of frequency and impact.</P> <P>&nbsp;</P> <P>These incidents span a wide range, including malicious apps engaging in <A href="#" target="_blank" rel="noopener">OAuth consent phishing</A>, as well as apps in good standing that are vulnerable to being exploited by bad actors. With hundreds to thousands of apps in an organization capable of accessing data, administrators find it even more challenging to audit the apps running in their environment and to ensure they are protected from malicious or non-compliant apps.</P> <P>&nbsp;</P> <P>Third-Party OAuth apps can be used for several malicious activities through Graph API, including:</P> <UL> <LI>Targeting user’s outlook to read emails</LI> <LI>Collecting sensitive email information</LI> <LI>Creating outlook inbox rules to obtain persistence on a compromised email account and set action to forward emails to external accounts. This technique is used by adversaries to keep access to compromised email account even post system boot.</LI> <LI>Setting actions in Outlook inbox rules to forward emails to internal accounts for internal phishing to gain access to additional information</LI> <LI>Exploiting other users within the same organization after they already have access to accounts or systems within the environment</LI> <LI>Searching for SharePoint or One Drive resources to mine valuable information.</LI> </UL> <P>&nbsp;</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Detection of anomalous third-party app Graph API with app governance </STRONG></P> <P>App governance has enhanced its existing detection of third-party apps based on anomalous Graph API anomalous third-party app Graph API activities with the introduction of three new detections – email read, email search, and OneDrive or SharePoint Search activities.</P> <P>&nbsp;</P> <P><U><EM>Detection of third-party apps based on anomalous Graph API call to read emails:</EM></U></P> <P><EM>Alert Name</EM>: App with Suspicious OAuth scope made graph calls to read email and create Inbox Rule</P> <P>Graph API activities included in this detection:</P> <UL> <LI>App request for High Privilege scopes(s) and other suspicious scopes at consent time</LI> <LI>Created Outlook inbox rule</LI> <LI>Anomalous Graph API calls to read emails in Microsoft Exchange Workload&nbsp;</LI> </UL> <P>&nbsp;</P> <P><U><EM>Detection of third-party apps based on anomalous Graph API call to search email:</EM></U></P> <P><EM>Alert Name</EM>: App creates inbox rule and made unusual email searches activities</P> <P>Graph API activities included in this detection:</P> <UL> <LI>App request for High Privilege scopes(s) at consent time</LI> <LI>Created Outlook inbox rule</LI> <LI>Anomalous Graph API calls to search Microsoft Exchange Workload&nbsp;&nbsp;</LI> </UL> <P>&nbsp;</P> <P><U><EM>Detection of third-party apps based on anomalous Graph API call to OneDrive or SharePoint:</EM></U></P> <P><EM>Alert Name</EM>: App made OneDrive / SharePoint search activities and created inbox rule</P> <P>Graph API activities included in this detection:</P> <UL> <LI>App request for High Privilege scopes(s) at consent time</LI> <LI>Created Outlook inbox rule</LI> <LI>Anomalous Graph API search of Microsoft OneDrive Workload or Microsoft SharePoint Workload</LI> </UL> <P>&nbsp;</P> <P><STRONG>Deep visibility and insights&nbsp;&nbsp;</STRONG></P> <P>App governance is cloud-based and native to the Microsoft 365 platform, so there’s no need to deploy additional infrastructure or services. This provides a simplified onboarding and management experience that can be quickly deployed in customer environments.</P> <P><EM>&nbsp;</EM></P> <P>App governance provides a deep and intuitive dashboard experience that is familiar to administrators. The tenant summary view provides:</P> <UL> <LI>A high-level summary of the third-party and Line of Business apps in your Microsoft 365 tenant.</LI> <LI>Alerts based on the violation of any pre-configured policy and/or detection of any anomalous app behavior.</LI> <LI>Quick insights into apps that do not use one or more permissions they have been granted (Over permissioned).</LI> <LI>Apps that have powerful permissions that allow data access or a key setting in the tenant (High privileged).</LI> <LI>Apps that do not have a verified publisher (Unverified).</LI> </UL> <P>&nbsp;</P> <P><STRONG>Get Started</STRONG></P> <P>App governance is an add-on feature for Microsoft Cloud App Security and is initially available as a public preview to existing Microsoft Cloud App Security customers in certain regions of North America and Europe with other regions being added gradually the next few months.</P> <UL> <LI>To get started with app governance, visit our <A href="#" target="_blank" rel="noopener">quick start guide</A></LI> <LI>To learn more about app governance, visit our <A href="#" target="_blank" rel="noopener">documentation</A>.</LI> <LI>To sign up for a Q&amp;A session for app governance, visit our <A href="#" target="_blank" rel="noopener">sign up page</A></LI> <LI>To launch the app governance portal in Microsoft 365 Compliance center, go to <A href="#" target="_blank" rel="noopener">https://aka.ms/appgovernance</A></LI> </UL> <P><EM>&nbsp;</EM></P> <P><EM>Additional resources</EM></P> <P>App governance is part of a broad and comprehensive set of capabilities to protect your environment from cloud app-related threats.</P> <UL> <LI>To learn more about Azure Active Directory, Microsoft Cloud App Security, and app governance add-on integration visit our <A href="#" target="_blank" rel="noopener">documentation</A></LI> <LI>For managing user consent and app permissions in Azure AD see <A href="#" target="_blank" rel="noopener">these</A><U> documents</U>.</LI> <LI>For the latest on Microsoft Cloud App Security see this <A href="#" target="_blank" rel="noopener">blog</A> and <A href="#" target="_blank" rel="noopener">explainer animations</A>.</LI> <LI>To explore Microsoft Graph API check out the <A href="#" target="_blank" rel="noopener">developer blog</A> and <A href="#" target="_blank" rel="noopener">changelog</A>.</LI> </UL> <P>&nbsp;</P> <P>Thank you,</P> <P>Microsoft 365 Team</P> Fri, 17 Sep 2021 17:02:16 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-enhanced-malicious-oauth-activity-detection/ba-p/2757011 EricEOuellet 2021-09-17T17:02:16Z Microsoft Continues to Enhance DLP Customer Value with New Capabilities https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-continues-to-enhance-dlp-customer-value-with-new/ba-p/2756801 <P>Microsoft’s unified Data Loss Prevention solution provides a simple and unified approach to protecting sensitive information from risky or inappropriate sharing, transfer, or use.</P> <P>&nbsp;</P> <P>In the past few months, Microsoft has introduced a wide range of new capabilities in General Availability and Public Preview that are designed to provide new ways of protecting data across a wider breadth of use cases and workloads and provide greater visibility into how sensitive content is used, stored and shared. These include:</P> <UL> <LI>Customizable DLP policy violation justifications</LI> <LI>Protect sensitive data when it is shared across Bluetooth</LI> <LI>Protect sensitive data when it is shared across Remote Desktop Protocol (RDP) sessions</LI> <LI>Automatically quarantine sensitive files when they’re accessed by an unallowed app</LI> <LI>Displaying of cloud DLP policy events from Exchange, SharePoint-OneDrive, and Teams in Activity explorer</LI> <LI>Displaying of sensitivity label activity from Office native (Word, Excel, PowerPoint, Outlook) in Activity explorer</LI> <LI>Displaying of sensitive information, sensitivity label, and retention label detection events for files and documents from OneDrive in Activity Explorer</LI> </UL> <P>&nbsp;</P> <P><STRONG>Customizable DLP Policy Violation Justifications – General Availability </STRONG></P> <P>Many organizations offer their users the ability to override certain policy violations when there is a justifiable business need. These can range from a requirement to address a specific situation where the risks are limited:</P> <UL> <LI>For example, copying sensitive files to an encrypted USB for sharing with an authorized partner because the approved process such as an online file sharing service is not available due to a service outage</LI> </UL> <P>To addressing a business need when an alternate process has not been defined or is incorrectly scoped:</P> <UL> <LI>For example, there is a business need to share information with a new partner, but no approved process is in place to support this action and the user has been granted approval on this occasion to override the policy.</LI> </UL> <P>Microsoft supports up to five built-in justifications that can be selected by users when they override a DLP policy:</P> <UL> <LI>This is part of an established business workflow</LI> <LI>My manager has approved this action</LI> <LI>Urgent access required. I’ll notify my manager separately</LI> <LI>The information in these files is not sensitive</LI> <LI>Other</LI> </UL> <P>You can customize and replace the out-of-the-box justifications with your organization’s own text to better define the type and scope override. (See <STRONG>Figure 1: DLP policy blocking override - customizable justification to address business needs</STRONG>)</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 1 - DLP Custom Override Justification.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310808i95C9D229F45C0F2C/image-size/large?v=v2&amp;px=999" role="button" title="Figure 1 - DLP Custom Override Justification.png" alt="Figure 1 - DLP Custom Override Justification.png" /></span></P> <P><STRONG><EM>Figure 1: DLP policy blocking override - customizable justification to address business needs</EM></STRONG></P> <P>&nbsp;</P> <P>In addition to built-in selections, you can also offer users the ability to provide a text field to enter a more contextually descriptive justification for why they are overriding the DLP policy block. This capability can provide organizations with a deeper understanding of why users override a DLP policy and also additional visibility into processes and policies which could benefit from additional refinement, user education, or another review.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Enforcement of DLP Policies for File Sharing Across Bluetooth – General Availability</STRONG></P> <P>Users enjoy the flexibility of tethering their Bluetooth-enabled devices to share data for ubiquitous access anywhere at any time. While there are tangible benefits to Bluetooth tethering, organizations face the risks that sensitive data may be inappropriately shared or stored on unapproved devices.</P> <P>&nbsp;</P> <P>Microsoft Endpoint DLP provides customers the ability to create and enforce DLP policies that regulate the sharing of sensitive data to Bluetooth devices using the same DLP policy creation and management solution they currently use to support DLP across Microsoft’s fully unified DLP offering with the experience their users are already familiar with.</P> <P>&nbsp;</P> <P>DLP controls for Bluetooth include:</P> <UL> <LI><STRONG>Audit mode</STRONG>:&nbsp;Records policy violation events without impacting end-user activity</LI> <LI><STRONG>Block with Override mode</STRONG>:&nbsp;Records and blocks the activity, but allows the user to override when they have a legitimate business need</LI> <LI><STRONG>Block mode</STRONG>:&nbsp;Records and blocks the activity without giving the user the ability to override&nbsp;</LI> </UL> <P>&nbsp;</P> <P><STRONG>Enforcement of DLP Policies for File Sharing Across an RDP session – General Availability</STRONG></P> <P>Customers use Remote Desktop Protocol (RDP) to provide remote users the ability to connect and use a windows desktop located elsewhere via a network connection. Over the past two years, many organizations have increasingly leveraged RDP as a solution to support remote workers.</P> <P>&nbsp;</P> <P>Microsoft Endpoint DLP provides customers the ability to create and enforce DLP policies to regulate the sharing of sensitive data over an RDP session, using the same familiar DLP policy tools and user experience from Microsoft’s fully unified DLP offering.</P> <P>DLP controls for RDP include support for deploying DLP policies in Audit mode, Block with Override mode, and Block mode.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Auto-Quarantine of Sensitive Files Accessed by Unallowed Apps – Public Preview</STRONG></P> <P>Apps can be defined in DLP as not allowed to access specific sensitive content. Some apps are automated and can generate repeated DLP alert notifications when they continuously access sensitive content for which they are unallowed.</P> <P>&nbsp;</P> <P>For example, when a user deploys an external file synch solution that is unallowed to access sensitive content and the local sharing folder contains a sensitive file that cannot be shared externally. In this example, the file synch upload activity will be repeatedly blocked by DLP. Each blocked activity will generate a notification on the user’s desktop, and each will also be recorded as a DLP event until the file has been removed from the local sharing folder. This impacts the user experience and creates unnecessary event volumes.</P> <P>&nbsp;</P> <P>To address this potential concern, Microsoft is introducing a new auto-quarantine capability that can be assigned to individual unallowed apps when configuring a DLP policy.</P> <P>&nbsp;</P> <P>Using the same scenario as above, if the external file synch solution is defined in a DLP policy as an unallowed app for sensitive data, and auto-quarantine is enabled, the sensitive data would be removed from the home folder and would be stored in a predefined approved quarantine folder. A text file replaces the original file with details for the user to explain the auto-quarantined action. In this instance, the user would only be notified once, and auto-quarantine would prevent repeated DLP policy violations and reduce the risk of sensitive data exfiltration. (see <STRONG>Figure 2: DLP Auto-Quarantine of Sensitive Content</STRONG>)</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 2 - Autoquarantine.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310810iA289E660E4E7FF4F/image-size/large?v=v2&amp;px=999" role="button" title="Figure 2 - Autoquarantine.png" alt="Figure 2 - Autoquarantine.png" /></span></P> <P><STRONG><EM>Figure 2: DLP Auto-Quarantine of Sensitive Content&nbsp; </EM></STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Displaying Cloud DLP, Office, and AIP data in Activity Explorer and Displaying OneDrive data in Content Explorer– General Availability</STRONG></P> <P>Customers require the ability for different administrative users to have different views and levels of functionality depending on the role they have when reviewing user and label activity related to sensitive data. Microsoft offers three distinct ways to view this activity with ‘<A href="#" target="_blank" rel="noopener">Overview</A>’, ‘<A href="#" target="_blank" rel="noopener">Content Explorer</A>’, and ‘<A href="#" target="_blank" rel="noopener">Activity explorer</A>’.</P> <P>&nbsp;</P> <P>With these General Availability announcements customers will have new visibility into events in their environment:</P> <OL> <LI>Office Native feeds in Activity Explorer: Customers will be able to display sensitivity label activities around Label applied, label changed, and label removed in Activity Explorer.</LI> <LI>Cloud DLP in Activity Explorer: Customers will be able to display data from Exchange, SharePoint,-OneDrive, and Teams in Activity Explorer.</LI> <LI>OneDrive data in Content Explorer: Customers will be able to display Sensitive information, Sensitivity labels, and Retention labels detected on files/documents in OneDrive in the Content Explorer.</LI> <LI>Azure Information Protection (AIP) data in Activity Explorer: Customers will be able to display data logged by AIP client and scanner audit</LI> </OL> <P>(Note that the default behavior for AIP data in Activity explorer is Opt-in. If customers would prefer to opt-out, they have to follow steps <A href="#" target="_blank" rel="noopener">here</A> to disable sending logs to Activity Explorer)</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Microsoft Unified DLP Quick Path to Value</STRONG></P> <P>To help customers accelerate their deployment of comprehensive information protection and data loss prevention strategy across all their environments containing sensitive data and help ensure immediate value, M<SPAN>icrosoft provides a one-stop approach to data protection and DLP policy deployment within the Microsoft 365 Compliance Center. </SPAN></P> <P><SPAN>Microsoft Information Protection (MIP) provides a common set of classification and data labeling tools that leverage AI and machine learning to support even the most complex of regulatory or internal sensitive information compliance mandates. </SPAN>MIP’s over 150 sensitive information types and over 40 built-in policy templates for common industry regulations and compliance offer a quick path to value.</P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG>Consistent User Experience</STRONG></P> <P>No matter where DLP is applied, users have a consistent and familiar experience when notified of an activity that is in violation of a defined policy.&nbsp; Policy Tips and guidance are provided using a familiar look and feel users are already accustomed to from applications and services they use every day. This approach can reduce end-user training time, eliminates alert confusion, increases user confidence in prescribed guidance and remediations, and improves overall compliance with policies – without impacting productivity.</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Integrated Insights</STRONG></P> <P>Microsoft DLP integrates with other Security &amp; Compliance solutions such as MIP, Microsoft Defender, and Insider Risk Management to provide broad and comprehensive coverage and visibility required by organizations to meet regulatory and policy compliance.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 3 - Integrated Insights.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310812i13F77A12668B4C05/image-size/large?v=v2&amp;px=999" role="button" title="Figure 3 - Integrated Insights.png" alt="Figure 3 - Integrated Insights.png" /></span></P> <P>&nbsp;</P> <P><STRONG><EM>Figure 3: Integrated Insights</EM></STRONG></P> <P>&nbsp;</P> <P>This approach reduces the dependence on individual and uncoordinated solutions from disparate providers to monitor user actions, remediate policy violations and educate users on the correct handling of sensitive data at the endpoint, on-premises, and in the cloud.</P> <P>&nbsp;</P> <H2><SPAN>Get Started</SPAN></H2> <P>Microsoft DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite. You can sign up for a <A href="#" target="_blank" rel="noopener">trial</A> of Microsoft 365 E5 or navigate to the <A href="#" target="_blank" rel="noopener">Microsoft 365 Compliance Center</A> to get started today.</P> <P>&nbsp;</P> <H5><STRONG>Additional resources:</STRONG></H5> <UL> <LI>For more information on Data Loss Prevention, please see&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/a-unified-approach-to-data-loss-prevention-from-microsoft/ba-p/1694492" target="_blank" rel="noopener">this</A>&nbsp;and&nbsp;<A href="#" target="_blank" rel="noopener">this</A></LI> <LI>For videos on Microsoft Unified DLP approach and Endpoint DLP see&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/understanding-and-maximizing-the-value-of-microsoft-s-dlp/m-p/1688051" target="_blank" rel="noopener">this</A>&nbsp;and&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/extending-microsoft-dlp-deployment-to-endpoints/m-p/1688046" target="_blank" rel="noopener">this</A>&nbsp;</LI> <LI>For a Microsoft Mechanics video on Endpoint DLP see&nbsp;<A href="#" target="_blank" rel="noopener">this</A>&nbsp;</LI> <LI>For more information about the new features in Activity Explorer, see <SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-the-public-preview-of-features-in-microsoft/ba-p/2170027" target="_blank" rel="noopener">this</A></SPAN></LI> <LI>For more information on the Microsoft Compliance Extension for Chrome see <A href="#" target="_blank" rel="noopener">this</A> and <A href="#" target="_blank" rel="noopener">this</A></LI> <LI>For more information on DLP Alerts and Event Management, see&nbsp;<A href="#" target="_blank" rel="noopener">this</A>&nbsp;</LI> <LI>For more information on Sensitivity Labels as a condition for DLP policies, see&nbsp;<A href="#" target="_blank" rel="noopener">this</A>&nbsp;&nbsp;</LI> <LI>For more information on Sensitivity Labels, please see&nbsp;<A href="#" target="_blank" rel="noopener">this</A>&nbsp;&nbsp;</LI> <LI>For more information on conditions and actions for Unified DLP, please see&nbsp;<A href="#" target="_blank" rel="noopener">this</A></LI> <LI>For the latest on Microsoft Information Protection, see&nbsp;<A href="#" target="_blank" rel="noopener">this</A>&nbsp;and&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/what-s-new-and-what-s-coming-in-information-protection/ba-p/1797438" target="_blank" rel="noopener">this</A></LI> <LI>For our previous DLP blog, see<SPAN> <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-announces-the-general-availability-of-the-microsoft/ba-p/2389371" target="_blank" rel="noopener">this</A></SPAN></LI> </UL> <P>&nbsp;</P> <P>Thank you,</P> <P>The Microsoft Information Protection team</P> <P>&nbsp;</P> Fri, 17 Sep 2021 16:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-continues-to-enhance-dlp-customer-value-with-new/ba-p/2756801 EricEOuellet 2021-09-17T16:00:00Z Attacking Active Directory as a Red Teamer or as an Attacker https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/attacking-active-directory-as-a-red-teamer-or-as-an-attacker/ba-p/2676707 <P>Hi, my name is <A href="#" target="_self">Raymond Roethof</A>, and I am a Microsoft Security enthusiast with over fifteen years of experience within the Microsoft landscape. My focus has been Microsoft Security, and specifically with the last three years out of six as a Red Teamer. In this blog post, I will go through an attacker or Red Teamer's challenges when Microsoft Defender for Identity is in place.</P> <P>&nbsp;</P> <P>Many organizations go through a digital transformation by the increasing use of cloud services. Understanding the current state of the cloud service is essential as maintaining the state is a shared responsibility between the company and its cloud provider.</P> <P>&nbsp;</P> <P>Many Red Teamers and attackers use the on-premises environment as a stepping stone to the cloud. So, a company must understand the comprehensive set of security controls and capabilities available in Microsoft Azure, Microsoft 365, and on-premises. Active Directory can be a source for lateral movement and an excellent initial attack vector due to the high-value information it holds.</P> <P>&nbsp;</P> <P data-unlink="true"><A href="#" target="_blank" rel="noopener">Microsoft Defender for Identity</A> is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Defender for Identity also&nbsp;protects Active Directory Federation Services (AD FS) in your environment by detecting advanced threats and providing visibility into authentication events generated by AD FS.</P> <P>&nbsp;</P> <P>The default Active Directory authentication protocol is Kerberos, an authentication protocol based on tickets, and is known for being the target method of many attacks. Kerberos is an authentication protocol developed by MIT and adopted by Microsoft since Windows 2000. Kerberos can also be complicated and as a result, hard to secure.</P> <P>&nbsp;</P> <P data-unlink="true">This blog post will go through attacking Active Directory as a Red Teamer and having Defender for Identity&nbsp;in place to protect this high-value information. What do I have to consider before I make my next move? Let's find out how Defender for Identity makes my job so difficult.</P> <P>&nbsp;</P> <H2><STRONG><SPAN data-preserver-spaces="true">Attack Kill Chain</SPAN></STRONG></H2> <P>&nbsp;</P> <P>As a Red Teamer or an attacker, you want to reach your goal as quickly as possible, preferably without noticing. The purpose and time it takes to perform the attack differs in every scenario. Attackers are mainly financially driven as Red Teamers have a specific pre-defined objective to reach.</P> <P>&nbsp;</P> <P>Most of the attacks require multiple steps to reach their goal. Red Teamers or attackers use some form of an attack kill chain as a process.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="THE-CYBER-KILL-CHAIN-body.png.pc-adaptive.1920.medium.png" style="width: 857px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/307307i3790E36FC4D4A4EE/image-size/large?v=v2&amp;px=999" role="button" title="THE-CYBER-KILL-CHAIN-body.png.pc-adaptive.1920.medium.png" alt="THE-CYBER-KILL-CHAIN-body.png.pc-adaptive.1920.medium.png" /></span></P> <H6 class="lia-align-center">(Figure 1 - an example of an attack kill chain process)</H6> <P>&nbsp;</P> <P><STRONG><SPAN data-preserver-spaces="true">Note:</SPAN></STRONG><SPAN data-preserver-spaces="true">&nbsp;With the digital transformation to the cloud and the complexity of most attacks, a one-size-fits-all kill chain is not feasible anymore, but the <A href="#" target="_blank" rel="noopener">Cyber Attack Kill Chain</A> is a good indication of how a Red Teamer or attacker performs an attack. The graphic shown above is more focused on compromising an endpoint, for example.&nbsp;</SPAN></P> <P>&nbsp;</P> <H2><SPAN data-preserver-spaces="true">Reconnaissance of Active Directory</SPAN></H2> <P>&nbsp;</P> <P>Reconnaissance is a critical and consistent step in any kill chain. Most information found is likely used during an attack at a later stage. Information like server names, IP addresses, operating systems, forest architecture, trusts, service principal names (SPNs), groups and memberships, access control lists, and well-known security misconfigurations is probably part of every reconnaissance phase within Active Directory.</P> <P>&nbsp;</P> <P data-unlink="true">The challenge as a Red Teamer (or an attacker - assume I'm referring to both throughout this blog) starts with Defender for Identity&nbsp;being enabled at the reconnaissance phase.</P> <P>&nbsp;</P> <P data-unlink="true">A Red Teamer needs to have a valid set of credentials, a hash, or any form of authentication to communicate with Active Directory. Attacks like phishing e-mails can contain a malicious payload that runs under the user context. This way, a Red Teamer or attacker can perform an attack as an authenticated user. Without any authentication, a Red Teamer uses an attack like <A href="#" target="_blank" rel="noopener">AS-Rep roasting</A> and password sprays. If you are a Red Teamer or an attacker, Defender for Identity&nbsp;detects this kind of attack and alerts in almost real time.</P> <P>&nbsp;</P> <H2>Lateral Movement Active Directory</H2> <P>&nbsp;</P> <P>The ultimate objective for a Red Teamer is data. For most organizations, data is one of the most valuable assets. Getting access to all data at the initial entry is rare for a Red Teamer or attacker, so it is common to see lateral movement during an attack.</P> <P>&nbsp;</P> <P>Let us say a Red Teamer gets a foothold, either remotely or on the network, within the environment without being noticed as an authenticated user. The next step would be to seek identities with higher privileges or an identity to access high-value assets, like data.</P> <P>&nbsp;</P> <P data-unlink="true">Attacks like <A href="#" target="_blank" rel="noopener">Kerberoasting</A> are also common since service accounts mainly have high privileges to services that contain high-value assets. <A href="#" target="_blank" rel="noopener">Kerberoasting</A> is also an attack that Defender for Identity&nbsp;detects. Defender for Identity&nbsp;also detects newer attacks like PetitPotam as well since version <A href="#" target="_blank" rel="noopener">2.158.14362</A>.</P> <P>&nbsp;</P> <H2><SPAN data-preserver-spaces="true">Extended Detection and Response</SPAN></H2> <P>&nbsp;</P> <P data-unlink="true"><SPAN data-preserver-spaces="true">With Extended Detection and Response (XDR), Microsoft delivers a new approach to provide intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. Due to signal sharing between Microsoft Defender for Endpoint and Defender for Identity,&nbsp;an indicator shows if the endpoint contains an alert within Defender for Endpoint. An analyst can isolate the endpoint within seconds, and as a Red Teamer, you will need to find another entry point to continue your journey.<STRONG>&nbsp;</STRONG>The analyst is also probably more alert and now monitoring the environment even closer as a result.</SPAN></P> <P>&nbsp;</P> <P class="lia-align-center"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="thalpius-minefield-01-ai.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/307306iA24D43F23AC362E5/image-size/large?v=v2&amp;px=999" role="button" title="thalpius-minefield-01-ai.jpg" alt="thalpius-minefield-01-ai.jpg" /></span></P> <H6 class="lia-align-center"><SPAN data-preserver-spaces="true">(Figure 2 - an illustration of an attacker navigating a minefield)</SPAN></H6> <P>&nbsp;</P> <P><SPAN data-preserver-spaces="true">Every step we take next as a Red Teamer or an attacker is like walking in a minefield.</SPAN></P> <P>&nbsp;</P> <H2><SPAN data-preserver-spaces="true">From on-premises to the cloud</SPAN></H2> <P>&nbsp;</P> <P data-unlink="true"><SPAN data-preserver-spaces="true">Although many organizations go through digital transformation by the increasing their use of cloud services, attackers can use the on-premises environment as a stepping stone to the cloud. One of my <A href="#" target="_blank" rel="noopener">blog posts</A> describes creating a forged security token to authenticate to Azure AD using a private key from the AD FS server. Unfortunately for me, Defender for Identity&nbsp;now detects this method of attack as well:</SPAN></P> <P>&nbsp;</P> <P><SPAN data-preserver-spaces="true"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="DKM02.JPG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/309523i7C39A670ED239002/image-size/large?v=v2&amp;px=999" role="button" title="DKM02.JPG" alt="DKM02.JPG" /></span></SPAN></P> <H6 class="lia-align-center">(Figure 3 - A screenshot showing the alert status of an AD FS DKM key read with supporting evidence)</H6> <P>&nbsp;</P> <H2><STRONG><SPAN data-preserver-spaces="true">Conclusion</SPAN></STRONG></H2> <P>&nbsp;</P> <P data-unlink="true">When I'm attacking Active Directory, it is challenging for me to access an environment unnoticed when&nbsp;Defender for Identity&nbsp;is enabled. One misstep as a Red Teamer could lead to an unsuccessful attack. Like I mentioned in the text above, attacking a Microsoft environment that contains Microsoft Defender security products is like walking on thin ice. Not to mention automation, which could stop an attack within seconds. Defender for Identity&nbsp;is just one of many Microsoft security products you will have to tip toe around as a Red Teamer.</P> <P>&nbsp;</P> <P>Even when your organization goes through a digital transformation to the cloud, keep an eye on the on-premises environment. The on-premises environment is a good stepping stone to the cloud, and often, it's harder to detect any subsequent threats targeting your cloud instance since the attack is now coming from inside a trusted network.</P> <P>&nbsp;</P> Thu, 23 Sep 2021 17:40:22 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/attacking-active-directory-as-a-red-teamer-or-as-an-attacker/ba-p/2676707 Thalpius 2021-09-23T17:40:22Z Migrate Legacy Exchange Data Loss Prevention Policies to Compliance Center using Wizard and Playbook https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/migrate-legacy-exchange-data-loss-prevention-policies-to/ba-p/2754785 <P>Prior to DLP in Microsoft 365 compliance center, most organizations protected data using the transport rules aka mail flow rules created in Exchange admin center. You can use transport rules to identify and act on messages that flow through the Exchange Online organization. With the evolution of a centralized console for all the workloads, it’s recommended to move the existing Exchange admin center-DLP policies to DLP in Microsoft 365 Compliance Center. To learn more about Data loss prevention, please refer <A href="#" target="_blank" rel="noopener">DLP</A>.</P> <P><STRONG>Advantages of migrating to Compliance Center:</STRONG></P> <UL> <LI>Unified admin console which is easy to maintain</LI> <LI>Single policy across all workloads (Exchange, SPO, ODB, Teams, Devices, MCAS, etc.)</LI> <LI>Protection of data at rest and in transit.</LI> <LI>Near real-time alerts</LI> <LI>Easy navigation to other compliance product features and capabilities</LI> <LI>More advanced classification and labeling</LI> <LI>Rich built-in alerting and incident management experience</LI> </UL> <P>&nbsp;</P> <P><STRONG>Why now?</STRONG></P> <P>With the rich experience of Microsoft compliance portal and for easy maintenance of all the DLP policies across workloads at a common place, it's advisable to migrate all the legacy ETR(EAC-DLP) policies into <A href="#" target="_blank" rel="noopener">Microsoft Compliance portal</A> (DLP-EXO). We plan to deprecate the EAC-DLP experience in Exchange admin center between April-June 2022. Hence, this is the right time to re-validate the existing legacy rules, consolidate, and rationalize, and migrate to Unified console. To help in migrating the EAC-DLP policies, we are providing a migration wizard which will bring over the policies to Microsoft 365 compliance center.</P> <P><STRONG>Migration Process &amp; Playbook:</STRONG></P> <P>To fast up the migration process, we have an in-built Wizard within the compliance portal, that will help to migrate all the policies in a simple flow of few clicks. The entire process has been explained in the Playbook. Please view the playbook at <A href="#" target="_blank" rel="noopener">aka.ms/mipc/oss</A></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PavanKB_0-1631763835007.png" style="width: 463px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/310723iFA84A2E7C0B125A9/image-dimensions/463x162?v=v2" width="463" height="162" role="button" title="PavanKB_0-1631763835007.png" alt="PavanKB_0-1631763835007.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The attached Playbook helps in identifying the activities in each of the below phases along with insights and best practices.</P> <DIV id="tinyMceEditorPavanKB_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> <P>In summary, this playbook will help to:</P> <UL> <LI>Understand the migration process.</LI> <LI>Understand the unified console and interface.</LI> <LI>Develop a strategy for the migration.</LI> <LI>Ensure a smooth migration process.</LI> <LI>Find resources to support the migration process</LI> </UL> <P>&nbsp;</P> <P>For more up-to-date information, please refer to the documentation <A href="#" target="_blank" rel="noopener">here</A>.</P> <P><STRONG>Frequently asked questions:</STRONG></P> <P>&nbsp;</P> <OL> <LI>Are ETR (mail flow rules) being deprecated?</LI> </OL> <P><EM>No changes planned for mail flow rules. Only Exchange DLP will be deprecated (Dates, yet to announce)</EM></P> <OL start="2"> <LI>Will the migration wizard impact my existing DLP policies in Exchange?</LI> </OL> <P><EM>No. The migration wizard only creates new policies in Compliance Center.<BR />You can choose to disable the Exchange policies using the wizard or independently</EM></P> <OL start="3"> <LI>Why am I not seeing the migration wizard banner?</LI> </OL> <P><EM>Migration wizard banner will be displayed only if you have active Exchange DLP policies</EM></P> <OL start="4"> <LI>What should I do if there are any failures in migration?</LI> </OL> <P><EM>Check details in the migration report to understand the root cause. Make required edits in Exchange policy and retry migration using the wizard</EM></P> <OL start="5"> <LI>For testing purposes, can I enable both the EAC-DLP rule and the DLP-EXO rule?</LI> </OL> <P><EM>Yes. As soon as, the results are satisfied, make the EAC-DLP rules to disable state.</EM></P> <OL start="6"> <LI>Why am I getting 2 incident reports?</LI> </OL> <P><EM>This is expected in case both Exchange and Microsoft365 DLP policies are in enabled state</EM></P> <OL start="7"> <LI>What should I do if my rules are using unsupported conditions?</LI> </OL> <P><EM>Create a separate mail flow rule for conditions like SCLOver which are not supported in Unified DLP (Microsoft 365 DLP), remove the unsupported condition from the transport rule and perform the migration.</EM></P> <OL start="8"> <LI>Discrepancy in Exchange and Microsoft365 DLP policy evaluation</LI> </OL> <P><EM>If policies are enforced in both Exchange and Microsoft365 DLP, please refer to </EM><A href="#" target="_blank" rel="noopener"><EM>this document</EM></A><EM> to understand the expected behavior</EM></P> <P><STRONG>Additional Resources</STRONG><STRONG>&nbsp;</STRONG></P> <P><A href="#" target="_blank" rel="noopener">Join Microsoft Information Protection Preview ring</A></P> <P><A href="#" target="_blank" rel="noopener">Microsoft Information Protection Tech Communities</A></P> <P><A href="#" target="_blank" rel="noopener">Microsoft Information Protection Yammer</A></P> <P><A href="#" target="_blank" rel="noopener"><STRONG>MIP &amp; Compliance One-Stop Shop</STRONG></A></P> Thu, 16 Sep 2021 15:30:16 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/migrate-legacy-exchange-data-loss-prevention-policies-to/ba-p/2754785 PavanKB 2021-09-16T15:30:16Z Co-authoring on Microsoft Information Protection encrypted documents is now generally available https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/co-authoring-on-microsoft-information-protection-encrypted/ba-p/2693718 <P>With hybrid work here to stay, organizations are increasingly looking for ways to facilitate seamless collaboration among workgroups and across organizations while keeping their data secure and compliant. Today, we’re announcing a unique capability from Microsoft Information Protection in Microsoft 365 that empowers you to do just that. <STRONG>Co-authoring on Word, Excel, and PowerPoint documents encrypted with sensitivity labels is now generally available for Windows and Mac</STRONG>. This feature is already available on <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-general-availability-of-sensitivity-labels-with/ba-p/1356224" target="_blank" rel="noopener">Office on the web</A>.</P> <P>&nbsp;</P> <P>Microsoft Information Protection (MIP) is an intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. MIP provides a unified set of capabilities to know your data, protect your data, and help prevent data loss across Microsoft 365 apps (e.g., Word, PowerPoint, Excel, Outlook) and services (e.g., Teams, SharePoint, and Exchange).</P> <P>&nbsp;</P> <P>With Microsoft 365, when sensitivity labels are used to encrypt Word, Excel, or PowerPoint documents, multiple users can now edit these documents in real-time with AutoSave, empowering teams to do their best work while maintaining protection across the document lifecycle.&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="CoauthonProtectedDocs - Best Quality - 2MB.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/307712i0092B1532672DBD1/image-size/large?v=v2&amp;px=999" role="button" title="CoauthonProtectedDocs - Best Quality - 2MB.gif" alt="CoauthonProtectedDocs - Best Quality - 2MB.gif" /></span></P> <P>&nbsp;<FONT size="3"><EM>Figure 1. Office users on Windows and Mac co-authoring on a documented encrypted with a 'Confidential Project' label</EM></FONT>&nbsp;</P> <P>&nbsp;</P> <P>To get started –</P> <UL> <LI>Deploy the 2107 update of Office (or higher) using the&nbsp;<A href="#" target="_blank" rel="noopener">Current Channel</A> or <A href="#" target="_blank" rel="noopener">Monthly Enterprise Channel</A>. We highly recommend using <A href="#" target="_blank" rel="noopener">Configuration Manager</A> and <A href="#" target="_blank" rel="noopener">Servicing Profiles</A> to ease this transition</LI> <LI>If your organization uses Azure Information Protection to apply labels in Word, Excel, and PowerPoint on Windows, make sure to also <A href="#" target="_blank" rel="noopener">update to the latest version</A></LI> <LI>Navigate to the <A href="#" target="_blank" rel="noopener">Microsoft 365 Compliance Center</A> settings page as a global admin to enable the feature</LI> </UL> <P>This feature requires all clients working on Office files to have updated capabilities for supporting the new <A href="#" target="_blank" rel="noopener">metadata changes for sensitivity labels</A>. Any third-party or custom solutions interacting with sensitivity labels <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/upcoming-changes-to-microsoft-information-protection-metadata/ba-p/1904418" target="_blank" rel="noopener">may also need to be updated</A>. So, plan ahead to get the best results. You can read more about this feature <A href="#" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P>Microsoft Information Protection offers powerful capabilities to classify and secure sensitive information. With the co-authoring capability we are announcing today, MIP users no longer have to compromise between security and productivity</P> <P>&nbsp;</P> <P>Paras Kapadia, Principal Program Manager, Microsoft Office 365</P> <P>&nbsp;</P> <P>*Requires Microsoft 365 E3/A3/G3/E5/A5/G5 license. Support on mobile coming soon.</P> Tue, 14 Sep 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/co-authoring-on-microsoft-information-protection-encrypted/ba-p/2693718 Paras Kapadia 2021-09-14T15:00:00Z Final reminder to migrate from Azure Information Protection classic client to unified labeling https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/final-reminder-to-migrate-from-azure-information-protection/ba-p/2731734 <P>With the Azure Information Protection (AIP) classic client sunset <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179" target="_blank" rel="noopener">announcement in March last year</A>, we made it clear that migrating to unified labeling is crucial to continue classifying sensitive information, along with increasing the coherence and effectiveness of label and protection management in Microsoft’s ecosystem.</P> <P>&nbsp;</P> <P>This blog post should serve as additional guidance for those that need to migrate their labels and policies from the Azure Information Protection portal to Microsoft 365 compliance center as well as upgrade from the classic client to the unified labeling client or the native labeling experience.</P> <P>&nbsp;</P> <P><STRONG>In this blog post, you will learn the answers to the following questions:</STRONG></P> <P>&nbsp;</P> <UL> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Whyismigrating" target="_top" rel="noopener">Why is migrating to unified labeling important?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Whatistherecommended" target="_top" rel="noopener">What is the recommended approach for migrating to unified labeling?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Howtoactivate" target="_top" rel="noopener">How do I activate unified labeling and migrate labels and policies to the Microsoft 365 compliance center?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Howtoupgrade" target="_top" rel="noopener">How do I upgrade the classic client?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Arethereany" target="_top" rel="noopener">Are there any features that will remain in the Azure portal?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Whenisthemigration" target="_top" rel="noopener">When is the migration considered complete?</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#WherecanIfind" target="_top" rel="noopener">Where can I find additional documentation?</A></LI> </UL> <H3 id="Whyismigrating">Why is migrating to unified labeling important?</H3> <P>&nbsp;</P> <P>Microsoft will not provide migration extensions and the <STRONG>Azure information protection classic client will stop functioning and will not be able to aquire policy from the Azure Portal on March 31<SUP>st</SUP>, 2022.</STRONG> Because of that, it is important for you to commit to the task and set firm timelines to finish migration before the end of this year.</P> <P>&nbsp;</P> <P>Microsoft Information Protection (MIP) provides you with a unified set of capabilities for classification, labeling, and protection across all our services, including platforms such as web, iOS, Android, and Mac.</P> <P>&nbsp;</P> <P>Unified labeling is the backbone that ties all these capabilities together under a single pane of glass through <A href="#" target="_blank" rel="noopener">management in the Microsoft 365 compliance center</A>. Migrating your labels and policies from the AIP portal is a necessary step for you to be able to continue using our information protection capabilities.</P> <P>&nbsp;</P> <P><SPAN>Government Community Cloud (GCC) customers, including GCC High, can find more information in our <A href="https://gorovian.000webhostapp.com/?exam=t5/public-sector-blog/sunset-of-label-management-in-the-azure-portal-and-aip-classic/ba-p/2703624" target="_self">recent blog post</A>.</SPAN></P> <P>&nbsp;</P> <H3 id="Whatistherecommended">What is the recommended approach for migrating to unified labeling?</H3> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="PavelKratky_0-1631087243844.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/308880i1104186A2A2CF652/image-size/large?v=v2&amp;px=999" role="button" title="PavelKratky_0-1631087243844.png" alt="PavelKratky_0-1631087243844.png" /></span></P> <P>Figure 1. Transition steps for migration to unified labeling</P> <P>&nbsp;</P> <P>Activating unified labeling and copying your policies to the Compliance center are semi-automatic actions that can be done with a click of a button, but before that, you should make sure you have everything ready.</P> <P>&nbsp;</P> <P>One of the first things you need to consider is whether you will upgrade your AIP classic client to a unified labeling client or move directly to using native labeling capabilities.</P> <P>&nbsp;</P> <P>Using native labeling capabilities or built-in labeling is the preferred choice, but there may be <A href="#" target="_blank" rel="noopener">dependencies</A> or <A href="#" target="_blank" rel="noopener">feature requirements</A> that can influence your decision.</P> <P>The following decision tree should help you in choosing the right path.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 2. Guidance for labeling client selection" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/308905iE936F81DA7CC88B8/image-size/large?v=v2&amp;px=999" role="button" title="PavelKratky_4-1631088903614.png" alt="PavelKratky_4-1631088903614.png" /></span></P> <P>Figure 2. Guidance for labeling client selection</P> <P>&nbsp;</P> <P>If you are not sure which client you are using right now and if you are still using the old experience, see <A href="#" target="_blank" rel="noopener">How can I determine if my tenant is on the unified labeling platform?</A></P> <P>&nbsp;</P> <P>The resulting impact on end-users is a slightly changed appearance of the Office ribbon bar button.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Figure 3. User experience comparison" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/308882iE543E7E3457CCDB1/image-size/large?v=v2&amp;px=999" role="button" title="PavelKratky_2-1631087243846.png" alt="PavelKratky_2-1631087243846.png" /></span></P> <P>Figure 3. User experience comparison</P> <H3>&nbsp;</H3> <H3 id="Howtoactivate">How do I activate unified labeling and migrate labels and policies to the Microsoft 365 compliance center?</H3> <P>&nbsp;</P> <P>Migrating your labels to the Microsoft 365 compliance center is a straightforward task. For a description of how this can be done, see <A href="#" target="_blank" rel="noopener">Migrating labels to the unified labeling platform</A>.</P> <P>&nbsp;</P> <P>For the migration of policies, you can start from scratch in the Microsoft 365 compliance center or use a <A href="#" target="_blank" rel="noopener">Copy policies feature (preview)</A>. Be aware that some settings are not migrated automatically, for details see <A href="#" target="_blank" rel="noopener">Configuring advanced labeling settings</A> and <A href="#" target="_blank" rel="noopener">Label settings that are not supported in the Microsoft 365 compliance center</A>.</P> <P>&nbsp;</P> <P>If you would like to preview the admin experience before activating unified labeling, see one of our <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/azure-aip-portal-label-amp-policy-management-admin-experience/ba-p/2182678" target="_blank" rel="noopener">previous blog posts</A>.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Figure 4. Service architecture after activating unified labeling" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/308883iBEA1F052570785DC/image-size/large?v=v2&amp;px=999" role="button" title="PavelKratky_3-1631087243847.png" alt="PavelKratky_3-1631087243847.png" /></span></P> <P>Figure 4. Service architecture after activating unified labeling</P> <H3>&nbsp;</H3> <H3 id="Howtoupgrade">How do I upgrade the classic client?</H3> <P>&nbsp;</P> <P>If you choose to use the <STRONG>built-in labeling</STRONG> support, you do not have to install anything, but you will need to have at least Office version 1910. Some specific features require even newer versions - for detailed requirements including other platforms such as web, iOS, Android, and Mac, see <A href="#" target="_blank" rel="noopener">Support for sensitivity label capabilities in apps</A>.</P> <P>&nbsp;</P> <P>For the installation of a&nbsp;<STRONG>unified labeling client</STRONG>, you can either run an executable (.exe) or deploy Windows Installer (.msi) version of the client. Both support silent installs through central deployment mechanisms and will perform an in-place upgrade from the classic client. If you need additional information, you can visit the <A href="#" target="_blank" rel="noopener">detailed admin guide</A> describing the installation process and requirements in detail.</P> <P>To download the latest version of Azure Information Protection unified labeling client, visit <A href="#" target="_blank" rel="noopener">https://aka.ms/aipclient</A>.</P> <H3>&nbsp;</H3> <H3 id="Arethereany">Are there any features that will remain in the Azure portal?</H3> <P>&nbsp;</P> <P>There are some specific exceptions such as <A href="#" target="_blank" rel="noopener">scanner functionality</A> and <A href="#" target="_blank" rel="noopener">Azure Information Protection analytics</A>, which remain active in the Azure portal. Regardless, we encourage customers to use unified audit logs and activity explorer in the Microsoft 365 compliance center for a complete view of all the analytics data.</P> <P>&nbsp;</P> <H3 id="Whenisthemigration">When is the migration considered complete?</H3> <P>&nbsp;</P> <P>Once you have migrated your labels and policies to the Microsoft 365 compliance center and updated all your classic clients to the unified labeling client (or transitioned directly to the built-in experience), you have successfully finished the migration process. Congratulations!</P> <P>&nbsp;</P> <H3 id="WherecanIfind">Where can I find additional documentation?</H3> <P>&nbsp;</P> <P>We have compiled all relevant resources for you in the following list:</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Migrate Azure Information Protection labels to unified sensitivity labels - AIP | Microsoft Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Tutorial - Migrating from the Azure Information Protection (AIP) classic client to the unified labeling solution | Microsoft Docs</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/understanding-unified-labeling-migration/ba-p/783185" target="_blank" rel="noopener">Understanding Unified Labeling migration - Microsoft Tech Community</A></LI> <LI><A href="#" target="_blank" rel="noopener">Transition from Azure Information Protection to Microsoft Information Protection - Learn | Microsoft Docs</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/azure-aip-portal-label-amp-policy-management-admin-experience/ba-p/2182678" target="_blank" rel="noopener">Azure AIP Portal Label &amp; Policy Management Admin Experience - Post March 31st Deprecation - Microsoft Tech Community</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft Information Protection Unified Labeling migration discussed - YouTube</A></LI> <LI><A href="#" target="_blank" rel="noopener">Compare the labeling solutions for Windows computers | Microsoft Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Install the Azure Information Protection (AIP) unified labeling client for users | Microsoft Docs</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179" target="_blank" rel="noopener">Announcing timelines for sunsetting label management in the Azure portal and AIP client (classic) - Microsoft Tech Community</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=t5/public-sector-blog/sunset-of-label-management-in-the-azure-portal-and-aip-classic/ba-p/2703624" target="_blank" rel="noopener">Sunset of label management in the Azure portal and AIP classic client for GCC, GCC High customers - Microsoft Tech Community</A></LI> </UL> Tue, 21 Sep 2021 16:02:45 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/final-reminder-to-migrate-from-azure-information-protection/ba-p/2731734 PavelKratky 2021-09-21T16:02:45Z Learn how MIP works with Azure Purview at the Azure Data Governance digital event on September 28 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/learn-how-mip-works-with-azure-purview-at-the-azure-data/ba-p/2681397 <P><SPAN><STRONG>Achieve unified data governance with Azure Purview</STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">Join us&nbsp;for the free, one-hour&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><STRONG><SPAN data-contrast="none">Azure Data Governance digital event</SPAN></STRONG></A><SPAN data-contrast="none">&nbsp;on&nbsp;</SPAN><STRONG><SPAN data-contrast="none">September 28&nbsp;from 9:00 AM–10:00 AM Pacific Time</SPAN></STRONG><SPAN data-contrast="none">.&nbsp;Learn&nbsp;how to create a comprehensive, automated map of all your data, and see how Azure Purview works with&nbsp;Azure SQL&nbsp;and the rest of your data estate to deliver timely, reliable insights</SPAN><STRONG><SPAN data-contrast="none">—</SPAN></STRONG><SPAN data-contrast="auto">with a short keynote followed by a deep dive into key topics and real companies’ experiences</SPAN><SPAN data-contrast="none">.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><A href="#" target="_blank" rel="noopener"><STRONG><SPAN data-contrast="none">Register for this event</SPAN></STRONG></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">to:</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="21" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">See how Azure Purview works with&nbsp;Microsoft&nbsp;Information Protection</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="21" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Learn to create a comprehensive, automated map of all your data. </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="21" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">Watch in-depth demos of product features including Azure Purview Data Map and Data Catalog.  </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="21" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto">Ask Azure experts your data governance questions in the live Q&amp;A. </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="LaurieLitwack_0-1629850368291.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/305461iE80F679D904B0FBD/image-size/medium?v=v2&amp;px=400" role="button" title="LaurieLitwack_0-1629850368291.png" alt="LaurieLitwack_0-1629850368291.png" /></span></P> <P><SPAN data-contrast="auto">You’ll also have the chance to get answers to your data governance questions from product experts during the live chat.&nbsp;&nbsp;</SPAN><SPAN data-contrast="none">Use the event live chat to ask&nbsp;Azure Purview questions you may have and get insights from the product experts and engineers building&nbsp;data governance&nbsp;solutions. </SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Join us to hear more about these benefits, engage with Microsoft leaders and product experts, and explore solutions for data governance. We hope to see you there! </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">Maximize the Value of Your Data in the Cloud</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">Achieve unified data governance with Azure Purview </SPAN></STRONG><SPAN data-contrast="auto"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">Tuesday, September 28, 2021</SPAN></STRONG><SPAN data-contrast="auto"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">9:00 AM–10:00 AM Pacific Time (UTC-8)</SPAN></STRONG><SPAN data-contrast="auto"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><A title="Register now" href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="LaurieLitwack_1-1629850368289.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/305460iD7084BC6B783769F/image-size/medium?v=v2&amp;px=400" role="button" title="LaurieLitwack_1-1629850368289.png" alt="LaurieLitwack_1-1629850368289.png" /></span></A></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Wed, 25 Aug 2021 17:25:33 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/learn-how-mip-works-with-azure-purview-at-the-azure-data/ba-p/2681397 Laurie Litwack 2021-08-25T17:25:33Z Microsoft Information Protection SDK 1.10: Now Available! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-sdk-1-10-now-available/ba-p/2670968 <P>We're pleased to announce that the Microsoft Information Protection SDK version 1.10 is now generally available via&nbsp;<A href="#" target="_blank" rel="noopener">NuGet</A>&nbsp;and&nbsp;<A href="#" target="_blank" rel="noopener">Download Center</A>.</P> <P>&nbsp;</P> <P>In this release of the Microsoft Information Protection SDK, we've focused on support for MSG files, added support for the latest versions of Debian and Ubuntu, optimized MIP SDK Initialization, and more.</P> <P>&nbsp;</P> <H2 id="highlights">Highlights</H2> <UL> <LI>Full support for Debian 10 and Ubuntu 20.04. Ubuntu 20.04 is also supported via .NET Core.</LI> <LI>Updated Java preview to version 1.10.</LI> <LI>Support for reading and writing labels on MSG files.</LI> <LI>Revamped the initialization process and simplified configuration by exposing a <CODE>MipConfiguration</CODE> class. This class allows developers to control the same settings previously set by MipContext, in addition to delegates, feature flags, and other overrides.</LI> <LI>Added several new error codes to provide better error handling when dealing with protected content.</LI> <LI>Added a new storage delegate for C++ version that allows developers to override the default SQLite storage. This is useful for instances where the MIP SDK cache needs to be shared across multiple nodes in a service.</LI> </UL> <P>&nbsp;</P> <P>For a full list of changes to the SDK, please review our <A href="#" target="_self">change log</A>.</P> <H2>&nbsp;</H2> <H2 id="links">Links</H2> <UL> <LI><A href="#" target="_blank" rel="noopener">Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Samples</A></LI> <LI><A href="#" target="_blank" rel="noopener">NuGet</A></LI> <LI><A href="#" target="_blank" rel="noopener">Download Center</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft Information Protection on Stack Overflow</A></LI> </UL> Mon, 23 Aug 2021 23:20:05 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-sdk-1-10-now-available/ba-p/2670968 Tom Moser 2021-08-23T23:20:05Z Announcing Public Preview of New Conditions in Teams DLP https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-public-preview-of-new-conditions-in-teams-dlp/ba-p/2636496 <P><SPAN data-contrast="auto">We are excited to&nbsp;announce&nbsp;the&nbsp;public preview&nbsp;for 4 new conditions in Teams Data Loss Prevention(DLP)&nbsp;available through the Microsoft 365 Compliance Center.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">These 4&nbsp;conditions&nbsp;have already been available for Exchange DLP&nbsp;and were&nbsp;one of&nbsp;the top requested&nbsp;feature requests for Teams as well-</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Wingdings" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Sender is</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Wingdings" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Recipient is</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Wingdings" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Sender domain is</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Wingdings" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Recipient domain is</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PavanKB_0-1628689998309.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302363i19DD19CE5AED2FED/image-size/medium?v=v2&amp;px=400" role="button" title="PavanKB_0-1628689998309.png" alt="PavanKB_0-1628689998309.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">With the availability of these conditions, customers can extend their existing Exchange policies to protect Teams chats and channel messages or&nbsp;create a single policy to protect sensitive content across&nbsp;multiple locations</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><STRONG><SPAN data-contrast="none">Get Started</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Microsoft unified DLP solution is part of a broader set of Information Protection and Governance solutions within the Microsoft 365 Compliance Suite. You can sign up for a </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">trial</SPAN></A><SPAN data-contrast="none"> of Microsoft 365 E5 or navigate to the </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Microsoft 365 Compliance Center</SPAN></A><SPAN data-contrast="none"> to get started today.</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P aria-level="5"><STRONG><I><SPAN data-contrast="none">Additional resources:</SPAN></I></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">For more information on Data Loss Prevention, please see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">For&nbsp;</SPAN><SPAN data-contrast="none">more&nbsp;information</SPAN><SPAN data-contrast="none">&nbsp;on Microsoft Unified DLP approach and&nbsp;</SPAN><SPAN data-contrast="none">Teams</SPAN><SPAN data-contrast="none">&nbsp;DLP see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">Teams DLP&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-teams-dlp-playbook/bc-p/2545872/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufEtSMzc3R0tHV0syRFhMfDI1NDU4NzJ8U1VCU0NSSVBUSU9OU3xoSw#M5310" target="_blank" rel="noopener"><SPAN data-contrast="none">Playbook</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> Mon, 23 Aug 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-public-preview-of-new-conditions-in-teams-dlp/ba-p/2636496 PavanKB 2021-08-23T15:00:00Z PetitPotam? Microsoft Defender for Identity has it covered! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/petitpotam-microsoft-defender-for-identity-has-it-covered/ba-p/2656271 <P>If you didn’t grow up in the '90s in France like yours truly, you probably wouldn’t be familiar with the animated kids show named <EM>Petit</EM> <EM>Potam, </EM>which was based on the books of the same name by Christine Chagnoux.</P> <P>&nbsp;</P> <P>While I could talk about the TV series for days, the reason Petit Potam came to the news lately is because of a vulnerability that was recently published with the same name which can potentially be used in an attack on Windows domain controllers. PetitPotam is a tool that can exploit the Encrypting File System Remote (EFSRPC) Protocol.</P> <P>&nbsp;</P> <H2>Exploiting the MS-EFSRPC</H2> <P>The EFSRPC protocol that PetitPotam exploits is typically used to maintain and manage encrypted data that is stored remotely and accessed over a network. It’s mainly used to manage Windows files that reside on remote file servers and are encrypted using the Encrypting File System (EFS).</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="DanielNaim_0-1629208438756.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/303763iC524478B1F9C9E59/image-size/medium?v=v2&amp;px=400" role="button" title="DanielNaim_0-1629208438756.png" alt="DanielNaim_0-1629208438756.png" /></span></P> <P>&nbsp;</P> <P class="lia-align-center"><EM><FONT size="2">Figure 1. Message sequence for opening a file using EFS</FONT></EM></P> <P>&nbsp;</P> <P>Using the PetitPotam vector, an adversary can manipulate MS-EFSRPC API functions without authentication using the <EM>OpenEncryptedFileRaw</EM> calls. This allows the adversary to force a domain controller to authenticate to an NTLM relay server under the attacker's control.</P> <P>&nbsp;</P> <H2>NTLM Relay attack</H2> <P>NTLM relay attacks allow the malicious actor to access services on the network by positioning themselves between the client and the server and usually intercepting the authentication traffic and then attempting to impersonate the client.</P> <P>To prevent NTLM relay attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication utilize protections such as <SPAN><A href="#" target="_blank" rel="noopener">Extended Protection for Authentication (EPA)</A></SPAN>, or signing features, like SMB signing.</P> <P>PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM relay attacks.</P> <P>&nbsp;</P> <H2>Microsoft Defender for Identity detection</H2> <P>Starting from version 2.158 onwards, Microsoft Defender for Identity will trigger a security alert whenever an attacker is trying to exploit the EFS-RPC against the domain controller, which is the preliminary step of the PetitPotam attack.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="MicrosoftTeams-image (8).png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/303765i7EDCCCA2DCE67B9E/image-size/large?v=v2&amp;px=999" role="button" title="MicrosoftTeams-image (8).png" alt="MicrosoftTeams-image (8).png" /></span></P> <P class="lia-align-center"><EM><FONT size="2">Figure 2. Suspicious Network Connection over EFS-RPC alert information</FONT></EM></P> <P>&nbsp;</P> <P>The alert provides visibility into network activity over the protocol and when an attacker is trying to force the domain controller to authenticate against a remote device. The alert will contain the following information:</P> <UL> <LI>Source context – which can be the user and/or the device originating the request</LI> <LI>The target domain controller</LI> <LI>The remote device – including the file the attacker was trying to read</LI> </UL> <H2>&nbsp;</H2> <H2>How to protect your organization further</H2> <P>On August 10, 2021, Microsoft published CVE-2021-36942 which addresses this vulnerability, named Windows LSA Spoofing Vulnerability. We highly recommend prioritizing updating the domain controllers with this CVE.</P> <P>To learn more about the CVE, see the details in the MSRC portal with the following link: <A href="#" target="_blank" rel="noopener">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942</A></P> <P>&nbsp;</P> <H2>What next?</H2> <P>&nbsp;</P> <P>If you haven't already got access to Defender for Identity, you can start a trial <A href="#" target="_blank" rel="noopener">using this link</A>.&nbsp;</P> <P>&nbsp;</P> <P>We're always adding new capabilities to Defender for Identity and we'll make announcements about great new features here in this blog, so check back regularly to see what the latest updates bring to your security teams.&nbsp;</P> <P>&nbsp;</P> <P>We're always keen on hearing your feedback, so please let us know in the comments section below if you have anything to share with us about this detection.&nbsp;</P> <P>&nbsp;</P> Wed, 18 Aug 2021 16:13:52 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/petitpotam-microsoft-defender-for-identity-has-it-covered/ba-p/2656271 Daniel Naim 2021-08-18T16:13:52Z Warn and Educate Users on Risky App Usage https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/warn-and-educate-users-on-risky-app-usage/ba-p/2630982 <P>Recent reports show the high extent to which information workers are utilizing cloud apps while doing their everyday tasks. In an average enterprise, there are more than 1500 different cloud services used, where less than 12% of them are sanctioned or managed by the IT teams. Considering that more than 78GB of data is being uploaded monthly to risky apps we conclude that most organizations are exposed to potential data loss or risks coming out of these cloud applications.</P> <P>&nbsp;</P> <P>Shadow IT usage of risky apps is usually mitigated by a strict approach of blocking any usage of these cloud apps that do not meet certain risk criteria, this approach is already enabled today by using <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/block-access-to-unsanctioned-apps-with-microsoft-defender-atp/ba-p/1121179" target="_blank" rel="noopener">Microsoft’s Cloud App Security Shadow IT Discovery capabilities with its native integration with Microsoft Defender for Endpoints</A> and it’s native integration with other 3<SUP>rd</SUP> party network appliances.&nbsp;</P> <P>But what about apps that are widely used by employees and enable their productivity (especially in the Work from home/Covid-19 era) and their risk is not conclusive enough for a strict block. To enable the delicate balance between employee’s productivity, and the need for risk and compliance awareness, organizations need to take a gradual approach:<BR /><BR /></P> <UL> <LI>Warn users that this app is not recommended/allowed but allows users to bypass to enable productivity.&nbsp;</LI> <LI>IT can monitor access and bypasses such apps and learn usage trends and importance.</LI> <LI>IT can offer sanctioned and managed alternatives for the users by creating a contextual company web page that provides sanctioned alternatives in the organization.&nbsp;</LI> </UL> <P>We are pleased to announce the <STRONG>public preview</STRONG> for a new endpoint-based capability to allow management and control of Monitored cloud applications, manage these Monitored applications applying soft block experience for end-users when accessing these apps. Users will have an option to bypass the block. <BR />IT admins will be able to add a dedicated custom redirect link so users can get more context on why they were blocked in the first place and what valid alternatives do they have for such apps in the organization.</P> <P>Besides enabling the soft block experience, admins will be able to continuously monitor these apps and understand how many of the users adhered to the block and chose other alternatives, or, decided to bypass the block and continue using the app – this will serve as a strong indication, org-wide, whether this app is necessary and should be considered for deeper management by IT.</P> <P>By adopting a more gradual and less strict approach for blocking cloud applications, IT organizations can reduce their overhead of handling exception requests, but in parallel drive employee awareness.</P> <P>&nbsp;</P> <H2>How does it work?</H2> <P>&nbsp;</P> <P>&nbsp;In Cloud App security, tag the targeted app as <STRONG>Monitored</STRONG>.<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_3-1628582805419.png" style="width: 945px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302116i47E60B9653531BC6/image-dimensions/945x85?v=v2" width="945" height="85" role="button" title="Boris_Kacevich_3-1628582805419.png" alt="Boris_Kacevich_3-1628582805419.png" /></span></P> <P>&nbsp;</P> <P>The corresponding URL/Domains indicators will appear in the Microsoft Defender for Endpoints security portal as a new URL/Domain indicator with action type <STRONG>Warn</STRONG>.</P> <P>&nbsp;</P> <P>When a user attempts to access the Monitored app, they will be blocked by Windows defender network protection but will allow the user to bypass the block or get more details on why he was blocked by redirecting him to a dedicated custom web page managed by the organization.<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_2-1628580976416.png" style="width: 828px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302103i76B56999C5412DDC/image-dimensions/828x147?v=v2" width="828" height="147" role="button" title="Boris_Kacevich_2-1628580976416.png" alt="Boris_Kacevich_2-1628580976416.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_3-1628580976482.png" style="width: 827px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302107i8A7701ACFD539E1E/image-dimensions/827x382?v=v2" width="827" height="382" role="button" title="Boris_Kacevich_3-1628580976482.png" alt="Boris_Kacevich_3-1628580976482.png" /></span></P> <P>&nbsp;</P> <P>Over time, an IT admin can monitor the usage pattern of the app in Cloud App Security's discovered app page and monitor how many users have bypassed the warning message.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_2-1628582636486.png" style="width: 773px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302114iC8F28A7BAA9C4E01/image-dimensions/773x186?v=v2" width="773" height="186" role="button" title="Boris_Kacevich_2-1628582636486.png" alt="Boris_Kacevich_2-1628582636486.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <H2>Get started</H2> <P><BR />After you have verified that you have all the integration prerequisites listed in this&nbsp;<A href="#" target="_blank" rel="noopener">article</A>, follow the steps below to start warning on access to Monitored apps with Cloud App Security and Microsoft Defender for Endpoint.</P> <H3>Step 1</H3> <UL> <LI>In Microsoft 365 Defender, go to settings &gt; Endpoints &gt;&nbsp;Advanced features and <STRONG>enable</STRONG> <A href="#" target="_blank" rel="noopener"><STRONG>Microsoft Cloud App Security</STRONG></A> integration and <STRONG>Custom network indicators</STRONG>.</LI> <LI><STRONG>Enable</STRONG> <A href="#" target="_self">Microsoft Defender for Endpoint preview features</A>.</LI> </UL> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_4-1628582929693.png" style="width: 783px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302117iF80A09FCD8E16D46/image-dimensions/783x357?v=v2" width="783" height="357" role="button" title="Boris_Kacevich_4-1628582929693.png" alt="Boris_Kacevich_4-1628582929693.png" /></span></P> <P>&nbsp;</P> <H3>Step 2</H3> <P>In the Microsoft Cloud App Security portal, go to&nbsp;&nbsp;<EM>Settings</EM>&nbsp;&gt;&nbsp;<EM>Microsoft Defender for Endpoint</EM>: <BR /><BR /></P> <UL> <LI>Mark the checkbox to enable blocking of endpoint access to cloud apps marked as unsanctioned in Cloud App Security</LI> <LI>[Optional] Set a custom redirect URL for a company coaching page.</LI> <LI>[Optional] Set the Bypass duration time after which the user will get warned once again on access to the app. <BR /><BR /></LI> </UL> <DIV id="tinyMceEditorBoris_Kacevich_9" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Boris_Kacevich_5-1628583092421.png" style="width: 791px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/302118i8A8391BF62573997/image-dimensions/791x427?v=v2" width="791" height="427" role="button" title="Boris_Kacevich_5-1628583092421.png" alt="Boris_Kacevich_5-1628583092421.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <H3><STRONG>More info and feedback</STRONG></H3> <UL> <LI>Get started with our&nbsp;technical documentation:</LI> <UL> <LI><A href="#" target="_blank" rel="noopener">Cloud App Security documentation</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft Defender for Endpoint documentation</A></LI> <LI><A href="#" target="_self">Cloud App Security and Defender for Endpoint integration docs</A></LI> </UL> <LI>As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/Microsoft-Cloud-App-Security/bd-p/MicrosoftCloudAppSecurity" target="_blank" rel="noopener">Cloud App Security</A>&nbsp;and&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-advanced/ct-p/MicrosoftDefenderAdvanced" target="_self">Microsoft Defender for Endpoint Tech Community pages.</A></LI> <LI><A href="#" target="_blank" rel="noopener">Uncover your blind spots: seamlessly control cloud usage risks to your organization</A></LI> <LI> <P><A href="#" target="_blank" rel="noopener">Microsoft Cloud App Security - Manage and control your Shadow IT - YouTube</A></P> </LI> <LI> <P><A href="#" target="_blank" rel="noopener">Microsoft Cloud App Security - Shadow IT Discovery (Solution Sheet)</A></P> </LI> </UL> <P>&nbsp;</P> Thu, 23 Sep 2021 17:43:08 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/warn-and-educate-users-on-risky-app-usage/ba-p/2630982 Boris_Kacevich 2021-09-23T17:43:08Z Building a Business Case for Sensitivity Labelling in Education https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/building-a-business-case-for-sensitivity-labelling-in-education/ba-p/2626461 <P>Having a background in education, I do a lot of work with education customers who are looking to improve on their information protection capabilities. Building a business case for sensitivity labelling and related features can be difficult without first understanding the existing information protection issues and the risks that labelling can help to address. Towards this, I’ve put together a series of points backed up with education-specific examples to demonstrate why information protection should be high on our list of priorities. I hope this might be useful in helping organisations understand the need for these capabilities and allow them to better articulate this back to business stakeholders.</P> <P>&nbsp;</P> <P>If you haven’t come across Sensitivity Labelling before, it’s just what its name implies. Its most basic form allows us to apply a label to sensitive information to mark it as such (this is probably more traditionally referred to as classification, but we’ll avoid using this terminology). Once we have our sensitive information labelled, there are various things that we can do with it. Below, we’ll explore some of these possibilities and the risks that the configuration can help to mitigate.</P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Decisions, decisions...</STRONG></FONT></P> <P>There’s a lot to be said for the simple and utterly non-technical process of applying sensitivity labels to information. When we’re required to apply a label, there’s a mental process that we put ourselves through to determine which label might be appropriate. It’s easy to draw this process up into a decision tree with decreasing levels of sensitivity:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="decision_tree.PNG" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301674i11CE6289E7FD7256/image-size/medium?v=v2&amp;px=400" role="button" title="decision_tree.PNG" alt="decision_tree.PNG" /></span></P> <P>When we implement sensitivity labelling, we’re asking users to consider the risk of information. We’re educating them to consider which information may or may not be appropriate for certain audiences. This process, which over time becomes second nature, will do a lot to help organisations secure their data as it instils users with a practice of continual information risk assessment. This is useful, not only in a work context, but also in staff personal lives as people who often think about information security will be more likely to stop and think before falling for a phishing campaign or oversharing risky details on social media.</P> <P>I find these differences in staff mentality evident as I move between customer environments delivering security workshops. Customers with staff who continually apply classifications to information, such as those in the government sector, will typically have a much higher awareness of information risk. Non-government customers may have similar privacy requirements documented in their policies which, if they’re lucky, staff might read during onboarding but are unlikely to think about during their day-to-day work activities. By implementing labelling we’re bringing these policies to the forefront and requiring staff to continually assess information risk which will help to build a more risk-aware organisational culture.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 1: Implementing sensitivity labelling will help to instil a culture of information protection.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Back it up with automation</STRONG></FONT></P> <P>So, when we implement labelling, we can expect that we may have some disruption on day 1 as we’re asking staff to stop and think before selecting a label. This will fairly quickly become second nature for most users, however, we’re all human and we have to expect that occasionally someone might select the wrong label. We also have to allow for unengaged users and new staff that haven’t been provided with training. To help ensure accurate labelling we have auto-labelling capabilities that can be enabled to assist with label selection. With auto-labelling policies, we can check for what are referred to as ‘Sensitive Information Types’, which are pieces of information that can help us to make a decision on the sensitivity of an item. If we see an item that contains student Personally Identifiable Information (PII), then we can either automatically set the item to ‘Confidential’ or help to educate the user by suggesting that they choose the ‘Confidential’ label. Sensitive information types are quite powerful and we can create some really granular rules checking, for example, the proximity between a code and a keyword that is required for an item to be considered a match. This can help us to weed out false positives and ensure label accuracy.</P> <P>Within Education, we’d typically be configuring student numbers, staff employee ID’s, student email addresses, records numbers and anything that might relate to medical information as sensitive information types. In addition to this, a standard deployment would look for bank details, credit card numbers, medical details, tax file numbers, social security numbers, etc. If we detect any of these information types in a file or email, then we would either automatically set a label or recommend an appropriate label to the user.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="student_email_dlp.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301706iE1F2B058C62757A4/image-size/large?v=v2&amp;px=999" role="button" title="student_email_dlp.png" alt="student_email_dlp.png" /></span></P> <P>Auto-labelling is a great way of helping to educate staff on correct label usage, ensuring label accuracy and dealing with what I like to refer to as the ‘lazy staff factor’. The example that I typically give, bearing in mind that I have no data to back this up, is that via manual labelling we may achieve 70% label accuracy. When we supplement the approach up with targeted training and auto-labelling, we should be able to hit 90-100% label accuracy, which is great because we can then start capitalizing on this via the following features.</P> <P>&nbsp;</P> <P><STRONG><FONT size="5">Where is your sensitive information?</FONT></STRONG></P> <P>Such a simple question that will, and should, terrify a lot of people. I think that this is also something that is commonly overlooked as an advantage to labelling implementation. I’m sure most of us have worked in environments with data sprawled across a range of mapped drives, network shares, portable USB drives, personal email accounts and various cloud services.</P> <P>With data spread around like this, how can we be sure that we aren’t leaking information? Identifying the items that contain sensitive information across these locations is probably unrealistic due to the amount of effort required, is the best way to turn this around because once implemented we can ensure that all new information is labelled, we can monitor, warn or block the flow of sensitive information inside and outside of our organisation, helping to keep information in the intended location. We can even browse each of our services by a label to, for example, see where all ‘Restricted’ files are stored across SharePoint and Teams (Note also that there are ways to apply labels to legacy data locations, but we’ll save that one for another day).</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Content_Explorer.PNG" style="width: 915px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301708i5AFCA8811C34EE5D/image-size/large?v=v2&amp;px=999" role="button" title="Content_Explorer.PNG" alt="Content_Explorer.PNG" /></span></P> <P><FONT color="#000080"><STRONG>Business Case Point 2: Sensitivity Labelling will allow us to find all of our sensitive information.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Sensitivity Indicator</STRONG></FONT></P> <P>This is one of the most straightforward configurations available to labelling and yet so important. Once a label has been applied to an item, anyone viewing that item will instantly get a visual indication of its sensitivity. A watermark, header or footer can give readers a clear statement that an item is sensitive without them needing to read it in full. This could be as simple as a watermark or a big red ‘Confidential’ across the top of a page or email.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Staff_Only_Big.png" style="width: 602px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301709iF2E3E7EDE6627439/image-size/large?v=v2&amp;px=999" role="button" title="Staff_Only_Big.png" alt="Staff_Only_Big.png" /></span></P> <P>We need to be extremely careful when dealing with student information, but particularly with information of a personal nature such as student medical information. There may be situations where we need to pass these types of information on to a third party, for example, when we need to advise an external event organizer of a student’s medical condition. &nbsp;Marking these types of correspondence as ‘Confidential’ may remind the staff member to double-check the recipient’s address before sending the email and remind the recipient of their obligation to keep this information private.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 3: Sensitivity Labelling will provide information readers with a clear visual representation of the item’s sensitivity.</STRONG></FONT></P> <P>&nbsp;</P> <P><STRONG><FONT size="5">Monitor and Control the Flow of Sensitive Info</FONT></STRONG></P> <P>Let’s assume by this point that we’ve decided to implement labelling and are now applying a label to indicate the sensitivity of all new documents and emails. The next component that we might want to configure is Data Loss Prevention (DLP). With this tool, we’re able to implement policies to monitor the flow of sensitive information and apply rules to block or caution users when they try to send it to inappropriate audiences. Let’s think about the various situation where these capabilities might be useful:</P> <OL> <LI>A staff account is compromised by an external attacker who then exfiltrates all student information from the student management system.</LI> <LI>An internal discussion regarding a student’s welfare and possible issues in their home environment is accidentally sent to the parent.</LI> <LI>An executive staff member’s account is compromised via target phishing and used to ask administrative staff for bank account login details. Funds are then transferred out of the bank account.</LI> <LI>An office staff member who is not aware of organisational policy saves parent credit card details to a file where they may be later accessed. The file is in a shared location and is accessed by other users.</LI> </OL> <P>Sadly, a lot of these situations are quite common in Education and organisations are unaware that they can be prevented with some very simple configuration. In each of the above situations, DLP policies could be put in place to:</P> <UL> <LI>Warn users that the action may be against policy,</LI> <LI>Alert the user (which may be relevant for compromised accounts) and administrators that a policy violation has occurred, and</LI> <LI>Block the transmission, sharing or saving of sensitive information.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Student_Email_Blocked.PNG" style="width: 769px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301710i59FFEB848F3FE9EB/image-size/large?v=v2&amp;px=999" role="button" title="Student_Email_Blocked.PNG" alt="Student_Email_Blocked.PNG" /></span></P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 4: Sensitivity Labelling will help to prevent sensitive information from being passed to unauthorized users.</STRONG></FONT></P> <P>&nbsp;</P> <P><STRONG><FONT size="5">The High Cost of Data Breach</FONT> </STRONG></P> <P>Here in Australia, we have some fairly stringent laws which require us to advise a government body and those affected whenever we make a significant breach of privacy. These data breaches can come with fines, can be costly in terms of resources required to remediate them and can damage the reputation of our institutions. For private education organisations and universities, loss of reputation has the potential to impact enrollments. Universities are often in competition for research grants and a data breach may impact grant eligibility which could have a flow-on impact on the institution’s financial viability. Lastly, information breaches may come with a high legal cost as those that the information was about may choose to take legal action against the offending organisation. The data loss prevention methods that I mentioned in the previous section can do a lot to help protect organisations from significant data breaches.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 5: Sensitivity Labelling will help to protect reputation by reducing the likelihood of data breaches.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Containerisation</STRONG></FONT></P> <P>A relatively new capability that we can implement via labelling is the labelling of locations within our environment. The way this works is that we treat a Team or a SharePoint site as a ‘container’ and we assign a label to it which signifies the highest sensitivity of items that should exist within it. If an item with greater sensitivity than permitted for the container is moved there then we let the user know that the location is not safe and, if desired, kick off remediation activities.<BR />The most obvious example of how this can be useful in education is to help prevent sensitive ‘Staff Only’ data from being saved to student accessible locations. This could be academic information, student medical info, quiz answers, etc. It doesn’t really matter what it is, if it’s considered sensitive then students probably shouldn’t be accessing it. Containerisation is one of the best ways that we can keep these types of information out of student reach (Note, however, that at the time of writing, there is still some lack of support for this within class</P> <P>templated teams).</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Incompatible_Label.PNG" style="width: 697px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301711i251A0090829C564D/image-size/large?v=v2&amp;px=999" role="button" title="Incompatible_Label.PNG" alt="Incompatible_Label.PNG" /></span></P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 6: Sensitivity Labelling will help to keep sensitive information out of student reach.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Safe External Collaboration</STRONG></FONT></P> <P>There’s one more important use for containerisation which relates to guest access. Guest access is a way that we can allow external users, such as those from other organisations (or just anyone with an email address depending on the configuration), into our environment so that we can collaborate with them. We might, for example, have volunteers, parents, school committee members or other members of the public, that we want to give access to an internal service (e.g., a web portal), involve in school-based discussion, or work on files with. Via the more traditional approaches to collaboration, we might create full accounts for them, which will have a licensing cost and will probably result in them gaining more access than they really require (to internal directories for example). Alternatively, we may email them copies of documents which still slow down our collaboration, not to mention result in us potentially sending sensitive information outside of our environment rather than keeping it inside where access can be controlled.</P> <P>For universities or customers that have a separate Office 365 tenant per organisation, a common use of guest access is to enable project collaboration with another educational institution. When used in this way, users from both organisations can discuss and work on a single set of documents within a Team.</P> <P>Guest access is a great way to make all of the collaboration capabilities that Microsoft 365 offers to internal users also available in interactions with external users, but if the correct governance practices are not applied then it can introduce some risks. For example, a guest could be accidentally added to a Team that includes students, enabling guest to student interaction. It may be hard for us to maintain the duty of care in such a situation as a staff member may not always be available to screen channel discussion, so we probably need to look at locking guests out of student accessible Teams. This is another capability that labelling enables as we can apply policies to restrict guests from accessing Teams with certain labels (No support for class templated teams with this yet but it’s possible to work around via ‘AllowToAddGuests’ in PowerShell. Additional blog post on the way.).</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 7: Sensitivity Labelling will allow for guest collaboration to be enabled without compromising student safety.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Lock up the Guests</STRONG></FONT></P> <P>Regarding guest access to information stored in sensitive locations, there are two additional risks that we need to consider:</P> <OL> <LI>A case of mistaken identity might mean that a guest is added to a team that contains sensitive information.</LI> <LI>Sensitive files could accidentally be saved to a location where guests have been given access.</LI> </OL> <P>As covered under the previous point, with sensitivity labelling we are able to lock guests out of certain teams which will also help to protect our sensitive information from cases of mistaken identity. Additionally though, because we’re likely to restrict guest access to our most sensitive labels and labelled locations, when a high sensitivity file is saved to a low sensitivity, guest accessible location, we’ll warn users and potentially kicking off remediation activities. So, we’re helping to keep guest users out of sensitive files and locations.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 8: Sensitivity Labelling will allow us to keep guest users out of sensitive files and locations</STRONG><STRONG>.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Restrict Access to Files</STRONG></FONT></P> <P>The last category of capabilities that I want to mention is around access restriction. Most of the benefits and controls that I’ve mentioned to this point assume that your sensitive information is stored within your Office 365 environment. It’s much easier to have control of your information when it’s housed in a well-governed platform. But what about situations where:</P> <UL> <LI>We have very sensitive information that we need to ensure won’t be accessed by unauthorized users, regardless of their location.</LI> <LI>We need to make sure that only the intended recipient of an email can access it.</LI> <LI>We need to set up highly secure communication with a partner organisation that we need to share sensitive information with.</LI> </UL> <P>This is where encryption comes into play. The most straightforward use of encryption in sensitivity labelling is to apply it to all items that have a particular label. When we do this, only users which we’ve specified in our label configuration are able to access it. The perfect example of this would be a ‘Staff-only’ label which is only accessible to the staff group.</P> <P>If a document with this label applied was copied elsewhere or misplaced via a lost USB drive, then it wouldn’t matter as anyone attempting to open the file that isn’t on the list of approved users will not be given access. Encryption has typically come with some downsides, particularly with regard to collaboration as encrypting a file would prevent document co-editing, but there are some amazing new <A href="#" target="_blank" rel="noopener">preview capabilities</A> now available which eliminate these disadvantages and which will lead to this configuration being much more commonplace.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Encrypted_Doc.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301712i851569625FE0843A/image-size/large?v=v2&amp;px=999" role="button" title="Encrypted_Doc.png" alt="Encrypted_Doc.png" /></span></P> <P>Within education, label-based encryption might be useful for blocking access to the most sensitive of information. Data relating to child protection matters, HR or ongoing police investigation may be good candidates for this. Universities may want to consider applying encryption to highly confidential research data, intellectual property or other information assets that, if breached could result in financial loss.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 9: Sensitivity Labelling will allow us to lock unauthorized users out of highly sensitive information regardless of their location.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Secure Correspondence with Partner Organisations</STRONG></FONT></P> <P>We may have a need to send sensitive information to an external recipient. Email is generally considered a fairly unsafe platform. There’s the risk that mail may be intercepted along the way or forwarded to an unintended recipient. Mail encryption protocols are also opportunistic and if you’re sending to an organisation that doesn’t have a handle on their mail security then there’s risk that your sensitive email may be transmitted in plain text making it a lot easier to intercept.</P> <P>Via labelling, there are a few things that we can do to ensure that our sensitive correspondence can’t be intercepted or passed on to an undesired recipient. Via a service called Office Message Encryption (OME) we can implement a rule which would encrypt all emails with a particular label applied. If the email is destined for an organisation that is also running Office 365, then the encryption is seamless and the recipient will see the fully encrypted email as they would any other, with the addition of your sensitivity markings and other warning tooltips.</P> <P>For universities and larger education providers, we can use this to enable the secure transfer of sensitive information with our partners, which could be other school districts, universities or government authorities.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Restricted_Email.png" style="width: 613px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301713i8470739D50F2216A/image-size/large?v=v2&amp;px=999" role="button" title="Restricted_Email.png" alt="Restricted_Email.png" /></span></P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 10: Sensitivity Labelling will enable the secure transfer of sensitive information with partner organisations.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Secure Messaging to Parents and Students</STRONG></FONT></P> <P>Building on the previous topic, what if the recipient is using another mail platform or an anonymous email account, then the experience isn’t quite as seamless. How OME works in these situations is that Exchange Online will send the recipient a message with a link to a portal. When the recipient accesses the portal, it will require them to either verify their identity or, if it’s their first visit, set up Multi-Factor Authentication so that their identity can be better verified next time around. The recipient can then read and interact with the message from within the web portal.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OME.png" style="width: 749px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/301714i270B02AF5B61C2A3/image-size/large?v=v2&amp;px=999" role="button" title="OME.png" alt="OME.png" /></span></P> <P>There are many uses for this style of secure communication within education. A ‘Recipient Only’ label which applies message encryption could be added to all sensitive school to parent correspondence. This would keep the correspondence secure regardless of the security of the parent’s email account or home computer. For universities, this can be a great way to enable secure communication with new or potential students who might not yet have access to a university email account.</P> <P>&nbsp;</P> <P><FONT color="#000080"><STRONG>Business Case Point 11: Sensitivity Labelling will provide a method for the sending of secure correspondence to parents or students.</STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="5"><STRONG>Summary</STRONG></FONT></P> <P>There are a lot of benefits and a lot of different ways that sensitivity labelling can help secure the sensitive information of educational institutions. In this article, I’ve covered what I see as the key points and items that should be the focus of a business case. However, there are many other capabilities that will also be applicable; trainable classifiers, exact data match, purview, conditional access and endpoint DLP to name a few but we’ll need to save those for another time. &nbsp;</P> <P>&nbsp;</P> <P>In conclusion, implementing sensitivity labelling will:</P> <OL> <LI>Help to instil a culture of information protection.</LI> <LI>Allow us to find all of our sensitive information.</LI> <LI>Provide information readers with a clear visual representation of an item’s sensitivity.</LI> <LI>Help to prevent sensitive information from being passed to unauthorized users.</LI> <LI>Help to protect reputation by reducing the likelihood of data breaches.</LI> <LI>Help to keep sensitive information out of student reach.</LI> <LI>Allow for guest collaboration to be enabled without compromising student safety.</LI> <LI>Allow us to keep guest users out of sensitive files and data locations.</LI> <LI>Allow us to lock unauthorized users out of highly sensitive information regardless of its location.</LI> <LI>Enable the secure transfer of sensitive information with partner organisations.</LI> <LI>Provide a method for the sending of secure correspondence to parents or students.</LI> </OL> <P>&nbsp;</P> <P>If you’re interested in learning more about sensitivity labelling and other Microsoft Information Protection features, I recommend the following links:</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Learn about sensitivity labels - Microsoft 365 Compliance | Microsoft Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Learn about data loss prevention - Microsoft 365 Compliance | Microsoft Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Sensitivity labels for Microsoft Teams - Microsoft Teams | Microsoft Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Sensitivity labeling and protection in Outlook for iOS and Android | Microsoft Docs</A></LI> </UL> Wed, 11 Aug 2021 16:34:01 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/building-a-business-case-for-sensitivity-labelling-in-education/ba-p/2626461 Tim_Addison 2021-08-11T16:34:01Z How to Gain More from your Connection to an OT Network https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/how-to-gain-more-from-your-connection-to-an-ot-network/ba-p/2553097 <P><STRONG><EM>How to Gain More from your Connection to an OT Network</EM></STRONG></P> <P>One of the most productive and non-intrusive tools in the Cyber Security Engineer’s bag is passive Network Traffic Analysis (NTA).&nbsp; Providing network maps, inventory, and firmware information among other benefits provides insights that are not generally known any other way.&nbsp; Manual inventory collection methods are error-prone and expose this information to interception over corporate email networks, shared file folders, etc.&nbsp; But how do we implement this kind of system without causing any bumps in the road for real-time processes?&nbsp; What are the risks?&nbsp; Which methods are best?&nbsp; The best sensor does no good unconnected and is of little value connected in the wrong part of the network.&nbsp;</P> <P>&nbsp;</P> <P data-unlink="true">To discuss this, I will use a diagram that was developed for my last blog post&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/designing-a-robust-defense-for-operational-technology-using/ba-p/2281869" target="_blank" rel="noopener">Designing a Robust Defense for Operational Technology Using Azure Defender for IoT (microsoft.com)</A>.&nbsp; This diagram (below) shows an example OT network monitored by <A title="Microsoft Azure Defender for IoT" href="#" target="_blank" rel="noopener">Azure Defender for IoT</A>. Defender for IoT is an <U>agentless</U> <U>passive</U> Network Traffic Analysis tool with strong roots in Operational Technology, now expanding to IoT. Defender for IoT discovers OT/IoT devices, identifies vulnerabilities, and provides continuous OT/IoT-aware monitoring of network traffic.&nbsp; The recommended locations for Azure Defender for IoT&nbsp; (AD4IoT) are shown in <FONT color="#FF0000">red</FONT> color.&nbsp; Why have these locations been chosen?&nbsp; To explain this, we will break this network into pieces and address these issues for each type of traffic.</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kreiseng_0-1626363596800.jpeg" style="width: 933px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/296143i84256FFE88A0A320/image-dimensions/933x870?v=v2" width="933" height="870" role="button" title="kreiseng_0-1626363596800.jpeg" alt="kreiseng_0-1626363596800.jpeg" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Starting with the lower portion of this sketch, let’s look at traffic flows around the PLCs.&nbsp;</P> <P>&nbsp;</P> <DIV id="tinyMceEditorkreiseng_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditorkreiseng_6" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PLCs.jpg" style="width: 951px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/296147i52CC99CB50C38AAB/image-dimensions/951x820?v=v2" width="951" height="820" role="button" title="PLCs.jpg" alt="PLCs.jpg" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">1. The first arrow shows traffic between a PLC and its ethernet-connected Input/Output (I/O) modules.&nbsp; This traffic utilizes simplistic protocols and is very structured and periodic.&nbsp; It can be leveraged as a threat to the overall OT system and is more vulnerable when I/O is remote from the PLCs in unsecured areas.&nbsp; Malicious applications could perform inappropriate control actions and/or falsify data.&nbsp; Firmware problems in I/O modules often go unpatched unless some form of undesirable behavior is experienced. In certain families of PLCs or controllers, the Defender for IoT can provide data on firmware levels and types of I/O modules if this data is requested by an HMI or historian.&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">The mechanism to monitor this traffic is to span switches used in the I/O subsystem as shown here. &nbsp;If they are unmanaged switches, taps may be located at the connection to the PLC or controller.</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">2. The second arrow identifies traffic from Variable Frequency Drives or similar equipment often interfaced with the PLCs or Controllers.&nbsp; This communication may be Modbus, Rockwell Protocols, or CIP.&nbsp; Equipment could be damaged or destroyed by inappropriate commands sent to such devices.&nbsp; Good engineering practice would put bounds of reasonability around all potential setpoints, but this may not be the case.&nbsp; These protocols are well understood and in the public domain.&nbsp; A man-in-the-middle attack could affect this type of equipment.&nbsp; Monitoring these communications can identify inappropriate function calls, program or firmware changes, and parameter updates. As above, switch span or taps are the mechanisms to monitor this traffic.</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">3. Custom engineered systems may utilize well-known, open OT protocols such as Modbus, OPC, or others.&nbsp; This traffic should be monitored even if it is not fully understood as the behavior patterns should be very predictable.&nbsp; It is common for these systems to utilize unusual functions and atypical ranges for data.&nbsp; This is the result of a developer reading a protocol spec with no actual field experience with the protocol.&nbsp; Custom alerts can be configured and tuned based on the nature of the data.&nbsp; Since such systems are engineered to order for a specific purpose, the damage could have long-term implications on plant production.</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">4. Traffic crossing OT Access-level switches should always be monitored.&nbsp; This is the primary point at which PLCs or controllers communicate with HMIs, engineering stations, and sometimes historians.&nbsp; The problem here is that these switches carry the actual OT control traffic.&nbsp; Any action that could compromise this traffic affects the reliability of the OT system.&nbsp; Many switches at the I/O and access layers may be unmanaged devices.&nbsp; By unmanaged, I mean that they are not configurable and therefore cannot support a SPAN (or mirror) session.&nbsp;</P> <P class="lia-indent-padding-left-30px">&nbsp;</P> <P class="lia-indent-padding-left-30px">Unmanaged switches is not an insurmountable hurdle.&nbsp; Two possible paths may be followed from this point.&nbsp; The least intrusive is to install network taps.&nbsp; The security engineer should consult with the OT engineer on the most valuable locations for taps. &nbsp;Since a stand-alone tap monitors only one data stream, the most valuable assets (compromise targets) should be monitored. These would normally be at least the engineering station, historian and/or alarms server (if appropriate), and HMIs, particularly those with engineering tools installed.&nbsp; If it is necessary to monitor all traffic, a tap aggregator may be used.</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">Another approach would be to replace the unmanaged switches with managed switches.&nbsp; This may sound daunting but usually is not.&nbsp; Most managed switches are configured to “wake up” in a basic mode which approximates an unmanaged switch.&nbsp; So replacement, while requiring a system shutdown, can be accomplished rather quickly and have the system up and functioning again.&nbsp; Once this is done, the configuration can be added to provide basic security and copy traffic to a SPAN or mirror port.&nbsp; Make sure these configurations are saved as most switches make changes to operating memory which is not stored on power reset.&nbsp; It is generally recommended to discuss this change with your OT support personnel and/or OEM service engineers.&nbsp; They probably have some standard switch configurations that they apply when a customer requests managed switches.&nbsp; Additionally, they should be able to provide you with approximate bus speeds needed to support OT traffic with mirroring.</P> <P>&nbsp;</P> <P>What are the risks? In the case of switch SPAN (<STRONG>S</STRONG>witch<STRONG>P</STRONG>ort <STRONG>AN</STRONG>alyzer), or mirror sessions, the only concern of serious significance is the current traffic level on the switch.&nbsp; If a SPAN session is added to a heavily loaded switch, the SPAN may drop packets because the SPAN session is a lower priority than actual switching traffic. This could mean that some packets might slip through unmonitored.&nbsp; However, it does not affect the normal functioning of the switch for ICS traffic.&nbsp; Some switches, if they are greatly overloaded can revert to ‘flood mode’ in which they act as a network hub.&nbsp; This situation is extremely rare.&nbsp; If switch SPANning is chosen as a method, it is wise to monitor network traffic on the switch prior to adding the session.&nbsp; Assume that a full switch span will double the switch backbone traffic.&nbsp;</P> <P>&nbsp;</P> <P>If network taps are installed, the risks are insignificant.&nbsp; Passive taps should of course be chosen.&nbsp; Passive means that the tap continues to pass control traffic even if it loses power.&nbsp; Passive taps are simply inserted in-line with the existing traffic, see sketch below.&nbsp; Installation needs to be coordinated with OT engineers to limit the impact on operating processes.&nbsp;</P> <DIV id="tinyMceEditorkreiseng_2" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Network Tap.jpg" style="width: 772px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/296152iC9E5CA0E70BA28E7/image-size/large?v=v2&amp;px=999" role="button" title="Network Tap.jpg" alt="Network Tap.jpg" /></span></P> <P>&nbsp;</P> <P>Next, we will discuss special equipment including analysis devices and robotics.&nbsp; This portion of the overall diagram is shown below.&nbsp;&nbsp;</P> <DIV id="tinyMceEditorkreiseng_3" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Special_Equipment.jpg" style="width: 737px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/296153i4852D4B97DD3FD48/image-size/large?v=v2&amp;px=999" role="button" title="Special_Equipment.jpg" alt="Special_Equipment.jpg" /></span></P> <P>&nbsp;&nbsp;&nbsp;&nbsp;</P> <P>Network traffic to analyzers typically looks like normal PC traffic using common IT protocols.&nbsp; Most analyzers have some form of controller that is designed for a specific function.&nbsp; Sometimes the PC <U>is</U> the controller, utilizing specialized I/O boards included in the machine. Some analyzers or groups of analyzers may be managed by mini computers.&nbsp;&nbsp; In any case, from a network security perspective, these devices appear on the network as computers, not analyzers per se.&nbsp; Patching of these customized machines often lags behind the upgrade strategies used for standard IT equipment.&nbsp; Upgrades to analysis systems must be approved by, and often be implemented by the OEMs which may be expensive and involve downtime. Because of infrequent patching and/or OS upgrades, this equipment can become a security liability on a lab network. Ideally, lab equipment should be separated either physically onto separate networks or via VLANs, but such changes may require extensive planning and testing and still can be disruptive to ongoing lab processes.</P> <P>Most major medical laboratories utilize either a LIMS (Laboratory Information Management System) or a middleware server to collect analytics data from these devices and forward that data to a patient information database managed either locally or in the cloud (see sketch below).&nbsp; Hence, the traffic to/from the analyzer will be most easily recognized by the ultimate destination at the middleware or LIMS.&nbsp; Since these potentially vulnerable machines may process interactions with users on the lab network for input data or maintenance functions, they should be monitored more closely than fully patched IT machines.&nbsp; This presents a challenge to lab IT managers who may want to gain a handle on this type of OT equipment in their network but may not have good inventory information.&nbsp;</P> <P>Since medical testing facilities utilize normal switched networks, monitoring should be installed at an appropriate location to ‘see’ all the traffic from analyzers to the middleware or LIMS server.&nbsp; This could be either core or distribution level switches depending on the network design.&nbsp; Standard SPAN or mirror traffic can be used.</P> <P>&nbsp;</P> <P>Dual-homed machines present special security challenges since they could be converted to active routers by malware.&nbsp; It is common for expensive lab or analysis equipment to be leased.&nbsp; OEM terms and conditions specify how this equipment may be used and what service it requires to achieve contracted performance.&nbsp; This is often monitored via a ‘secure’ datalink to the manufacturer’s support site.&nbsp; These may or may not be bi-directional.&nbsp; These links are generally firewalled, either by the OEM, by the customer or by both.&nbsp; Bi-directional links are inherently a threat.&nbsp; Remote access to a computer on the lab network can put much more than that computer in jeopardy.&nbsp;</P> <DIV id="tinyMceEditorkreiseng_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="LIMS.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/296177i569791C908623D33/image-size/large?v=v2&amp;px=999" role="button" title="LIMS.jpg" alt="LIMS.jpg" /></span></P> <P>&nbsp;</P> <P>In robotic applications, the primary issue is the speed of response.&nbsp; The control systems are complex, utilizing high-level programming toolsets.&nbsp; The low-level communication may not utilize standard ethernet framing.&nbsp; Robot protocols vary widely and include Ethernet/IP, DeviceNet, Profibus-DP, Profinet, CC-Link, and EtherCat protocols.&nbsp; Physical media may be Cat5/6, but RG-6 coaxial, twisted pair, RS-485, and fiber are also used.&nbsp; Monitoring the low-level communication between controllers and robots requires careful coordination with the equipment designer and should not be attempted casually.&nbsp; Network monitoring should utilize taps. Switch SPAN, or mirroring is not recommended.&nbsp;</P> <P>&nbsp;</P> <P>As described above, most industrial robots are programmed using a computer workstation.&nbsp; Downloading and selection of programs may be manual or automated using standard network protocols. So, monitoring should focus on the programming workstations and the source of robot program selections.&nbsp; Robot program file downloads may be transferred from a central server.&nbsp; These could occur over SFTP, FTP, SMB, or other methods.&nbsp;</P> <P>&nbsp;</P> <P>Finally, we would like to address the OT interface to the business (Enterprise) network.&nbsp; This can be a gateway for potential threats to OT systems.&nbsp; Some vulnerabilities that may be unsuccessful in the IT network space may cause severe problems in the OT space because the machines may not be patched.&nbsp; Out of date and unsupported operating systems may be in use.&nbsp; As a result, traffic that enters from the Enterprise network and ultimately reaches the OT network should be monitored.&nbsp;</P> <P>&nbsp;</P> <P>Generally, good practice prevents any direct traversal of the DMZ.&nbsp; For instance, remote desktop sessions should be hosted by a RAS server in the DMZ which is then used to open a remote desktop session into an OT machine with different credentials. Elaborate credential systems with short password lives attempt to increase the challenge for attackers attempting to gain control.&nbsp; Well designed implementations keep all machines in the DMZ patched up-to-date which should limit the effect of known vulnerabilities.&nbsp;</P> <P>&nbsp;</P> <P>Zero day vulnerabilities will always be a threat prior to discovery.&nbsp; So, monitoring sessions entering the DMZ from the Enterprise and those leaving the DMZ for the OT network are an important part of a security design.&nbsp; Similarly, monitoring traffic from the OT network to a Historian server and Enterprise connections to that same server could uncover issues.&nbsp; Since these sessions are often encrypted, efforts should focus on the legitimacy of the Enterprise hosts, times of access, data rates, and other indicators to validate these externally generated sessions.</P> <P>&nbsp;</P> <P>The DMZ is also used as a connection point for a variety of other facility systems such as IP phones; perimeter security systems; weather stations; contracted supply systems like water purification, compressed air supply and the like; wireless devices; etc.&nbsp; In most cases, these various systems are assigned separate VLANs and subnets.&nbsp; By monitoring all the VLANS in this zone, suspicious traffic can be identified and managed.&nbsp; Traffic originating from any of these devices to the ICS network should not normally exist.&nbsp;</P> <P>&nbsp;</P> <P>Subnet-to-subnet traffic could be cause for concern.&nbsp; This is another area where Defender for IoT can help.&nbsp; By mapping the assets, assigning them to VLANs, subnets, and user assigned subsystems, communication between the various device groups can be easily seen greatly aiding efforts to perform or monitor network segregation.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>The visual network map produced by Defender for IoT in conjunction with the filtering capabilities on the map make it easy to identify interconnections between various plant control systems. Having a powerful visual of group-to-group communication makes the effort of segmentation much easier.&nbsp; This process is a long and tedious one using arp tables on switches.&nbsp; Also, if this effort is underway, the map will show areas that may have been overlooked.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="TRITON asset map 1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/300254i8F81C97C5318FB48/image-size/large?v=v2&amp;px=999" role="button" title="TRITON asset map 1.png" alt="TRITON asset map 1.png" /></span></P> <P>&nbsp;</P> <P><U>Conclusions:</U></P> <P>&nbsp;</P> <P>Well-engineered connections to ICS networks can yield valuable results, including accurate inventories, network maps, and improved security with no risk to the reliability of the underlying OT systems.&nbsp; This information can be combined, in <A title="Azure Sentinel" href="#" target="_blank" rel="noopener">Azure Sentinel</A>&nbsp;or other SIEM/SOAR solutions, with agent-based Defender for endpoint data to produce a complete picture of OT networks.&nbsp; Custom-designed playbooks can assist your analysts in responding to OT or IoT issues.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Teamwork between OT engineers and IT security personnel can yield benefits for both groups while presenting a more challenging landscape to potential intruders.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 03 Aug 2021 18:08:47 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/how-to-gain-more-from-your-connection-to-an-ot-network/ba-p/2553097 kreiseng 2021-08-03T18:08:47Z Protect your Slack environment using Microsoft Cloud App Security https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/protect-your-slack-environment-using-microsoft-cloud-app/ba-p/2595474 <H1>Protect Slack using Microsoft Cloud App Security&nbsp;</H1> <P>&nbsp;</P> <P>Following popular demand, we are happy to publish our Slack app connector for Microsoft Cloud App Security!</P> <P>Slack is a widely used communication and collaboration app, and like other applications, it can host critical data, and be compromised by malicious users.</P> <H2>Why connect Slack?</H2> <P>As one of the means of communication and data exchange within the company, Slack is prone to be a target for malicious actors. Slack could be used to access corporate data, to impersonate users, conduct phishing attacks, etc.</P> <P>Therefore MCAS can be used to protect Slack in the following ways:</P> <P>&nbsp;</P> <TABLE style="width: 90%;" width="90%"> <TBODY> <TR> <TD width="160px"> <P><STRONG>Benefit</STRONG></P> </TD> <TD width="318.667px"> <P><STRONG>Description</STRONG></P> </TD> <TD width="262.667px"> <P><STRONG>Policy or template</STRONG></P> </TD> </TR> <TR> <TD width="160px"> <P><STRONG>Compromised account or insider threat</STRONG></P> </TD> <TD width="318.667px"> <P>The built-in Threat Detection policies in Microsoft Cloud app Security will apply to Slack as soon as you have connected it. No additional configuration is necessary: by simply connecting you will start seeing new alerts when applicable.</P> <P>&nbsp;</P> </TD> <TD width="262.667px"> <P><A href="#" target="_blank" rel="noopener">Activity from anonymous IP addresses</A></P> <P><A href="#" target="_blank" rel="noopener">Activity from infrequent country</A></P> <P><A href="#" target="_blank" rel="noopener">Activity from suspicious IP addresses</A></P> <P><A href="#" target="_blank" rel="noopener">Impossible travel</A></P> <P><A href="#" target="_blank" rel="noopener">Activity performed by terminated user</A>&nbsp;(requires Azure Active Directory as IdP)</P> <P><A href="#" target="_blank" rel="noopener">Multiple failed login attempts</A></P> <P><A href="#" target="_blank" rel="noopener">Unusual administrative activities</A></P> <P><A href="#" target="_blank" rel="noopener">Unusual impersonated activities</A></P> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="160px"> <P><STRONG>Prevent Data Leakage</STRONG></P> </TD> <TD width="318.667px"> <P>Custom policies can be used to be alerted when users perform activities that may cause data leakage, such as creating shared links, adding new users to channels, files being downloaded by anonymous users, etc.</P> </TD> <TD width="262.667px"> <P>Custom Policies:</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Public Share link created</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Download by Anonymous user</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; User(s) added to Channels</P> </TD> </TR> <TR> <TD width="160px"> <P><STRONG>SaaS Security Posture Management (SSPM)</STRONG></P> </TD> <TD width="318.667px"> <P>Custom policies allow you to detect when critical security settings are being modified, such as allowing public share links to be created</P> </TD> <TD width="262.667px"> <P>Custom Policies:</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Public Share sharing setting changed</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Users allowed to manage a Channel are changed</P> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="160px"> <P><STRONG>Admin Role management</STRONG></P> </TD> <TD width="318.667px"> <P>MCAS can detect when new users are granted administrative rights to Slack. This can be used to detect malicious attempts by attackers to become Owner of the environment</P> </TD> <TD width="262.667px"> <P>Custom Policies:</P> <P>·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Role change to Owner</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H2>How to connect Slack?</H2> <P>First things first, you need to connect Slack to MCAS.</P> <P>Review the video below for detailed steps on how to connect Slack to MCAS.</P> <P>The connection process is fairly simple and takes less than 2 minutes.</P> <P>&nbsp;</P> <P>Should you prefer reading about it, check out our <A href="#" target="_blank" rel="noopener">official documentation</A></P> <P><STRONG><U>NOTEs: </U></STRONG></P> <UL> <UL> <LI>Your Slack tenant must have an Enterprise Grid or Enterprise Select license. Cloud App Security doesn't support non-enterprise licenses.</LI> <LI>For the slack connector to function properly, the Discovery APIs need to be enabled on Slack. For that, you will need to contact Slack customer service.</LI> </UL> </UL> <P>&nbsp;</P> <P><LI-VIDEO vid="https://www.youtube.com/watch?v=xcaYYTrI8m4&amp;t=6s" align="center" size="medium" width="400" height="225" uploading="false" thumbnail="https://i.ytimg.com/vi/xcaYYTrI8m4/hqdefault.jpg" external="url"></LI-VIDEO> &nbsp;</P> <P>&nbsp;</P> <H2>Threat detection</H2> <P>&nbsp;</P> <P>As soon as you connect MCAS and Slack, the built-in policies below will start applying and will trigger should any of these risky events occur:</P> <P>&nbsp;</P> <TABLE style="width: 90%;"> <TBODY> <TR> <TD width="163"> <P><STRONG>Policy name</STRONG></P> </TD> <TD width="565"> <P><STRONG>Description</STRONG></P> </TD> </TR> <TR> <TD width="163"> <P>Activity from anonymous IP addresses</P> </TD> <TD width="566"> <P>This policy profiles your environment and triggers alerts when it identifies activity from an IP address that has been identified as an anonymous proxy IP address. These proxies are used by people who want to hide their device’s IP address and may be used for malicious intent.</P> </TD> </TR> <TR> <TD width="164"> <P>Activity from infrequent country</P> </TD> <TD width="564"> <P>This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or never visited by the user or by any user in the organization. Detecting anomalous locations necessitates an initial learning period of 7 days, during which it does not alert on any new locations.</P> </TD> </TR> <TR> <TD width="163"> <P>Activity from suspicious IP addresses</P> </TD> <TD width="565"> <P>This policy profiles your environment and triggers alerts when activity is detected from an IP address that has been identified as risky by Microsoft Threat Intelligence. These IP are involved in malicious activities, such as botnets C&amp;C, and may indicate a compromised account.</P> </TD> </TR> <TR> <TD width="163"> <P>Impossible travel</P> </TD> <TD width="571"> <P>This policy profiles your environment and triggers alerts when activities are detected from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This could indicate that a different user is using the same credentials. Detecting this anomalous behavior necessitates an initial learning period of 7 days during which it learns a new user’s activity pattern.</P> </TD> </TR> <TR> <TD width="163"> <P>Activity performed by terminated user&nbsp;(requires Azure Active Directory as IdP)</P> </TD> <TD width="568"> <P>This policy profiles your environment and alerts when a terminated user performs an activity in a sanctioned corporate application. This may indicate malicious activity by a terminated employee who still has access to corporate resources.</P> </TD> </TR> <TR> <TD width="163"> <P>Multiple failed login attempts</P> </TD> <TD width="565"> <P>This policy profiles your environment and triggers alerts when users perform multiple failed login activities in a single session with respect to the baseline learned, which could indicate an attempted breach.</P> </TD> </TR> <TR> <TD width="163"> <P>Unusual administrative activities</P> </TD> <TD width="565"> <P>This policy profiles your environment and triggers alerts when users perform multiple administrative activities in a single session with respect to the baseline learned, which could indicate an attempted breach.</P> </TD> </TR> <TR> <TD width="163"> <P>Unusual impersonated activities</P> </TD> <TD width="565"> <P>This policy profiles your environment and triggers alerts when users perform multiple impersonated activities in a single session with respect to the baseline learned, which could indicate an attempted breach.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <H2>Best practices and recommended custom policies</H2> <P>As you know, the sky is the limit when it comes to configuring custom policies in MCAS.</P> <P>We know this can make it challenging to identify standard policies that can help most customers. Therefore, below you will find the top 3 use cases that we recommend most customers set up in the area of data exfiltration.</P> <P>&nbsp;</P> <P>Through that, you will also learn more about the type of activities that MCAS can gather within Slack, and you will be empowered to create your own policies, for your own business needs.</P> <P>&nbsp;</P> <P>First, you can see a quick demo of all these scenarios in the video here:</P> <P>&nbsp;</P> <P><LI-VIDEO vid="https://www.youtube.com/watch?v=FNWhPLsxAo8" align="center" size="medium" width="400" height="225" uploading="false" thumbnail="https://i.ytimg.com/vi/FNWhPLsxAo8/hqdefault.jpg" external="url"></LI-VIDEO></P> <P>&nbsp;</P> <P>Now a quick written summary of what you just saw.</P> <P>&nbsp;</P> <TABLE style="width: 90%;" width="90%"> <TBODY> <TR> <TD width="29.10958904109589%"> <P><STRONG>Scenario</STRONG></P> </TD> <TD width="42.922374429223744%"> <P>Description</P> </TD> <TD width="27.85388127853881%"> <P>Activity policy filters</P> </TD> </TR> <TR> <TD width="29.10958904109589%"> <P><STRONG>Creation of external share link</STRONG></P> </TD> <TD width="42.922374429223744%"> <P>Slack allows creating external share links that provide unauthenticated external access to a specific file. This can lead to data leakage or exfiltration, and MCAS can help to gain visibility to these events.</P> </TD> <TD width="27.85388127853881%"> <P>"App" Equals "Slack"</P> <P>&nbsp;</P> <P>"Activity type" Equals "File Public Link Created"</P> <P>&nbsp;</P> <P>Filter Capture:</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YoannMallet_0-1627589975516.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/299258i2833C0DE77B9C873/image-size/medium?v=v2&amp;px=400" role="button" title="YoannMallet_0-1627589975516.png" alt="YoannMallet_0-1627589975516.png" /></span> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="29.10958904109589%"> <P><STRONG>Download from an anonymous user</STRONG></P> </TD> <TD width="42.922374429223744%"> <P>When a public link is created, we may also want to know if the files have actually been downloaded by an anonymous user. For this, we can actually filter the download activities in Slack to the reserved username "USLACKUSER". This will return all anonymous downloads.</P> </TD> <TD width="27.85388127853881%"> <P>"App" Equals "Slack"</P> <P>&nbsp;</P> <P>"user name" Equals "USLACKUSER"</P> <P>&nbsp;</P> <P>Filter Capture:&nbsp;</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YoannMallet_1-1627589975530.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/299259i01B86EA3D451FFC0/image-size/medium?v=v2&amp;px=400" role="button" title="YoannMallet_1-1627589975530.png" alt="YoannMallet_1-1627589975530.png" /></span> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="29.10958904109589%"> <P><STRONG>Configuration change: Allow public sharing, public posts, etc</STRONG></P> </TD> <TD width="42.922374429223744%"> <P>In order to fully remove the risk of users creating share links of critical corporate data, Slack allows disabling that feature altogether. When doing that it is important to ensure that no admin will revert that change back. Here MCAS can see when some configuration settings are being changed, such as Allowing public links, or allowing public posts. It is then possible to create a policy to detect these activities and notify the MCAS administrator.</P> <P>This kind of policy detects high risk behavior and we recommend configuring it with a high severity.</P> </TD> <TD width="27.85388127853881%"> <P>"App" Equals "Slack"</P> <P>&nbsp;</P> <P>"Activity type" Equals "Preference - Disallow public file Urls"</P> <P>&nbsp;</P> <P>Filter Capture:</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YoannMallet_2-1627589975538.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/299260iBD458FA4851DDE4C/image-size/medium?v=v2&amp;px=400" role="button" title="YoannMallet_2-1627589975538.png" alt="YoannMallet_2-1627589975538.png" /></span> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="29.10958904109589%"> <P><STRONG>Permission monitoring</STRONG></P> </TD> <TD width="42.922374429223744%"> <P>One of the critical aspects of maintaining a high level of security in a cloud app is to ensure that we can detect when administrative roles are changed. One activity that MCAS can detect is when a user's role is changed to "Owner". Detecting this can be critical to maintain a proper security posture.</P> </TD> <TD width="27.85388127853881%"> <P>"App" Equals "Slack"</P> <P>&nbsp;</P> <P>"Activity type" Equals "Role Change to Owner"</P> <P>&nbsp;</P> <P>Filter Capture:</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YoannMallet_3-1627589975543.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/299261iD103F71A770C430C/image-size/medium?v=v2&amp;px=400" role="button" title="YoannMallet_3-1627589975543.png" alt="YoannMallet_3-1627589975543.png" /></span> <P>&nbsp;</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H2>Real time control</H2> <P>The policies and controls we have discussed above are all relying on&nbsp;Slack’s APIs to query activities. While this allows monitoring activities very specific to&nbsp;Slack, it is an out of band connection (cloud to cloud, users are never aware of this connection) and as such, data is received by MCAS in Near Real Time.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>For use-cases where real time controls are required, we can leverage another component of MCAS: Conditional Access App Control.&nbsp;</P> <P>This feature allows MCAS to act as a reverse proxy in the cloud, and allows for a real time control of several activities, for&nbsp;Slack&nbsp;or any other Cloud App:&nbsp;</P> <UL> <UL> <LI>Control file downloads&nbsp;</LI> <LI>Control file Uploads (including malware detection)&nbsp;</LI> <LI>Control or prevent Cut/Copy/Paste/Print&nbsp;</LI> <LI>Control over messages sent (select apps only)</LI> </UL> </UL> <P>&nbsp;</P> <P>Some of the most common scenarios used with Conditional access app Control with&nbsp;Slack&nbsp;are:&nbsp;</P> <UL> <UL> <LI>Block download of&nbsp;sensitive data&nbsp;to unmanaged devices&nbsp;</LI> <LI>Prevent upload of malware.&nbsp;</LI> <LI>Prevent copying&nbsp;or printing&nbsp;data from an unmanaged device.&nbsp;</LI> <LI>Prevent messages containing sensitive content from being sent&nbsp;</LI> </UL> </UL> <P>&nbsp;</P> <P>More info on how to use Conditional Access App control is available here:&nbsp;</P> <UL> <UL> <LI><A href="#" target="_blank" rel="noopener">Protect apps with Microsoft Cloud App Security Conditional Access App Control</A>&nbsp;</LI> <LI><A href="#" target="_blank" rel="noopener">Deploy Conditional Access App Control for featured apps</A>&nbsp;(including&nbsp;Slack)&nbsp;</LI> <LI>Configure&nbsp;<A href="#" target="_blank" rel="noopener">Session policies</A>&nbsp;</LI> </UL> </UL> <P>&nbsp;</P> <P>You can also learn about how to deploy Conditional Access App Control in the videos here:&nbsp;</P> <P>&nbsp;</P> <P><A href="#" target="_self">Configuring real-time monitoring and Control with Microsoft Cloud App Security</A>&nbsp;</P> <P>&nbsp;</P> <P><A href="#" target="_self">Configuring a policy to block uploads in real-time with Microsoft Cloud App Security</A>&nbsp;</P> <P>&nbsp;&nbsp;</P> <H2>Share your thoughts!&nbsp;</H2> <P>We hope this will help you get the best value out of MCAS and secure your environment.&nbsp;</P> <P>Have you found a scenario that we haven't covered here? Please share with our community and let us know in the comments below.&nbsp;</P> <P>&nbsp;</P> Mon, 02 Aug 2021 16:52:18 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/protect-your-slack-environment-using-microsoft-cloud-app/ba-p/2595474 Yoann Mallet 2021-08-02T16:52:18Z General Availability of Auto-Labeling Using Trainable Classifiers in Office Apps for Windows and Web https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/general-availability-of-auto-labeling-using-trainable/ba-p/2593078 <P>I’m pleased to announce the General Availability of automatic sensitivity labeling in Office apps using trainable classifiers. Now, within&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 Compliance Center</A>&nbsp;you will be able to create sensitivity labels and corresponding automatic or recommended labeling policies in Office apps using built-in classifiers and your own custom trainable classifiers as well. With this capability, customers can quickly classify more of their ever-increasing data and protect sensitive content</P> <P>&nbsp;</P> <P>The five built-in classifiers available are:</P> <UL> <LI><U>Resume</U>: detects written accounts of an applicant's personal, educational, and professional qualifications and experience</LI> <LI><U>Source code</U>: detects a set of instructions and statements written in the top 25 computer programming languages of GitHub</LI> <LI><U>Threat</U>:&nbsp;detects a specific category of offensive language&nbsp;related to&nbsp;threats to commit violence or do physical harm/damage to a person/property.</LI> <LI><U>Harassment</U>:&nbsp;detects&nbsp;a&nbsp;specific category of offensive language related to&nbsp;offensive conduct targeting one or multiple individuals regarding race, color, religion, national origin, gender, sexual orientation, age, disability, and genetic information.</LI> <LI><U>Profanity</U>:&nbsp;detects&nbsp;a&nbsp;specific category of offensive language that&nbsp;contains swear words&nbsp;or vulgar language.</LI> </UL> <P>The Office apps which will support automatic sensitivity labeling using the above classifiers include the following:</P> <OL> <LI>Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus) for Windows, Current Channel in version 2009 and later:</LI> <OL> <LI>Word</LI> <LI>Excel</LI> <LI>PowerPoint</LI> <LI>Outlook</LI> </OL> <LI>Office Online Apps (Opt-in to&nbsp;<A href="#" target="_blank" rel="noopener">enable sensitivity labels</A>&nbsp;required)</LI> <OL> <LI>Word Online&nbsp;</LI> <LI>Excel Online&nbsp;</LI> <LI>PowerPoint Online&nbsp;</LI> <LI>Outlook Web&nbsp;</LI> </OL> </OL> <P>The subscription and license requirements for this feature are similar to what is needed to enable automatic sensitivity labels in Office apps. You need one of&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 E5</A>,&nbsp;<A href="#" target="_blank" rel="noopener">Office 365 E5</A>,&nbsp;or&nbsp;<A href="#" target="_blank" rel="noopener">Azure Information Protection Premium P2</A>.&nbsp;For more details, see&nbsp;<A href="#" target="_blank" rel="noopener">subscription and licensing requirements for sensitivity labels</A></P> <P>&nbsp;</P> <P>For more details on this feature please visit our <A href="#" target="_blank" rel="noopener">documentation</A>.</P> Wed, 28 Jul 2021 16:24:03 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/general-availability-of-auto-labeling-using-trainable/ba-p/2593078 EdwinChan 2021-07-28T16:24:03Z Microsoft Defender for Identity's settings now in Microsoft 365 Defender in Public Preview https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-s-settings-now-in-microsoft-365/ba-p/2493802 <P>Today, we're happy to announce that the next stage of the convergence of Microsoft Defender for Identity into Microsoft 365 Defender has entered Public Preview.</P> <P>&nbsp;</P> <P>This most recent update sees that all the configuration options and administration capabilities available in the Defender for Identity portal (under Configuration) are now available in the settings area of Microsoft 365 Defender. There is one exception to this statement - exclusion settings. We're currently making these available as part of Private Preview and will announce their release to Public Preview soon.&nbsp;</P> <P>&nbsp;</P> <P>Let's take a brief walkthrough of the features being made available. Note, some of the information on the screenshots below have been intentionally blanked out, such as domain names, UPNs, and email addresses:</P> <P>&nbsp;</P> <P>Before we dive into the details around the administration and configuration settings, one new feature we've made available for new customers coming to Defender for Identity is the automated creation of the workspace. This means that new customers won't have to go through an initial setup wizard anymore to create the Defender for Identity instance in their tenant - when they log on for the first time, with the appropriate permissions, the instance will be created automatically.&nbsp;</P> <P>&nbsp;</P> <P>First up, you’ll need to make sure that your account has Defender for Identity permissions, click <A href="#" target="_blank" rel="noopener">here</A> for more information about what permissions are available. You’ll need these permissions to see the settings we’re covering today. The settings being discussed in this blog can be accessed by navigating to <A href="https://gorovian.000webhostapp.com/?exam=security.microsoft.com" target="_blank" rel="noopener">security.microsoft.com</A>, then clicking on Settings on the left menu, then by clicking on Identities on the main pane on the right:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298633iDC15CCF4FCC2663F/image-size/large?v=v2&amp;px=999" role="button" title="Settings 1.png" alt="Settings 1.png" /></span></P> <P>&nbsp;</P> <P>This will take you to the sensor page where you can monitor the state of each individual sensor, as well as being able to filter the list of sensors based on several attributes:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 2.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298634i3B91786709D9D738/image-size/large?v=v2&amp;px=999" role="button" title="Settings 2.png" alt="Settings 2.png" /></span></P> <P>&nbsp;</P> <P>Clicking on any individual sensor will open the sensor pane which will show the details of any chosen sensor, as well as any health issues – currently open, previously closed, or even suppressed:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 3.png" style="width: 625px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298635iBE6CFCE0C69C2FA2/image-size/large?v=v2&amp;px=999" role="button" title="Settings 3.png" alt="Settings 3.png" /></span></P> <P>&nbsp;</P> <P>Back on the sensor screen, if want to see health issues affecting your entire workspace, click on “Global health issues” on the main sensor screen near the top right. This will bring the global health issues pane, again showing open, closed, and suppressed issues:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 4.png" style="width: 634px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298637i2C1976AB5308DD0E/image-size/large?v=v2&amp;px=999" role="button" title="Settings 4.png" alt="Settings 4.png" /></span></P> <P>The other areas available in the “General” section of the settings are the directory services accounts configuration, where you can configure the read-only account used to connect to your on-premises Active Directory and the VPN integration configuration - used to ingest RADIUS information into Defender for Identity:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 5.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298638i93E34214ACFF7AA5/image-size/large?v=v2&amp;px=999" role="button" title="Settings 5.png" alt="Settings 5.png" /></span></P> <P>&nbsp;</P> <P>Moving on to entity tags, you’ll notice it is now split into three smaller sub-sections – <STRONG>Sensitive</STRONG>, <STRONG>Honeytoken</STRONG> and <STRONG>Exchange Server</STRONG>.</P> <P>The sensitive tag can now be assigned to users, computers, and groups. Based on customer’s feedback, we also added additional information at-a-glance on these entities, including which domain they’re part of and their UPNs:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 6.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298640i962A80455A6BCEE6/image-size/large?v=v2&amp;px=999" role="button" title="Settings 6.png" alt="Settings 6.png" /></span></P> <P>&nbsp;</P> <P>One additional change here is that Exchange servers can now be tagged in a dedicated section:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings 7.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/298641iBCAD8B920A5E57A5/image-size/large?v=v2&amp;px=999" role="button" title="Settings 7.png" alt="Settings 7.png" /></span></P> <P>Finally, we have the notification section of the settings page. This provides users with dedicated screens to add recipients for health issue notifications, alert notifications, and syslog notifications.</P> <P>&nbsp;</P> <P>In summary, most Microsoft Defender for Identity settings, including an automated onboarding of workspaces are now part of the M365 Defender portal, give it a spin and let us know what you think.</P> <P>&nbsp;</P> <P>All documentation related to these settings can be found <A href="#" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P>One final note, these settings are now available as part of Public Preview. until these features are made generally available If you encounter any issues with Microsoft Defender for Identity and need to raise a support ticket, please utilize the classic Defender for Identity portal experience.</P> <P>&nbsp;</P> <P>Keep up to date on all the convergence efforts over at <A href="#" target="_blank" rel="noopener">aka.ms/mdiportalconverge</A></P> Tue, 27 Jul 2021 16:12:16 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-s-settings-now-in-microsoft-365/ba-p/2493802 Ricky Simpson 2021-07-27T16:12:16Z Compliance Ecosystem Expands with New Connectors and Partners https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/compliance-ecosystem-expands-with-new-connectors-and-partners/ba-p/2549375 <P>To continue to enable our customers to apply Microsoft Compliance solutions to their entire data landscape including non-Microsoft systems we are constantly expanding our Compliance ecosystem. Data connectors are built-in to our Compliance platform and enable high-fidelity data ingestion. Once data is ingested it is available for multiple compliance scenarios including Litigation hold, eDiscovery, Retention settings, Records management, Communication compliance as well as Insider risk management.</P> <P>&nbsp;</P> <P><STRONG>Data connectors growth</STRONG></P> <P>Today we are excited to announce the addition of two new partners 17a-4 and Cell Trust. These two new partners are bringing a wealth of new connectors and categories of non-Microsoft data sources. Overall this has helped further expand our connector catalog from <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-compliance-joins-the-microsoft-intelligent-security/ba-p/2160904" target="_blank" rel="noopener">39 connectors - as announced earlier this year</A> - to a total of <A href="#" target="_blank" rel="noopener">65 connectors available in our connector gallery.</A></P> <P>&nbsp;</P> <P><STRONG>17a-4 connectors</STRONG></P> <P>17a-4 LLC focuses on assisting clients with SEC and FINRA compliance requirements and the associated rules that govern Business Communications, Electronic Messaging, and Books and Records.</P> <P>&nbsp;</P> <P>“DataParser’s integration with Microsoft Compliance solutions further enhances 17a-4’s partnership with Microsoft,” said Charles Weeden, Managing Partner 17a-4, LLC. “With DataParser connectors, clients can bring users’ Fuze, Blackberry, LivePerson’s Conversational Cloud, InvestEdge, FactSet, Salesforce Quip, Zoom, Slack, Webex, Bloomberg etc. data into Microsoft 365 to benefit from various compliance solutions including Litigation hold, eDiscovery, Retention, Records Management and Communication Compliance.”</P> <P>&nbsp;</P> <P><STRONG>CellTrust connectors</STRONG></P> <P>CellTrust provides compliant and secure mobile communications for regulated industries. CellTrust SL2™ is a communication platform for voice, text / SMS, and chat.</P> <P>&nbsp;</P> <P>“CellTrust is thrilled our flagship SL2™ is now available for use with Microsoft Compliance solutions,” said Sean Moshir, CEO and Chairman. “SL2 keeps personal and business mobile communications separate on a single device, provides a dedicated Mobile Business Number™, and simultaneously captures business data for various compliance solutions including Litigation hold, eDiscovery, Retention, Records Management, and Communication Compliance - while enhancing mobile collaboration and driving productivity within a secure environment.”</P> <P>&nbsp;</P> <P><STRONG>Data connectors in GCC</STRONG></P> <P>We have heard from our customers that governing data is critical to adhere to compliance regulations. In a world where government employees work and provide public services remotely, information is stored across numerous devices in multiple disparate locations from on-premises to the cloud. This situation makes it challenging to secure and govern data and to comply with regulations. Today we are excited to announce the general availability of the following data connectors – from our partner TeleMessage - for the Government Community Cloud (GCC). This will provide government organizations with significantly greater depth in governing critical data.</P> <P>&nbsp;</P> <P>&nbsp;</P> <UL> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; AT&amp;T SMS/MMS</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bell SMS/MMS</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enterprise Number Archiver</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; O2 Telefónica</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Telus Text</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Verizon SMS/MMS</LI> <LI>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Android Archiver</LI> </UL> <P>&nbsp;</P> <P>More details on all the available external data sources along with supported solutions are available <A href="#" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P><STRONG>Get started today</STRONG></P> <P>&nbsp;</P> <P>Try out <A href="#" target="_blank" rel="noopener">connectors</A> and sign up for a <A href="#" target="_blank" rel="noopener">trial</A> of Microsoft 365 E5. Eligible customers can simply visit <A href="#" target="_blank" rel="noopener">Microsoft 365 compliance center</A> to get started.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Hammad Rajjoub</P> <P>Director, Product Marketing Manager - Microsoft Compliance</P> <P>&nbsp;</P> <P>Rohit Gupta</P> <P>Senior Program Manager, Microsoft Security and Compliance Engineering</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 15 Jul 2021 22:10:08 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/compliance-ecosystem-expands-with-new-connectors-and-partners/ba-p/2549375 HammadRajjoub 2021-07-15T22:10:08Z Announcing Universal Assessment Templates in Microsoft Compliance Manager https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-universal-assessment-templates-in-microsoft/ba-p/2540498 <P>The rapid shift to digital work and an increase in the volume of digital data has resulted in the introduction of&nbsp;new regulations and standards around data protection and governance.&nbsp; A recent study shows that there was an average of 257 daily regulatory alerts across 190 countries in 2020, and keeping up with regulatory changes continues to be the top compliance challenge<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[1]</SPAN></A>. For most organizations, navigating this ever-evolving compliance landscape is daunting and time-consuming. &nbsp;</P> <P>&nbsp;</P> <P>To help organizations simplify compliance and reduce risk, we built Microsoft Compliance Manager, <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/announcing-general-availability-of-microsoft-compliance-manager/ba-p/1679846" target="_blank" rel="noopener">generally available since September 2020</A>. Compliance Manager translates&nbsp;complex regulatory requirements into specific recommended actions and makes them available through premium assessment templates, covering over 300 regulations and standards.</P> <P>&nbsp;</P> <P>Today, we are excited to announce <STRONG>universal assessment templates in Compliance Manager to help customers assess compliance for their non-Microsoft 365 workloads</STRONG>. These templates will be available within Compliance Manager in the coming weeks.</P> <P>&nbsp;</P> <P>Compliance Manager currently provides a comprehensive set of 300+ assessment templates. We are enabling these templates to support a broad set of products or services that customers use, helping them track, manage, and demonstrate compliance across their multi-cloud environment. This capability will allow customers to track their compliance for their multi-cloud deployment from Compliance Manager, removing the need to monitor and consolidate compliance results from multiple tools assessing different products or services. Customers can use these 300+ universal regulatory templates to create multiple assessment instances and map them to different products such as Salesforce or SAP within their environment. Additionally, we are simplifying the experience of adjusting compliance assessments to a customer's specific regulatory requirements, providing visibility into the customer's compliance-by-product. Universal templates will be available alongside Microsoft 365 specific <A href="#" target="_blank" rel="noopener">included or premium templates</A> for no additional charge. Read <A href="#" target="_self">this</A>&nbsp;document for details.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture1.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295244iF86AFAF625EA839C/image-size/large?v=v2&amp;px=999" role="button" title="Picture1.gif" alt="Picture1.gif" /></span></P> <P class="lia-align-center">&nbsp;<EM>Figure 1: setting up universal assessments in Compliance Manager</EM></P> <P>&nbsp;</P> <P>In addition to universal assessment templates, we wanted to share some recent and upcoming changes aimed at improving customer experience and enabling access to premium assessment templates within Compliance Manager.</P> <P>&nbsp;</P> <P><STRONG>Compliance Manager premium assessment 90-day Trial SKU</STRONG></P> <P>We heard your feedback on premium assessments! We are increasing the trial period for Compliance Manager premium assessments. Starting July 21<SUP>st</SUP>, 2021, customers will be able to access the Compliance Manager Premium Assessment Add-on Trial SKU from the <A href="#" target="_blank" rel="noopener">Microsoft 365 admin center</A>. The trial SKU will provide access to 25 premium assessments for 90 days. Customers who are already using the 30-day trial for premium assessments will now be able to add the new 90-day trial SKU to their tenants. &nbsp;</P> <P>&nbsp;</P> <P><STRONG>Removed Microsoft 365 or Office 365 E5 subscription as a prerequisite for premium assessment templates </STRONG></P> <P>In addition to extending the trial period, we recently made changes to the pre-requisites for purchasing premium assessment templates. Starting July 1<SUP>st</SUP>, 2021, all Enterprise customers, both commercial and government, can purchase premium assessment templates as long as they have any Microsoft 365 or Office 365 subscription. Read <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/use-premium-assessments-in-microsoft-compliance-manager-to-meet/ba-p/2494789" target="_blank" rel="noopener">this</A> blog for details.</P> <P>&nbsp;</P> <P><STRONG>Permissions page in the Microsoft 365 compliance center </STRONG></P> <P>We recently launched a new <A href="#" target="_blank" rel="noopener">Permissions page</A> in the Microsoft 365 compliance center. Admins can now view and assign user roles and create and modify custom role groups from this page instead of the legacy Security and Compliance center. Compliance Manager ‘Reader’, ‘Contribution’, ‘Assessor’, and ‘Administrator’ roles can be managed from this page.&nbsp;Read <A href="#" target="_self">this</A> document for more information on Compliance Manager roles. &nbsp;&nbsp;&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture3.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295251i8D3E6BFE47ABE2E6/image-size/large?v=v2&amp;px=999" role="button" title="Picture3.png" alt="Picture3.png" /></span></P> <P class="lia-align-center">&nbsp;Figure3: Compliance Manager roles in Permissions page in Microsoft 365 compliance center</P> <P class="lia-align-center">&nbsp;</P> <P><STRONG>Get Started</STRONG>&nbsp;</P> <P>To try these recent and upcoming capabilities, navigate&nbsp;to&nbsp;the&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 compliance center</A>&nbsp;or sign up for a Microsoft 365 E5 Compliance&nbsp;<A href="#" target="_blank" rel="noopener">trial</A>!&nbsp;Compliance Manager premium assessment SKUs and 90-day Trial SKU can be purchased in the&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft admin center</A>.</P> <P>&nbsp;</P> <P>Learn more about what’s new with Compliance Manager and how to get started and configure policies in your tenant in this&nbsp;<A href="#" target="_blank" rel="noopener">supporting documentation</A>. We look forward to hearing your feedback.&nbsp;</P> <P>&nbsp;</P> <P>On behalf of the Compliance Manager team,</P> <P>Shilpa Bothra,</P> <P>Product Marketing Manager</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[1]</SPAN></A> Cost of Compliance, 2021, Thompson Reuters</P> Wed, 14 Jul 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-universal-assessment-templates-in-microsoft/ba-p/2540498 Shilpa_Bothra 2021-07-14T15:00:00Z Microsoft Inspire 2021 | Security, Compliance, Identity and Management Tech Community Blog https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-inspire-2021-security-compliance-identity-and/ba-p/2544676 <P><STRONG><I><SPAN data-contrast="auto">Security, Compliance, Identity, and Management&nbsp;is&nbsp;thrilled to have you join us for the second ever Microsoft Inspire starting on July 14, 2021! The event will begin promptly at 8am PST.&nbsp;</SPAN></I></STRONG><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Register now</SPAN></A><SPAN data-contrast="auto">&nbsp;to explore all the event has to offer.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">We are eager to&nbsp;connect you with professionals from around the world&nbsp;and share how Microsoft Security can help you achieve your business goals. With various opportunities to connect with Microsoft&nbsp;experts&nbsp;and peers in your field of work, you will leave this event with the tools you need to succeed.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="none">Focus Area Session&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">You won’t want to miss&nbsp;the&nbsp;focus area session,&nbsp;“</SPAN><I><SPAN data-contrast="auto">Build&nbsp;a foundation of trust and security”</SPAN></I><SPAN data-contrast="auto">&nbsp;delivered by&nbsp;</SPAN><I><SPAN data-contrast="auto">CVP of Security, Compliance, and Identity,&nbsp;</SPAN></I><STRONG><SPAN data-contrast="auto">Vasu Jakkal</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;and&nbsp;</SPAN><I><SPAN data-contrast="auto">CVP of Global Channel Sales</SPAN></I><SPAN data-contrast="auto">,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Rodney Clark</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;where they will&nbsp;discuss&nbsp;how you can earn your customers’ trust by securing their digital transformation and partnering with the world’s leading security company.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Learn about our collective opportunity to build solutions and technologies that create a better future for everyone&nbsp;by attending one of the two airings of this session.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">TS03 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Wednesday, July 14 | 12:30pm-1:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">TS03-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 | 4:30am – 5:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Tune into Watch a Breakout Session&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><I><SPAN data-contrast="auto">Breakout sessions (30mins) delivered twice.&nbsp;Did you attend a Breakout Session, but still have questions? Join the corresponding Ask the Experts session for a live Q&amp;A with subject matter experts.&nbsp;</SPAN></I><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">BRK122 |&nbsp;Identity and endpoint management – a strong foundation for Zero Trust and profitability</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">Senior Product Marketing Manager</SPAN></I><SPAN data-contrast="auto">,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Irina Nechaeva</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;and&nbsp;</SPAN><I><SPAN data-contrast="auto">Director of Product Marketing</SPAN></I><SPAN data-contrast="auto">,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Gideon Bibliowicz&nbsp;</SPAN></STRONG><SPAN data-contrast="auto">as they share&nbsp;how&nbsp;securing identities and endpoints&nbsp;can be achieved with Azure AD and Microsoft Endpoint Manager.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">We’ll share how each can provide maximum business value and stories from other partners that have built successful practices around Zero Trust.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">BRK122&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;10:30am – 11:00am PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK122&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;11:30am – 12:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">BRK122-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;2:30am – 3:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK122-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;3:30am – 4:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><STRONG><SPAN data-contrast="none">BRK121 |&nbsp;Modernize security &amp; defend against threats</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">Senior&nbsp;Director Product Marketing</SPAN></I><SPAN data-contrast="auto">,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Scott Woodgate</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;as he&nbsp;provides&nbsp;practical guidance for leveraging human and technology resources to combat advanced&nbsp;threats and&nbsp;showcases&nbsp;how&nbsp;Microsoft’s&nbsp;integrated XDR and SIEM solution empowers defenders today.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">BRK121&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;11:30am – 12:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK121&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;12:30pm – 1:00pm PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">BR121-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;3:30am – 4:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK121-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;4:30am – 5:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><STRONG><SPAN data-contrast="none">BRK123 |&nbsp;Accelerate customer transformation with cloud security solutions from Microsoft</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">Director, Cloud Security,</SPAN></I><SPAN data-contrast="auto">&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Adwait Joshi</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;as he&nbsp;shares&nbsp;about the top actions that customers can take to secure their cloud and hybrid environments – including strengthening their overall cloud security posture, protecting workloads from threats, managing cloud app activity, and more.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">In this session, you’ll also hear valuable&nbsp;Partner lessons on navigating customer challenges and realizing the opportunities in this dynamic space. </SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">BRK123&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;12:30pm – 1:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK123&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;1:30pm – 2:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">BRK123-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;4:30am – 5:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK123-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;5:30am – 6:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><STRONG><SPAN data-contrast="none">BRK124 |&nbsp;Build your business by managing risk and securing customer information</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">General Manager of Compliance Marketing</SPAN></I><SPAN data-contrast="auto">,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Alym Rayani</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;as he&nbsp;discusses&nbsp;how to integrate and extend Microsoft solutions to work with what your customers already have in their environment, unlocking&nbsp;new ways for you to help them protect and secure data across their entire digital estate.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">BRK124&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;1:30pm – 2:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK124&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, July 15 |&nbsp;2:30pm – 3:00pm PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">BRK124-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;5:30am – 6:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">ATBRK124-R1&nbsp;|&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Friday, July 16 |&nbsp;6:30am – 7:00am PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Explore our On-demand Sessions</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Looking to learn more about how security, compliance, identity, and management can help you&nbsp;advance&nbsp;your business? Check out the catalog of on-demand sessions below and add them to your Microsoft&nbsp;Inspire calendar today!&nbsp;On-demand sessions will be published&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">at 10am PST on&nbsp;Wednesday, July 14</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;and will remain available for your viewing&nbsp;for one year following the close of event.</SPAN><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <TABLE data-tablestyle="MsoTable15Plain3" data-tablelook="1184" aria-rowcount="4"> <TBODY> <TR aria-rowindex="1"> <TD data-celllook="272"> <P><STRONG><SPAN data-contrast="auto">SESSION CODE&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="256"> <P><STRONG><SPAN data-contrast="auto">SESSION TITLE&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="256"> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="2"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD121</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Building a business around providing modern security operating center services to customers</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Mandana Javaheri &amp; Mayank Kapur&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="3"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD122</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Build a business around helping customers drive towards a Zero Trust framework</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Cedric Dapaepe</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="4"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD123</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Going to market with Microsoft. Learn how to maximize Microsoft's channel investments this coming year</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Nomi Nazeer</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> </TBODY> </TABLE> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Meet our Security Experts&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Don’t miss the opportunity to engage live with our security experts in the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Connection Zone</SPAN></A><SPAN data-contrast="auto">.&nbsp;Join any of the three security, compliance, identity, and management&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Table Topics</SPAN></A><SPAN data-contrast="auto">&nbsp;where you’ll be able to discuss pre-determined questions with&nbsp;Microsoft professionals and peers alike.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <TABLE data-tablestyle="MsoTable15Plain1" data-tablelook="1184" aria-rowcount="2"> <TBODY> <TR aria-rowindex="1"> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Connection Zone Program&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="2"> <TD data-celllook="0"> <P><A href="#" target="_blank" rel="noopener"><STRONG><SPAN data-contrast="none">Table Topics</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG></A><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="none">Gathering space for the&nbsp;</SPAN><STRONG><SPAN data-contrast="none">community to connect and discuss pre-determined topics</SPAN></STRONG><SPAN data-contrast="none">&nbsp;in an online discussion&nbsp;using Teams Meetings.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Title</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Post COVID - Small and Medium Business SCI Priorities to Accelerate Digital Transformation</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Date/Time</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;July 14, 10:30am – 11:00am PST&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Title</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Zero Trust framework</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Date/Time</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;July 14, 10:30am – 11:00am PST</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Title</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">How to build a Managed Detection and Response practice with Microsoft Security</SPAN></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Date/Time</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;July 14, 10:30am – 11:00am PST</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> </TBODY> </TABLE> Wed, 14 Jul 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-inspire-2021-security-compliance-identity-and/ba-p/2544676 JessAfeku 2021-07-14T15:00:00Z Further Streamlining the eDiscovery Review Process https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/further-streamlining-the-ediscovery-review-process/ba-p/2540626 <P>In our new world of hybrid work, organizations continue to empower people to work effectively by being flexible in where and how work gets done. This flexibility has further accelerated digital transformation, resulting in an explosion of new types of data. These new data types are more dynamic than email and more complex to discover.</P> <P>&nbsp;</P> <P>Organizations worldwide continue to face significant challenges in responding with the relevant data to meet not only their legal and regulatory obligations but also increasingly for internal investigations. A recent study conducted by IDC<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" name="_ftnref1" target="_blank"><SPAN>[1]</SPAN></A> found that legal departments’ responsibilities have drastically expanded as data privacy and compliance fall within their purview. There’s real pressure to do more with less, as organizations aren’t adding new headcount to manage these new responsibilities. In fact, 42 percent of respondents stated that improved efficiency is the primary reason they adopted cloud-based legal technology.</P> <P>&nbsp;</P> <P>Given the explosion and variety of data being generated in an organization today, relying on traditional search methods to find relevant data is not only inefficient but may also result in some data not being discovered. Unfortunately, getting started with traditional solutions and processes can be challenging: organizations have to export large volumes of data, analyze this data in a separate system, then train or find subject matter experts to use the complex analytics tools. This process increases time, cost, complexity, and risk.</P> <P>In March <A href="#" target="_blank">we announced </A>several new capabilities to help legal teams find responsive content more efficiently with Advanced eDiscovery, including:</P> <P>&nbsp;</P> <OL> <LI>Discovery of&nbsp;Microsoft&nbsp;Information Protection-encrypted&nbsp;content such as&nbsp;cloud attachments.&nbsp;</LI> </OL> <OL> <LI>New iterative collections&nbsp;experience.&nbsp;&nbsp;</LI> </OL> <OL> <LI>Enhanced&nbsp;support for&nbsp;Chinese, Japanese, and Korean languages.&nbsp;</LI> </OL> <OL> <LI>New&nbsp;predictive coding&nbsp;capabilities.</LI> </OL> <P>&nbsp;</P> <P>Today we are excited to announce the public preview of several additional capabilities in our Advanced eDiscovery solution that will help legal teams efficiently streamline their eDiscovery review process by leveraging the power of machine learning to help identify, cull and reduce data without moving data outside the Microsoft 365 security and compliance boundary.</P> <P>&nbsp;</P> <H2><STRONG>Support for large and complex cases</STRONG></H2> <P>The explosion of data can be challenging for organizations with a large litigation and regulatory profile due to the volume and nature of the requests and current expectations of global regulators that govern data production. To help organizations efficiently manage these large cases we are expanding the total amount of content that can be managed within one advanced eDiscovery case. Legal teams can now:</P> <P>&nbsp;</P> <UL> <LI>Create up to 1TB per collection and add up to 40 million items to a single case.</LI> <LI>Export Teams content as HTML transcript as opposed to individual items.</LI> <LI>Collect time-based&nbsp;content for before and after the responsive item.</LI> <LI>Export large&nbsp;sets of content within a single job, 5 million documents or 500 GB, whichever is smaller.&nbsp;</LI> </UL> <P>&nbsp;</P> <P>Collection in a large case will also <SPAN>include </SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/improving-ediscovery-workflows-and-enhancing-your-forensic/ba-p/1696658" target="_blank">Cloud Attachments</A><SPAN> and contextual Teams and Yammer content to help collect the full picture of digital communications.</SPAN></P> <P>&nbsp;</P> <P><SPAN>With this new feature, organizations can now effectively accommodate an increase in case size in response to time-sensitive high-volume regulatory requests, investigations, and litigations.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IramArras_0-1626207804083.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295588i9036A1FF22E864C8/image-size/large?v=v2&amp;px=999" role="button" title="IramArras_0-1626207804083.png" alt="IramArras_0-1626207804083.png" /></span></P> <P><EM>Advanced eDiscovery allows creation of larger cases, up to 40 million items for a single case.</EM></P> <P>&nbsp;</P> <H2><STRONG>Leverage the power of machine learning to quickly identify relevant data</STRONG></H2> <P>Unlike traditional predictive coding solutions that require users to label over 400 documents before seeing results, users can get started with training as little as 50 documents in a single training round. Our train-as-you-go approach lowers the friction for customers to get started and enables them to derive value from the get-go without incurring the traditionally heavy up-front costs of training a model.</P> <P>&nbsp;</P> <H2><STRONG>Streamlined workflow to train your model</STRONG></H2> <P>While many solutions have incorporated machine learning, they often require users to be briefed beforehand about concepts such as training sets, control sets, and confidence levels. Our machine learning solution includes these concepts, however, we are now introducing a 5-step workflow that is designed to reduce complexity without sacrificing model efficacy, transparency, or defensibility.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IramArras_1-1626207804088.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295587iEAE9F93EC82424CA/image-size/large?v=v2&amp;px=999" role="button" title="IramArras_1-1626207804088.png" alt="IramArras_1-1626207804088.png" /></span></P> <P><EM>The new predictive coding workflow is designed to reduce complexity.</EM></P> <P>&nbsp;</P> <P>You can learn more about these innovative machine learning techniques <A href="#" target="_blank">here</A><EM>.</EM></P> <P>&nbsp;</P> <H2><STRONG>Further streamlining the review process</STRONG></H2> <P>Legal teams are often under time pressure to deliver relevant data for a request or investigation to meet their obligations. To help organizations quickly review the data to determine what’s relevant, we have improved our review set layout. Our new layout provides customers with a clean workflow to efficiently review data in a set.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IramArras_2-1626207804106.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295589i73BC6FA1CF1C279C/image-size/large?v=v2&amp;px=999" role="button" title="IramArras_2-1626207804106.png" alt="IramArras_2-1626207804106.png" /></span></P> <P><EM>The updated review set layout makes it easier to find the relevant data.</EM></P> <P>&nbsp;</P> <P>Finding data in a review set has never been easier with our simple, yet powerful filter and query control. Users can select from a variety of filters to quickly narrow down items and find important documents. For advanced users looking to craft complex queries in order to meet requests for data, there is a dynamic KQL builder that supports multi-nested groupings of condition cards.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IramArras_3-1626207804115.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295590i66DBC0AB29D7239C/image-size/large?v=v2&amp;px=999" role="button" title="IramArras_3-1626207804115.png" alt="IramArras_3-1626207804115.png" /></span></P> <P><EM>New filters and the Advanced Query Builder make it easier and quicker to find the right data.</EM></P> <P>&nbsp;</P> <P>You can learn more about these filter and query capabilities <A href="#" target="_blank">here</A>.</P> <P>&nbsp;</P> <P>Finally, to help organizations prioritize the collection of data, we are providing not only visibility into your queue of pending collections, but also the ability for you to prioritize specific collections and cancel those which are no longer needed. This enables organizations with multiple divisions or high case volumes to stage and sequence work to improve their eDiscovery workflow efficiency.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IramArras_4-1626207804122.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295591i3D8D2D402659CC68/image-size/large?v=v2&amp;px=999" role="button" title="IramArras_4-1626207804122.png" alt="IramArras_4-1626207804122.png" /></span></P> <P><EM>Visibility into queued pending collections allows users to prioritize specific collections as needed.</EM></P> <P>&nbsp;</P> <H2><STRONG>Get started</STRONG></H2> <P>We are committed to helping organizations with their eDiscovery needs by continuing to deliver capabilities that make the end-to-end workflow more efficient.</P> <P>&nbsp;</P> <P>You can sign up for a&nbsp;<A href="#" target="_blank">trial</A>&nbsp;of Microsoft 365 E5 or navigate&nbsp;to&nbsp;the&nbsp;<A href="#" target="_blank">Microsoft 365 Compliance Center</A>&nbsp;to get started today. Visit <A href="#" target="_blank">our documentation library</A> for details on all our eDiscovery solution capabilities.</P> <P>&nbsp;</P> <P>We would love your feedback, so let us know what you think of the&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=mailto:aedmlfeedback@microsoft.com" target="_blank">features in preview</A>.</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" name="_ftn1" target="_blank"><SPAN>[1]</SPAN></A> IDC, 2020 U.S. Legal Technology Buyer Survey,&nbsp;Doc # US45856020, July 2020</P> Wed, 14 Jul 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/further-streamlining-the-ediscovery-review-process/ba-p/2540626 Iram Arras 2021-07-14T15:00:00Z Help Protect your Organization from the Inside Out with New Controls from Insider Risk Management https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-protect-your-organization-from-the-inside-out-with-new/ba-p/2540472 <P>Hybrid work is becoming the new normal - people working in new ways, some in the office, some remote, some a fluid mix of the two. With these new ways of work, come new risks. And when you mix that with the most complex cybersecurity environment we've ever seen, the risks can feel overwhelming. We -- together with our partner ecosystem -- are here to help.</P> <P>&nbsp;</P> <P>To reduce the burden on already overloaded security teams, it’s critical to show <A href="#" target="_self">digital empathy</A>, which means making the job of risk management easier. With our strong partner ecosystem and our <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/don-t-get-caught-off-guard-by-the-hidden-dangers-of-insider/ba-p/2157957" target="_self">recent</A> inclusion of <A href="#" target="_self">Analytics</A> in Insider Risk Management, it’s easy to get started and uncover hidden risks currently in your organization.</P> <P>&nbsp;</P> <P>Today we are excited to announce the public preview of new capabilities in Insider Risk Management that make it easier for organizations to protect their most critical assets from the inside out.</P> <P>&nbsp;</P> <P><STRONG>Granular Role-Based Access Controls </STRONG></P> <P>Given the importance of privacy and the need for additional control, we are announcing the ability to limit the visibility of alerts, cases, and user activity reports related to priority users to specific analysts or investigators within your organization. For example, you can create a priority user group for your executive staff and ensure that only a member of your legal organization sees an alert on any of those individuals.</P> <P>&nbsp;</P> <P>This new functionality not only provides the additional level of control to support the management of alerts relating to confidential assets and individuals but also respects your organization’s compliance and privacy requirements.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IRM1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295254i26C9F1A233902AFF/image-size/large?v=v2&amp;px=999" role="button" title="IRM1.png" alt="IRM1.png" /></span></P> <P>&nbsp;</P> <P><STRONG>Improved flexibility and control in managing alerts</STRONG> <BR />We know it is important to make sure that analysts and investigators are spending time on the tasks that matter most, so we’re continuing to enable efficiency during alert triage with new functionality that allows you to take action on bulk alerts. With this new functionality, you can select multiple alerts and dismiss them at once, improving the triage and management of the alert queue.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IRM3.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295253iAD1B62802436F739/image-size/large?v=v2&amp;px=999" role="button" title="IRM3.png" alt="IRM3.png" /></span></P> <P>&nbsp;</P> <P><STRONG>Broader support for browser exfiltration signals</STRONG></P> <P>Web browsers such as Microsoft Edge and Google Chrome are often used to access both sensitive and non-sensitive files within an organization. Microsoft’s Insider Risk Management now supports browser exfiltration signals for all non-executable files that are viewed in both Microsoft Edge and Google Chrome, allowing customers to understand when any of the following operations are performed:</P> <UL> <LI>File copied to cloud</LI> <LI>File printed</LI> <LI>File copied to Network Share</LI> <LI>File copied to Removeable Media</LI> </UL> <P>These signals are collected in Microsoft Edge using the Microsoft Insider Risk Extension Edge Add-On. In Google Chrome, customers can leverage the Microsoft Compliance Extension.&nbsp;<SPAN>More detail can be found on&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1" data-ogsc="">our documentation site</A>.</P> <P>&nbsp;</P> <P><STRONG>Get started today</STRONG></P> <P>We have <A href="#" target="_self">videos</A> and an <A href="#" target="_self">interactive guide</A> to help you become familiar with the various capabilities of the solution.<BR /><BR />The new features announced today will start rolling out to customers’ tenants in the coming days and weeks. Insider Risk Management is one of several products in Microsoft 365 E5, including <A href="#" target="_self">Communication Compliance</A>, Information Barriers, and Privileged Access Management, that helps organizations mitigate insider risks and policy violations. You can sign up for a <A href="#" target="_self">trial</A> of Microsoft 365 E5 or navigate to the <A href="#" target="_self">Microsoft 365 compliance center</A> to get started.<BR /><BR />Learn more about Insider Risk Management, how to get started, and configure policies in your tenant in this <A href="#" target="_self">supporting documentation</A>. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.<BR /><BR />Finally, if you haven’t listened to our podcast “<A href="#" target="_self">Uncovering Hidden Risks</A>”, we encourage you to listen about the technologies used to detect insider risks and what is required to build and maintain an effective insider risk management program.<BR /><BR />We are excited about all the new innovations coming out with this new release and look forward to hearing your feedback.</P> <P>Talhah Mir, Principal Program Manager, Microsoft 365 Security and Compliance Engineering</P> <P>&nbsp;</P> Thu, 29 Jul 2021 19:52:34 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-protect-your-organization-from-the-inside-out-with-new/ba-p/2540472 TalhahMir 2021-07-29T19:52:34Z Announcing Public Preview of App Governance https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-public-preview-of-app-governance/ba-p/2543768 <P>We are excited to announce the public preview of app governance: a security and policy management capability that customers can use to monitor and govern app behaviors and quickly identify, alert, and protect from risky behaviors with data, users, and apps. App governance is designed for&nbsp;OAuth-enabled apps&nbsp;that access&nbsp;Microsoft 365&nbsp;data via <A href="#" target="_blank" rel="noopener">Microsoft Graph APIs</A>. &nbsp;</P> <P>&nbsp;</P> <P>App governance provides you with:</P> <UL> <LI><STRONG>Deep visibility &amp; insights:</STRONG> Get deeper visibility into apps that access Microsoft 365 data and actionable insights on how the app is configured and behaving in the environment.</LI> <LI><STRONG>Policy-driven governance:</STRONG> Proactively define and enforce appropriate app behavior with data, users, and other apps, in accordance with your organization’s security and compliance posture for data access.</LI> <LI><STRONG>Comprehensive detection and remediation:</STRONG> Detect anomalous app behavior with machine-learning models, address issues with automated and manual remediation actions</LI> </UL> <P>&nbsp;</P> <P>App governance is cloud-based and native to the Microsoft 365 platform, so there’s no need to deploy additional infrastructure or services. This provides a simplified onboarding and management experience that can be quickly deployed in customer environments.</P> <P>&nbsp;</P> <P>App governance is an add-on capability to Microsoft Cloud App Security. Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) used to discover and assess cloud apps, identify risky user behavior, enforce policies to control activity, and detect and remediate threats.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><FONT size="5"><STRONG><EM>Increasing Risks from Apps</EM></STRONG></FONT></P> <P>Microsoft’s security and threat research teams have broadly observed an uptick of security incidents involving apps, both in terms of frequency and impact. These incidents span a wide range, including malicious apps engaging in, as well as good but vulnerable apps being exploited by bad actors.</P> <P>&nbsp;</P> <P>This situation is exasperated by a lack of good app/API hygiene, inadequate governance capabilities, and a lack of oversight on app permissions. Many apps are over-permissioned – meaning the scope of permission is beyond what is required by the app to accomplish its intended use- and highly-permissioned – meaning the type and level of access include sensitive information and high-value users that are not required.</P> <P>&nbsp;</P> <P>Apps are emerging as one of the most dangerous threat vectors due to their low bar to entry and administrators have a heightened need for visibility and insights on the usage and activity of all apps installed in their organization.</P> <P>&nbsp;</P> <P>Currently, customers deploy two broad solution types to control and protect from 3<SUP>rd</SUP> party and Line of Business (LOB) cloud apps:</P> <UL> <LI><STRONG>App Access: </STRONG>these are solutions (like Azure Active Directory) that register your apps, manage access rights and permissions for your apps and define which users can access which app.</LI> <LI><STRONG>App Usage:</STRONG> these are solutions (like Microsoft Cloud App Security) that discover and assess cloud apps, identify risky user behavior in apps, enforce policies to control activity, and detect and remediate threats.</LI> </UL> <P>&nbsp;</P> <P>Customers have expressed a need to verify that each app is behaving as intended with data, users, and the apps it has been granted access to.&nbsp; If an app behaves in a manner that is not approved, customers need a solution to quickly detect issues and remediate them. Inappropriate app behaviors can range from security incidents that are categorically identified as bad and need to be addressed immediately to activities that fall within a tolerance level that requires additional review to assess malicious intent.&nbsp; This requires a deep understanding of the <STRONG>App Behavior </STRONG>within the environment – app governance provides this new capability and builds upon the existing app access and app usage solutions.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><FONT size="5"><STRONG><EM>Deep visibility and insights</EM></STRONG></FONT></P> <P>App governance provides a deep and intuitive dashboard experience that is familiar to administrators. The tenant summary view provides:</P> <UL> <LI>A high-level summary of the third-party and Line of Business apps in your Microsoft 365 tenant.</LI> <LI>Alerts based on the violation of any pre-configured policy and/or detection of any anomalous app behavior.</LI> <LI>Quick insights into apps that do not use one or more permissions they have been granted (Over-permissioned).</LI> <LI>Apps that have powerful permissions that allow data access or a key setting in the tenant (High privileged).</LI> <LI>Apps that do not have a verified publisher (Unverified).</LI> </UL> <P>&nbsp;</P> <P>This approach helps administrators focus on the most important aspects impacting the overall health and security of their app environment and quickly address outstanding issues. (See <EM>Figure 1: Dashboard View Providing at-a-Glance Insights into Deployed App Risks</EM>)</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 1 - Dashboard View.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295525iA48F4CB6D97B2322/image-size/large?v=v2&amp;px=999" role="button" title="Figure 1 - Dashboard View.png" alt="Figure 1 - Dashboard View.png" /></span></P> <P><EM>Figure 1: Dashboard view provides at-a-glance insights into deployed apps and app risks</EM></P> <P>&nbsp;</P> <P>App governance supports comprehensive app review and investigations capabilities with deep details of the app including full app metadata information, users of the app and if they are high-value users in key roles such as CEO/CFO/others, the amount and type of data accessed by the app over time, granted app permissions and level of app access, information on whether the publisher is <A href="#" target="_blank" rel="noopener">verified</A> and/or <A href="#" target="_blank" rel="noopener">Microsoft Certified</A> and, the latest remediation action taken on the app.</P> <P>&nbsp;</P> <P>This depth of insight is critical to verify that deployed apps are behaving as intended with the data and users it has been granted access to upon onboarding and to validate that apps are operating in accordance with compliance requirements. &nbsp;(See <EM>Figure 2 : Data Usage View Highlights Key App Behavior Trends</EM>)</P> <P>&nbsp;</P> <P><EM><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 2 - Data Usage view.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295526i18CDD1AC70510917/image-size/large?v=v2&amp;px=999" role="button" title="Figure 2 - Data Usage view.png" alt="Figure 2 - Data Usage view.png" /></span></EM></P> <P><EM>Figure 2: Data usage view highlights key app behavior trends</EM></P> <P>&nbsp;</P> <P>This approach can also help simplify the app onboarding approval process by verifying that apps’ behaviors meet expectations before being broadly deployed. This can also provide a rapid review for apps that are updated by the app publisher to ensure that the capabilities provided by the updated app remain consistent with expectations.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><FONT size="5"><STRONG><EM>Policy-Driven Governance</EM></STRONG></FONT></P> <P>Organizations can define proactive policies and establish acceptable app behaviors in their environment. App governance provides three template categories and 5 different starter templates covering typical high-risk app behavior patterns including high-volume data access and apps newly added with high-privileged permissions. Policy templates provide a simplified starting point to create powerful and flexible app governance that can be configured to meet an organization’s individual app governance enforcement requirements. (<EM>Figure 3: Using Policy Templates for Rapid Policy Deployment</EM>)</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 3 - Using Policy templates for rapid policy deployments.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295527i809AAFEDB489C26E/image-size/large?v=v2&amp;px=999" role="button" title="Figure 3 - Using Policy templates for rapid policy deployments.png" alt="Figure 3 - Using Policy templates for rapid policy deployments.png" /></span></P> <P><EM>Figure 3: Using policy templates for rapid policy deployment</EM></P> <P>&nbsp;</P> <P>In addition, app governance provides sixteen app behavior activity indicators (predicates) that can be used to create custom app governance policies to address specific compliance requirements and/or to enforce low-level risk mitigation controls or even define actions to preempt threats to sensitive apps when a condition occurs that could lead to the exploitation of an app.</P> <P>&nbsp;</P> <P>Policies can be configured to run in Audit (test), Active or Inactive mode and can have automated remediation action to disable the app while in Active mode.</P> <P>&nbsp;</P> <P><EM>&nbsp;</EM></P> <P><FONT size="5"><STRONG><EM>Comprehensive Detection and Remediation</EM></STRONG></FONT></P> <P>App governance offers comprehensive detection of anomalous app behavior that includes machine learning models and policy matching. When an anomalous app behavior pattern is detected, an alert is sent to notify the administrators with all the relevant details that they need to take remediation actions quickly and confidently.</P> <P>&nbsp;</P> <P>App governance offers a range of automated and manual remediation actions for common and emerging advanced persistent threat scenarios including:</P> <UL> <LI>Adversaries using apps intended for malicious purposes (<A href="#" target="_blank" rel="noopener">consent-based phishing</A>).</LI> <LI>Adversaries taking over apps that are in good standing with high privileges (usually line of business apps developed by citizen developers).</LI> </UL> <P>&nbsp;</P> <P>The app governance threat research team and data scientists use a wide variety of data streams and signals, analysis of the known attack vectors and techniques (MITRE ATT&amp;CK and others), machine learning models and triangulated data insights from a wide variety of sources to build detections of anomalous app behaviors. Microsoft is constantly developing and adding new detection capabilities and improving the efficiency of the existing models built on top of intelligence platforms</P> <P>&nbsp;</P> <P>App governance provides fine-grain remediation integrated with Azure Active Directory, offering configurable actions (automated/manual) to protect from risky or inappropriate app activity and to improve the security posture of the app environment.</P> <P>&nbsp;</P> <P>To provide customers with a comprehensive way to handle alerts and incident response across different security and compliance products from Microsoft, all app governance alerts are integrated into <A href="#" target="_blank" rel="noopener">Microsoft Defender</A>.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><FONT size="5"><STRONG><EM>Get Started</EM></STRONG></FONT></P> <P>App governance is an add-on feature for Microsoft Cloud App Security and is initially available as a public preview to existing Microsoft Cloud App Security customers in certain regions of North America and Europe with other regions being added gradually the next few months.</P> <UL> <LI>To get started with app governance, visit our <A href="#" target="_blank" rel="noopener">quick start guide</A></LI> <LI>To learn more about app governance, visit our <A href="#" target="_blank" rel="noopener">documentation</A>.</LI> <LI>To sign up for a Q&amp;A session for app governance, visit our <A href="#" target="_self">sign up page</A></LI> <LI>To launch the app governance portal in Microsoft 365 Compliance center, go to <A href="#" target="_blank" rel="noopener">https://aka.ms/appgovernance</A></LI> </UL> <P><EM>&nbsp;</EM></P> <P><EM>Additional resources</EM></P> <P>App governance is part of a broad and comprehensive set of capabilities to protect your environment from cloud app-related threats.</P> <UL> <LI>To learn more about Azure Active Directory, Microsoft Cloud App Security, and app governance add-on integration visit our <A href="#" target="_blank" rel="noopener">documentation</A></LI> <LI>For managing user consent and app permissions in Azure AD see <A href="#" target="_self">these documents.</A></LI> <LI>For the latest on Microsoft Cloud App Security see this <A href="#" target="_blank" rel="noopener">blog</A> and <A href="#" target="_blank" rel="noopener">explainer animations</A>.</LI> <LI>To explore Microsoft Graph API check out the <A href="#" target="_blank" rel="noopener">developer blog</A> and <A href="#" target="_blank" rel="noopener">changelog</A>.</LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Microsoft 365 Team</P> <P>&nbsp;</P> Fri, 23 Jul 2021 19:52:50 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-public-preview-of-app-governance/ba-p/2543768 EricEOuellet 2021-07-23T19:52:50Z Mitigate the Impact of Communication Risks by Accelerating Review Time https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mitigate-the-impact-of-communication-risks-by-accelerating/ba-p/2537787 <P>As employees start coming back to the office, the work environment will be different than the one we left in 2020. Hybrid work will be the norm, with many organizations giving employees the flexibility to choose when and where to work. Digital communications will continue to proliferate as teams collaborate across various locations.</P> <P>&nbsp;</P> <P>In this hybrid work world, organizations continue to look for ways to empower employees to do their best work, while keeping their critical assets safe. Organizations will need to continue managing communication risks that occur digitally to meet regulatory compliance obligations and to flag concerning behavior such as sharing adult content or threatening language. Communication Compliance helps organizations quickly identify and act on regulatory compliance and code of conduct violations, with as little disruption as possible to business operations.</P> <P>&nbsp;</P> <P>Back in May, <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/reducing-code-of-conduct-and-regulatory-compliance-violation/ba-p/2344661" target="_blank" rel="noopener">we released several new features</A> that further enrich Communication Compliance’s integration with Microsoft Teams, intelligence, visibility, and reporting capabilities. Today, we are excited to announce new capabilities in public preview that will further improve the review experience, making it easier to investigate and remediate communication risks. For all the new features highlighted below, we have built strong safeguards and controls into the solution by default, such as pseudonymization, rules-based access control, admin explicit opt-in of users, and auditing. All designed to make sure user privacy is always at the center of the solution.</P> <P>&nbsp;</P> <P><STRONG>Improved review experience</STRONG></P> <P>Machine learning not only identifies communication risks based on various signals but also picks up on context that keywords or lexicons may have otherwise missed. We have invested in several pre-configured machine learning templates that detect risks, such as regulatory compliance, sensitive information types, offensive language, and conflicts of interest. When parsing through flagged violations, it’s important to reduce the noise and provide context to help investigators quickly assess whether a communication presents a potential violation.</P> <P>&nbsp;</P> <P>We are excited to announce our new global feedback loop, which allows investigators to submit feedback on misclassified policy matches, effectively retraining and improving the detection algorithm. Combining machine learning with this global feedback loop makes our global classifiers more accurate and helps to reduce false positives over time. This new capability, coupled with our recent <A href="#" target="_blank" rel="noopener">announcement around additional Teams message context</A>, will help speed up the investigation process of reviewing compliance violations. With Teams message context, investigators no longer need to spend hours running a content search, and instead can see the message context instantly while reviewing the violation. All feedback submitted through the global feedback loop will be maintained per enterprise privacy data laws.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="GIF for Inspire 2021 Blog Post_Communication Compliance.gif" style="width: 853px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295006i225CB0A3654F237F/image-size/large?v=v2&amp;px=999" role="button" title="GIF for Inspire 2021 Blog Post_Communication Compliance.gif" alt="View of Teams message context and global feedback loop in Investigator role." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">View of Teams message context and global feedback loop in Investigator role.</span></span></P> <P>&nbsp;</P> <P>Additionally, hybrid work has driven the need to detect communication risks across various Microsoft Teams content. We are excited to announce that customers will now have the ability to analyze the content of modern attachments, such as content linked to on OneDrive and SharePoint, that are shared in Teams messages.</P> <P>&nbsp;</P> <P>Finally, we are rolling out features to enhance the review experience, including the ability to bulk remediate up to 500 messages, to search within filters and to customize columns for pending or resolved items.</P> <P>&nbsp;</P> <P><STRONG>Efficient policy configuration</STRONG></P> <P>We know that customers often have similar needs across business lines or departments. At the same time, we know that many stakeholders are involved in the review process, depending on the type of policy violation. For example, insider trading is often resolved by the compliance team whereas cases of harassment are resolved by the HR team. Therefore, we’ve made it possible to easily duplicate existing compliance policies and apply them to other groups of users or reviewers, reducing the time it takes and providing more flexibility to configure a new policy.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Copy policy.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/295008i47185F1C392706F9/image-size/large?v=v2&amp;px=999" role="button" title="Copy policy.png" alt="View of clone policy on policy page." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">View of clone policy on policy page.</span></span></P> <P>&nbsp;</P> <P><STRONG>Get Started</STRONG>&nbsp;</P> <P>These&nbsp;new features in Communication Compliance&nbsp;have already rolled out or&nbsp;will start rolling out to&nbsp;customers’&nbsp;tenants in the coming weeks. Communication Compliance is part of a broader set of&nbsp;<A href="#" target="_blank" rel="noopener">Insider Risk Management</A>&nbsp;solutions that help organizations mitigate insider risks and policy violations in Microsoft 365 E5.&nbsp;The solution is&nbsp;also&nbsp;generally&nbsp;available across government clouds, supported in GCC, GCC-High, and DoD tenants.</P> <P>&nbsp;</P> <P>You can sign up for a&nbsp;<A href="#" target="_blank" rel="noopener">trial</A>&nbsp;of Microsoft 365 E5 or navigate&nbsp;to&nbsp;the&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 Compliance Center</A>&nbsp;to get started today.&nbsp;Learn more about what’s new with Communication Compliance and how to get started and configure policies in your tenant in&nbsp;this&nbsp;<A href="#" target="_blank" rel="noopener">supporting documentation</A>. We look forward to hearing your feedback.</P> <P>&nbsp;</P> <P><STRONG>Read our most recent TD Securities customer story</STRONG></P> <P>IT specialists at TD Securities were focused on providing a highly secure and compliant infrastructure built around Microsoft 365 Communication Compliance. That would enable and underpin subsequent adoption of the latest technologies for enhanced communication and collaboration across all business units. Key to that adoption effort has been migration from an earlier environment with Skype, SharePoint, and third-party applications to a consolidated infrastructure featuring Microsoft Teams, a process accelerated by the recent pandemic. <A href="#" target="_blank" rel="noopener">Learn more here</A>.</P> <P>&nbsp;</P> <P><STRONG>Tune in to our podcast: Uncovering Hidden Risks</STRONG>&nbsp;</P> <P>We have&nbsp;partnered with some of the top experts and thought leaders in the insider risk space who have a deep understanding of the&nbsp;challenges&nbsp;organizations face, and the people, processes, and technology being used to address insider risks.&nbsp;Tune in to our podcast series&nbsp;<A href="#" target="_blank" rel="noopener">Uncovering Hidden Risks</A>, where we dive deep on topics like signal indicators, machine learning, and sentiment analysis.</P> <P>&nbsp;</P> <P><LI-VIDEO vid="https://youtu.be/2ROCYQWTTgU" align="center" size="small" width="200" height="113" uploading="false" thumbnail="https://i.ytimg.com/vi/2ROCYQWTTgU/hqdefault.jpg" external="url"></LI-VIDEO></P> <P>&nbsp;</P> <P>Thank you,&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/799122" target="_blank" rel="noopener">@Liz Willets</A>, Product Marketing Manager, Microsoft 365 Security and Compliance Marketing&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/67" target="_blank" rel="noopener">@Christophe Fiessinger</A>, Principal Program Manager, Microsoft 365 Security and Compliance Engineering</P> Wed, 14 Jul 2021 13:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mitigate-the-impact-of-communication-risks-by-accelerating/ba-p/2537787 Liz_Willets 2021-07-14T13:00:00Z Privacy Capabilities for Microsoft 365 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/privacy-capabilities-for-microsoft-365/ba-p/2530763 <P>At Microsoft, we believe <A href="#" target="_blank" rel="noopener">your data should be controlled by you</A>. We are transparent about why we collect your data and how we use it across all of our products and services.</P> <P>&nbsp;</P> <P>Organizations are generating and sharing more personal data than ever before as their employees fluidly transition between work and personal devices and networks. At the same time, the number of data breaches is increasing exponentially. There were over 800 data breaches in the first half of 2021 - 76% of 2020’s total breaches<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[1]</SPAN></A>. To protect consumer data from being compromised by increasingly sophisticated breaches, legislatures across the globe are introducing new privacy regulations. A recent study predicted that by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today<A href="https://gorovian.000webhostapp.com/?exam=#_ftn2" target="_blank" rel="noopener" name="_ftnref2"><SPAN>[2]</SPAN></A>. Most organizations still use spreadsheets, emails, and in-person communication for data mapping, and struggle to identify and effectively manage personal data in their environments.</P> <P>&nbsp;</P> <P>Microsoft wants to help you on your privacy journey. Starting this week, organizations can use privacy capabilities for Microsoft 365 in preview. These capabilities help organizations gain visibility into the private data in their environment, proactively identify and protect against privacy risks, and manage subject rights requests (commonly known as ‘data subject requests’) at scale. Additionally, to meet organizations where they are in their privacy journey, we are enabling integration with our privacy capabilities to help customers deliver a unified response to subject rights requests.</P> <P>&nbsp;</P> <P><STRONG>Get Started</STRONG></P> <P>You can access the privacy capabilities for Microsoft 365 from the <A href="#" target="_blank" rel="noopener">Microsoft compliance center</A><SPAN>. </SPAN></P> <P>&nbsp;</P> <P><STRONG>Learn More </STRONG></P> <P>Read <A href="#" target="_blank" rel="noopener">this</A> document to learn more about privacy capabilities for Microsoft 365.</P> <P>&nbsp;</P> <P><FONT size="2"><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[1]</SPAN></A> First half 2021 Data Breach Analysis, ITRC</FONT></P> <P><FONT size="2"><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref2" target="_blank" rel="noopener" name="_ftn2"><SPAN>[2]</SPAN></A> New Privacy laws outside Europe and California: A global cheat sheet, Gartner</FONT></P> Mon, 12 Jul 2021 17:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/privacy-capabilities-for-microsoft-365/ba-p/2530763 Shilpa_Bothra 2021-07-12T17:00:00Z Use Premium Assessments in Microsoft Compliance Manager to Meet Your Regulatory Compliance Needs https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/use-premium-assessments-in-microsoft-compliance-manager-to-meet/ba-p/2494789 <P>The pandemic has permanently changed how organizations of all sizes work. A substantial increase in hybrid and remote work has presented new compliance challenges, and organizations have responded by growing their compliance functions. A recent study shows that there were 257 average daily regulatory alerts across 190 countries in 2020 and keeping up with regulatory changes continues to be the top compliance challenge<A href="https://gorovian.000webhostapp.com/?exam=#_ftn1" target="_blank" rel="noopener" name="_ftnref1"><SPAN>[1]</SPAN></A>.</P> <P>&nbsp;</P> <P data-unlink="true">To help organizations simplify compliance and reduce risk, we built Microsoft Compliance Manager, <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/announcing-general-availability-of-microsoft-compliance-manager/ba-p/1679846" target="_blank" rel="noopener">generally available since September 2020</A>. Compliance Manager translates complex regulatory requirements into specific recommended actions and makes them available through premium assessment templates, covering over 300 regulations and standards. By leveraging the universal mapping of actions and controls, premium assessment templates allow customers to comply with several requirements across multiple regulations or standards with one action, providing an efficient solution to manage overlapping compliance requirements. Premium assessment templates along with built-in workflows and continuous compliance updates allow organizations to constantly assess, monitor, and improve their compliance posture.</P> <P>&nbsp;</P> <P>To meet customers where they are in their compliance journey, we are excited to announce that Compliance Manager premium assessment templates will no longer require a Microsoft 365 E5 or Office 365 E5 license as a prerequisite. This update enables all enterprise customers to assess compliance with the regulations most relevant to them and meet their unique compliance needs. Starting July 1<SUP>st</SUP>, 2021, all Enterprise customers, both commercial and government, can purchase premium assessment templates as long as they have any Microsoft 365 or Office 365 subscription. Customers who have already purchased a premium assessment template or are using the default templates included with their subscription will not experience any disruption or change. Customers with Microsoft 365 E3 or Office 365 E1/E3 subscriptions will now be able to see the list of 300+ premium assessment templates in their tenants. The capability to create a new template, customize an existing template, or add customized actions to a given template will continue to require a Microsoft 365 E5 or Office 365 E5 subscription.</P> <P>&nbsp;</P> <P>We look forward to hearing your feedback.</P> <P>&nbsp;</P> <P><STRONG>Get Started </STRONG></P> <P>Navigate&nbsp;to&nbsp;the&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 compliance center</A>&nbsp;or sign up for a Microsoft 365 E5 Compliance&nbsp;<A href="#" target="_blank" rel="noopener">trial&nbsp;</A>to get started with Compliance Manager premium assessments today!&nbsp;Compliance Manager premium assessment SKUs can be purchased in <A href="#" target="_blank" rel="noopener">Microsoft admin center</A>.</P> <P>&nbsp;</P> <P><STRONG>Learn more: </STRONG></P> <OL> <LI>Compliance Manager licensing details <A href="#" target="_self">here</A>.</LI> <LI>List of premium assessment templates <A href="#" target="_blank" rel="noopener">here</A>.</LI> <LI>Learn more about Compliance Manager <A href="#" target="_blank" rel="noopener">here</A>.</LI> </OL> <P>&nbsp;</P> <P>Shilpa Bothra,&nbsp;</P> <P>Product Marketing Manager</P> <P>On behalf of the Compliance Manager team.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://gorovian.000webhostapp.com/?exam=#_ftnref1" target="_blank" rel="noopener" name="_ftn1"><SPAN>[1]</SPAN></A> Cost of Compliance, 2021, Thompson Reuters</P> Fri, 09 Jul 2021 16:22:14 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/use-premium-assessments-in-microsoft-compliance-manager-to-meet/ba-p/2494789 Shilpa_Bothra 2021-07-09T16:22:14Z What’s New in Information Protection? https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-in-information-protection/ba-p/2483154 <P><SPAN class="TextRun SCXW38737840 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXW38737840 BCX8">Throughout the last several months there have been many new features, updates, and happenings in the world of Information Protection at Microsoft. As we continue to build out more of this story, we wanted to use this opportunity to connect with customers, partners, and more on some of these updates to keep you informed and provide a single pane of glass on everything we have been working on for the last several months. In addition, we hope to give you some insight into the next big things being built within MIP overall.&nbsp;</SPAN></SPAN><SPAN class="EOP SCXW38737840 BCX8" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P aria-level="2"><STRONG><SPAN data-contrast="none">Microsoft Information Protection:</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">General Availability:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Mandatory Labeling</SPAN></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="8" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Office apps (Word, Excel, PowerPoint, Outlook) will now respect the&nbsp;Admin&nbsp;policy setting to require users to apply a label to documents and emails on Windows, Mac, iOS, and&nbsp;Android&nbsp;(for the Office 365 subscription version of the apps).</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="8" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Read more about the feature at&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Manage sensitivity labels in Office apps - Microsoft 365 Compliance | Microsoft Docs</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_0-1624560766587.png" style="width: 759px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291024iABF01068C368F79E/image-dimensions/759x423?v=v2" width="759" height="423" role="button" title="Arvind_Chandaka_0-1624560766587.png" alt="Arvind_Chandaka_0-1624560766587.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">General&nbsp;Availability:&nbsp;Improvements for Exchange Online service side auto-labeling</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Automatic classification with sensitivity labels emails in transit in Exchange Online</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Improved capabilities on top of existing&nbsp;service-based&nbsp;auto-labeling&nbsp;include:&nbsp;</SPAN> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Additional predicates with Exchange Online auto-labeling&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Encrypt only and Do Not Forward&nbsp;support</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Context-based&nbsp;detections</SPAN></LI> </UL> </LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Read more&nbsp;about the feature at:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Automatically apply a sensitivity label to content in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_1-1624560766589.png" style="width: 827px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291026iB48F1732C6B80E68/image-dimensions/827x465?v=v2" width="827" height="465" role="button" title="Arvind_Chandaka_1-1624560766589.png" alt="Arvind_Chandaka_1-1624560766589.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">Public Preview:&nbsp;</SPAN><A href="#" target="_self"><SPAN data-contrast="none">Co-</SPAN><SPAN data-contrast="none">authoring</SPAN></A></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto">Co-authoring and AutoSave on Microsoft Information Protection-encrypted documents</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"><SPAN data-contrast="auto">Client-based automatic and recommended labeling on Mac</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"><SPAN data-contrast="auto">Mandatory labeling requiring users to apply a label to their email and&nbsp;documents</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"><SPAN data-contrast="auto">Availability of audit label activities in Activity Explorer</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto">Native support for variables and per-app content marking</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">You can leverage co-authoring using:</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">Production or test tenant</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">Microsoft 365 apps&nbsp;with the following versions:</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">Windows – Current Channel 16.0.14026.20270+ (2105)</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">Mac: 16.50.21061301+&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> </LI> </UL> </LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">If&nbsp;AIP&nbsp;Unified Labeling&nbsp;Client Version&nbsp;is in use, verify that in addition to the updated Microsoft 365 app, you use version&nbsp;2.10.46.0&nbsp;of the Unified Labeling client.</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"><SPAN data-contrast="auto">PLEASE NOTE: That Co-authoring for Native/Built-In Labeling will be added&nbsp;in&nbsp;the upcoming Current Channel within 2&nbsp;weeks</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-contrast="auto">Read more about the feature at&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Enable co-authoring for documents encrypted by sensitivity labels in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_2-1624560766572.gif" style="width: 830px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291025i497783D9E90F28CC/image-dimensions/830x467?v=v2" width="830" height="467" role="button" title="Arvind_Chandaka_2-1624560766572.gif" alt="Arvind_Chandaka_2-1624560766572.gif" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none"> </SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">Public Preview:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>AIP Audit Logs in Activity Explorer</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="8" aria-setsize="-1" data-aria-posinset="12" data-aria-level="1"><SPAN data-contrast="none">Azure Information Protection client audit logs are now available in Activity Explorer for existing AIP Analytics customers and this functionality is in public&nbsp;preview.</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="8" aria-setsize="-1" data-aria-posinset="13" data-aria-level="1"><SPAN data-contrast="none">Read more about Activity Explorer audit events at:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explorer?view=o365-worldwide</SPAN></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="8" aria-setsize="-1" data-aria-posinset="14" data-aria-level="1"><SPAN data-contrast="none">This preview&nbsp;requires&nbsp;registration via:</SPAN><SPAN data-contrast="auto">&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">https://aka.ms/Register-AIPActivityExplorerPublicPreview</SPAN></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_3-1624560766594.png" style="width: 819px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291030i39419E087DCFEDBB/image-dimensions/819x469?v=v2" width="819" height="469" role="button" title="Arvind_Chandaka_3-1624560766594.png" alt="Arvind_Chandaka_3-1624560766594.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">General Availability:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Dynamic Markings with Variables</SPAN></A><SPAN data-contrast="none">&nbsp;within native labeling across all platforms</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="7" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Configure sensitivity labels for content markings by using variables in the text string for your header, footer, or&nbsp;watermark</SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="7" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">Read more about the feature at&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Manage sensitivity labels in Office apps - Microsoft 365 Compliance | Microsoft Docs</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_4-1624560766591.png" style="width: 814px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291029i28515DB124A2A00F/image-dimensions/814x580?v=v2" width="814" height="580" role="button" title="Arvind_Chandaka_4-1624560766591.png" alt="Arvind_Chandaka_4-1624560766591.png" /></span></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:240,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">GA:&nbsp;</SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-ga-of-microsoft-data-loss-prevention-alerts-dashboard/ba-p/2268194" target="_blank" rel="noopener"><SPAN data-contrast="none">DLP Alerts</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition&nbsp;in&nbsp;the Microsoft’s&nbsp;data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across:</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">Exchange</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">SharePoint Online</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">OneDrive</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto">Teams</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"><SPAN data-contrast="auto">Devices</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"><SPAN data-contrast="auto">Cloud apps</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="11" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"><SPAN data-contrast="auto">On-premises file shares</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-contrast="auto">Learn more about the feature at:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Learn about the data loss prevention Alerts dashboard - Microsoft 365 Compliance | Microsoft Docs</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_7-1624560766593.png" style="width: 796px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291033iA9F663211544E3EB/image-dimensions/796x448?v=v2" width="796" height="448" role="button" title="Arvind_Chandaka_7-1624560766593.png" alt="Arvind_Chandaka_7-1624560766593.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><STRONG><SPAN data-contrast="none">Azure Information Protection:</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">GA:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Track and Revoke</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto">Document tracking provides information for administrators about when a protected document was accessed.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto">If necessary, both admins and users can revoke document access for&nbsp;protected&nbsp;tracked documents.</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"><SPAN data-contrast="auto">This feature is available for&nbsp;AIP UL&nbsp;client</SPAN><SPAN data-contrast="none"> </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">version 2.9.111.0</SPAN></A><SPAN data-contrast="none"> </SPAN><SPAN data-contrast="auto">or later</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_8-1624560766582.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291031i1CD6E1CB5D272492/image-size/medium?v=v2&amp;px=400" role="button" title="Arvind_Chandaka_8-1624560766582.png" alt="Arvind_Chandaka_8-1624560766582.png" /></span></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559740&quot;:240}">&nbsp;</SPAN></P> <P aria-level="2"><SPAN data-contrast="none">Public Preview:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">DLP On-Prem</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">The DLP on-premises scanner crawls on-premises data-at-rest in file shares and SharePoint document libraries and folders for sensitive items that, if leaked, would pose a risk to your organization or pose a risk of compliance policy&nbsp;violation&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to help prevent risky behavior that might compromise&nbsp;them</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">You need to leverage the Scanner binaries from AIP UL Client Version 2.10.43.0</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Arvind_Chandaka_9-1624560766597.png" style="width: 766px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/291034iA8C735709F3D447C/image-dimensions/766x446?v=v2" width="766" height="446" role="button" title="Arvind_Chandaka_9-1624560766597.png" alt="Arvind_Chandaka_9-1624560766597.png" /></span></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Wed, 28 Jul 2021 16:24:35 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-in-information-protection/ba-p/2483154 Arvind_Chandaka 2021-07-28T16:24:35Z Announcing Exciting Updates to Attack Simulation Training https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-exciting-updates-to-attack-simulation-training/ba-p/2455961 <H1>Simulation Automations</H1> <P>The modern enterprise, of any size, faces a challenge that the logistics involved in planning a phishing simulation exercise are often laborious and time-consuming to implement. So to help address this we are pleased to announce some extra functionality in Attack Simulation Training that we feel will bring some added benefits in this space by:</P> <P>&nbsp;</P> <UL> <LI>Helping move away from the traditional approach of running quarterly or annual simulations, to a more always on ‘educating’ model, by scheduling simulations to launch at a higher frequency (being mindful of simulation and training fatigue of course).</LI> </UL> <P>&nbsp;</P> <UL> <LI>Letting you schedule simulations up to a year in advance, so you decide the parameters of your simulations once in advance then you are good to go.</LI> </UL> <P>&nbsp;</P> <UL> <LI>Introducing some randomization elements around send times and dates to help combat the crowdsource effect that can occur when running large simulation exercises.</LI> </UL> <P>&nbsp;</P> <P>You can access the new functionality by selecting the “Simulation automations” tab within the main experience.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="blog1.png" style="width: 624px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/289392iC5E717920EF90A9F/image-size/large?v=v2&amp;px=999" role="button" title="blog1.png" alt="blog1.png" /></span></P> <P>&nbsp;</P> <P>When you create a simulation automation, the experience walks you through a wizard experience just like creating a manual simulation, with the addition of a few new steps.</P> <P>&nbsp;</P> <UL> <LI>Payload selection – Here we allow you to manually select what payloads you would like to be in scope for the simulations, or alternatively you can opt to randomize, where we will take a random payload from the available library and use that.</LI> </UL> <P>&nbsp;</P> <UL> <LI>Simulation schedule – Here, you get to decide if you would like a randomized schedule or a more predictable fixed schedule. What is the difference?</LI> </UL> <P>&nbsp;</P> <P>A <EM>randomized</EM> schedule lets you select a start date and end date, the days of the week you would like to be in scope for delivery and after how many simulation launches would you like the automation to stop.</P> <P>&nbsp;</P> <P>Once the automation is enabled, the simulations will be launched on random days between the dates you have specified. You can also choose to randomize the send times (to negate the water cooler effect of users receiving simulation messages at the same time and chatting about it).</P> <DIV id="tinyMceEditorStu Clark_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="blog2.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/289397i2D31FE5B3128AEE6/image-size/medium?v=v2&amp;px=400" role="button" title="blog2.png" alt="blog2.png" /></span></P> <P>&nbsp;</P> <P>A <EM>fixed</EM> schedule allows you to run automations in a more controlled manner. We take the same approach – you specify a start date and end date – however this time you are prompted to enter the cadence, either weekly or monthly and the parameters of how often you would like them to launch.</P> <P>&nbsp;</P> <P>For example, you can schedule an automation to run once a week for a period of 7 weeks starting every Monday, or you can also opt to end the simulations by a particular date or after a specific number of occurrences that you define.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="blog3.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/289399i43CF0B83D247DDD4/image-size/medium?v=v2&amp;px=400" role="button" title="blog3.png" alt="blog3.png" /></span></P> <P>&nbsp;</P> <H1>&nbsp;</H1> <H1>Government Cloud and Regional Availability Updates</H1> <P>&nbsp;</P> <H2>Attack Simulation Training is now live in GCC:</H2> <P>Starting 15 June 2021, Attack Simulation Training will be generally available in our Government Community Cloud. If your organization has Office 365 G5 GCC or Microsoft Defender for Office 365 (Plan 2) for Government, you can use Attack Simulation Training in Microsoft 365 Defender to run realistic attack scenarios in your organization as described <A href="#" target="_blank" rel="noopener">here</A>. Please note that the service is not yet available in GCC-High or DoD environments and this is part of our future roadmap.</P> <P>&nbsp;</P> <H2>Attack Simulation Training is now live in new regions:</H2> <P>Starting 16 June 2021, Attack Simulation Training will be generally available to tenants in Latin America, Brazil, and Switzerland that have Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2. For any guidance on running simulations, please start <A href="#" target="_blank" rel="noopener">here</A>. For frequently asked questions, please refer to our <A href="#" target="_blank" rel="noopener">FAQ page</A>.</P> <P>&nbsp;</P> <P>We hope you find the enhancements useful as you continue your journey of end-user education and behavior change. If you have any comments or feedback be sure to let us know.</P> <P>&nbsp;</P> Mon, 13 Sep 2021 18:22:46 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-exciting-updates-to-attack-simulation-training/ba-p/2455961 Stu Clark 2021-09-13T18:22:46Z Choosing an Azure Ledger Technology https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/choosing-an-azure-ledger-technology/ba-p/2451024 <P>At the annual Microsoft Build 2021 Developer Conference, we announced two new products that are based on blockchain technology.&nbsp;<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Azure Confidential Ledger</A>, now in preview, offers a fully managed service for customers who need to store sensitive data with high integrity and confidentiality.<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Azure SQL Database ledger</A>, also in preview, enables storage of sensitive relational data in a tamper-evident way.</P> <P>&nbsp;</P> <P>In this blog post, we’ll introduce you to both of these new products as well as help you understand when it makes sense to use them individually, together, and even with an existing blockchain system.</P> <H2 id="toc-hId--438452838">&nbsp;</H2> <H2 id="toc-hId--500329707">Azure Confidential Ledger</H2> <P>Enterprises running sensitive workloads need a secure way to store their logs and important metadata while collaborating with other parties.&nbsp; The<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Confidential Consortium Framework (CCF)</A><SPAN>&nbsp;</SPAN>is a Microsoft-created open framework for building confidential permissioned blockchain services. By running a confidential blockchain network of nodes in <A href="#" target="_self">secure enclaves</A>, data remains append-only with immutability guarantees and the data from the client goes straight to the ledger's enclaves.&nbsp;</P> <P>&nbsp;</P> <P>Building on the CCF framework,<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Azure Confidential Ledger</A><SPAN>&nbsp;</SPAN>(preview) provides the ability to store sensitive data records with integrity and confidentiality guarantees, all in a highly available and performant manner. Stored data remains immutable and tamper-proof in the append-only ledger with the benefits of a fully managed solution that provides infrastructure and operations so customers can get started quickly. The service provides these assurances by harnessing the power of<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">Confidential Computing</A>'s secure enclaves when setting up the decentralized blockchain network. Microsoft’s access is limited to setting up and managing the network, and this specialized design means that only the customer has access to transaction data in the Confidential Ledger.</P> <P>&nbsp;</P> <P>Asking yourself the following questions can help you decide if Azure Confidential Ledger is right for you:</P> <P>&nbsp;</P> <OL> <LI>Do you need to store unstructured data (i.e. files, digests) that must remain intact for recordkeeping purposes?</LI> <LI>Are you working with sensitive workflows where confidentiality must be maintained?</LI> <LI>Are you in need of a service that has high integrity and security with a minimalistic trusted computing base?</LI> <LI>Are you working with parties that need irrefutable evidence that tampering did not occur to the stored data?</LI> </OL> <P>If you said yes to one or more of these, Azure Confidential Ledger is right for you. Customers have been using Azure Confidential Ledger in various ways.<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener nofollow noreferrer">Novaworks</A>, an e-parliamentary software solution, is using Azure Confidential Ledger to securely log votes in a tamper-proof ledger for a high-fidelity voting process.</P> <P>&nbsp;</P> <H2 id="toc-hId--500329707">Azure SQL Database ledger</H2> <P><A href="#" target="_blank" rel="noopener noreferrer">Azure SQL Database ledger</A><SPAN>&nbsp;</SPAN>(preview) is a tamper-evident solution for your databases that provides cryptographic proof of your database’s integrity.&nbsp; Using a blockchain data structure implemented as system tables in your database, the ledger feature ensures that any transaction which modifies relational data in your database can be tracked, and any potential tampering detected and easily remediated.&nbsp; Providing proof that your data has not been tampered with is as simple as running a stored procedure that compares the calculated cryptographic hashes in your database against a database digest, which is published automatically in a secure location, such as Azure Confidential Ledger.&nbsp;</P> <P>&nbsp;</P> <P>Ledger is a feature of Azure SQL Database, meaning there is no additional cost to add tamper-evidence capabilities.&nbsp; You don’t have to migrate data from your existing SQL databases to add tamper-evidence capabilities and no changes are needed to your applications as ledger is an extension of existing SQL table functionality.&nbsp;</P> <P>&nbsp;</P> <P>Asking yourself the following questions can help you decide if Azure SQL Database ledger is right for you.</P> <P>&nbsp;</P> <OL> <LI>Do you have business-critical data in Azure SQL Database where you must ensure data integrity is intact?</LI> <LI>Can 3<SUP>rd</SUP><SPAN>&nbsp;</SPAN>parties who interact with your data accept a “trust, but verify” model rather than each party having a copy of the ledger?</LI> <LI>Do you need to prove to auditors or regulators that your data has not been tampered with?</LI> <LI>Do you have a need for queryability and strong data management capabilities, such as streaming data from a blockchain to an off-chain store while maintaining integrity from on-chain to off-chain?</LI> </OL> <P>If you can answer “yes” to any of these questions, then Azure SQL Database ledger is right for you.&nbsp; Customers like<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener nofollow noreferrer">RTGS.global</A>, who provide a global liquidity network for banks, are already using this capability to provide a ledger of transactions to regulators to prove that global banking transactions have not been tampered.&nbsp; Read our<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">blog</A><SPAN>&nbsp;</SPAN>to learn more.</P> <P>&nbsp;</P> <H2 id="toc-hId--500329707">Putting it all together</H2> <P>Trust is foundational in any business process that spans organizational boundaries.&nbsp; Microsoft goes beyond traditional blockchains, using the building blocks of this technology as the underpinning for the distributed ledger of Azure Confidential Ledger and the consolidated data store of Azure SQL Database ledger.&nbsp; These solutions empower our customers to apply the power of blockchain to sensitive data, simplifying solution development, reducing cost and providing a new level of digital trust to transactions.</P> <P>&nbsp;</P> <P>Deciding which technology is best for your needs ultimately depends on the level of trust between parties transacting with the data, and the type of data being protected.&nbsp; In addition to the points mentioned above, consider the following when deciding whether Azure SQL Database ledger or Azure Confidential Ledger is right for you.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ShubhraS_1-1623871091233.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/289305iB0F3E45F3CADBDCC/image-size/large?v=v2&amp;px=999" role="button" title="ShubhraS_1-1623871091233.png" alt="ShubhraS_1-1623871091233.png" /></span></P> <H2 id="toc-hId--500329707">Learn more</H2> <UL> <LI>Read the Azure Confidential Ledger announcement<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">blog</A><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">documentation</A><SPAN>&nbsp;</SPAN>to learn more about how this new service is empowering our customers and securing their work.</LI> <LI>Read the Azure SQL Database ledger<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">documentation</A><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">whitepaper</A><SPAN>&nbsp;</SPAN>to learn more about how the ledger feature works and how to use it with your Azure SQL Database.</LI> </UL> Tue, 21 Sep 2021 16:00:46 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/choosing-an-azure-ledger-technology/ba-p/2451024 ShubhraS 2021-09-21T16:00:46Z MIP and MIG Scenario Based Demos! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mip-and-mig-scenario-based-demos/ba-p/2433555 <P>We are proudly announcing the official launch of our Microsoft 365 Compliance Scenario Based Demos (SBD) video series. Through the series, we will demonstrate how Microsoft Information Protection (MIP) and Microsoft Information Governance (MIG) components can be implemented in a scripted walk-through to provide end-to-end Information protection and governance solution to enforce privacy and ensure compliance with regulatory requirements.</P> <P>&nbsp;</P> <P>This is a technical demo series – except for the first 2 sessions – that will aim to raise awareness of the MIP and MIG capabilities, and provide another channel to get us more connected with the public audience, providing the opportunity for YOU to share feedback, suggest features and influence our products.</P> <P>&nbsp;</P> <P>So what are you waiting for? Head to https://<A href="#" target="_blank" rel="noopener">aka.ms/MIPC/SBD-Episode1</A>, and start watching. Don't forget to hit the subscribe button and leave some feedback!</P> <P>&nbsp;</P> <P>Also, don't forget to check our One Stop Shop for ALL our resources: <A href="#" target="_blank" rel="noopener">https://aka.ms/mipc/OSS</A></P> Thu, 10 Jun 2021 16:39:31 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mip-and-mig-scenario-based-demos/ba-p/2433555 Mavi Etzyon-Grizer 2021-06-10T16:39:31Z Setting up a New Phish Simulation Program - Part Two https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-two/ba-p/2432167 <H1>Introduction</H1> <P>In the <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-one/ba-p/2412854" target="_blank" rel="noopener">first part of this blog</A>, we covered how to determine your Program Goals and what Resources and Dependencies you would need for a successful program. In this part, we’ll be covering the other critical questions you’ll need to answer to fully land your program for maximum success.</P> <P>&nbsp;</P> <P>If you are interested in going deep to get strategies and insights about how to develop a successful security awareness training program, please join the discussion in this upcoming Security Awareness Virtual Summit on June 22<SUP>nd</SUP>, 2021, hosted by <A href="#" target="_blank" rel="noopener">Terranova Security</A> and sponsored by Microsoft. You can sign up to attend by <A href="#" target="_self">clicking here</A>.</P> <H1>Targeting</H1> <P>The first question you must answer for your simulation program is "Who should I target?". The answer to this question can be complicated, but the short answer boils down to "everyone who needs it". Spoiler alert: everyone in your organization needs it. This includes your executives, your frontline workers, everyone that might interact with email and that might have access to organizational resources. Microsoft has seen an enormous variation on how different organizations have approached the audience question, but we think the best ones start with the assumption that every member of the organization should be exposed regularly, and that higher risk and higher impact members should be targeted with special cycles (more on this below with the frequency question). You should think through partner and vendor relationships and consider requiring training of any users that have access to your organization's resources. The best tools are ones that will integrate with your existing organizational directories, so figuring out how to segment and target these audiences should be as easy as searching for groups or users in your directory and adding them to the target list.</P> <DIV id="tinyMceEditorBrandon Koeller_5" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="targeting.jpg" style="width: 956px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/287564i1D633AA47365E9BA/image-dimensions/956x538?v=v2" width="956" height="538" role="button" title="targeting.jpg" alt="targeting.jpg" /></span></P> <H1>Frequency</H1> <P>The second, significantly more complicated question is "How often should I do phish simulations?". The answer to this question is something along the lines of "As often as you need to minimize bad behavior (clicking phishing links), maximize good behavior (reporting phish) of your users, and not significantly negatively impact their productivity." Like with targeting philosophies, Microsoft has seen enormous variation with different organizations. We understand that your organizational risk culture, risk tolerance, and resourcing will define the best answer to this question for your organization, and so you should take the below recommendations with a grain of salt. Most organizations try to balance how much time and energy goes into actually creating and sending out a phish simulation against the potential productivity impact to users. Doing more frequent simulations can be a lot of work for the program owner, although more data can be very helpful in maximizing the impact of the training on end user behavior.</P> <P>&nbsp;</P> <OL> <LI>Every user in your organization should be exposed to a phishing simulation at least quarterly. Only do this if your training experiences are differentiated and short. Longer training, of the exact same content, required quarterly, will not produce better results and will irritate your users. If you can confidently differentiate your training per user, and constrain the educational experience to a few minutes, quarterly is a healthy cadence to remind your users of the risks of phishing.</LI> <LI>High-risk or high-impact users should be targeted more frequently, at least until they can consistently demonstrate an ability to correctly identify and report phishing messages. Daily or weekly simulations don't seem to produce significantly better results, so we recommend a monthly cadence for these groups.</LI> </OL> <P>One consideration we think you should make when determining your simulation frequency is that the work of actually selecting payloads, target audiences, and training experiences for users is significant, but that automation can ease this burden. So long as your phish simulations positively impact behavior, and don't negatively impact productivity, you should strive to engage users in this very common, and very impactful malicious attack technique as often as you can. More on this in the section about Operationalization.</P> <H1>Payloads</H1> <P>Payloads are the actual email that gets sent to end users that contains the malicious link or attachment. As mentioned in the goal setting portion above, click-through rates for your simulation are, in large part, a function of the payload you select. The conceit of any given payload will hook different users very differently, depending on their personal motivations and psychology. Every quality tool will include a large library of payloads from which you can select. We think the following criteria are important considerations when selecting your payloads:</P> <UL> <LI>Research shows that trickier payloads are better at engaging end users and changing their behavior. If you pick payloads that are really obviously phishing, you may end up with a great, low click-through rate, but your end users aren't really learning anything. Resist the urge to pick low complexity, or 'easy' payloads for your users because you want them to successfully avoid getting phished. Instead, rely on mechanisms like the Microsoft 365 Attack Simulation Training tool's Predicted Compromise Rate to baseline and measure actual behavioral impact. More on this below.</LI> <LI>Use authentic payloads. This means that you should always seek to use payloads that are created by the exact same bad guys that are attacking your organization. There are many different levels of phishing (phishing, spearphishing, whaling, etc.) and effective attackers will tune and adjust their payloads for maximum impact against your users. If you try to make up silly phishing payload themes (bedbugs in the office!), you might be able to highlight that users will fall for anything, but you won't be teaching them what real attackers do. The caveat to this is that the payloads you use should not, under any circumstances, contain actual malicious links or code. Real world payloads should be thoroughly de-weaponized before use in simulations.</LI> <LI>Don't be shy about leveraging real world brands. Attackers will use anything and everything at their disposal. Credit card brands, banks, social media, legal institutions, and companies like Microsoft are very common. Figure out what attackers are using against your users and leverage it in your phish sim payloads.</LI> <LI>Thematic payloads are powerful teaching tools. Attackers are opportunistic and will leverage real world events such as COVID-19 in their campaigns. Pay attention to world events and business-impacting themes and leverage them in your payloads.</LI> <LI>Try not to use the same payloads for every user. This recommendation is tricky, especially if you are using static click-through rates to measure your click susceptibility. You want to be able to compare the click-through rates of user A vs. user B and that usually requires a common payload lure. However, using the same payload for all users can lead to something called the Gopher Effect, where your users will start popping up their heads and letting the people around them know that there is a company-wide phishing exercise going on. Varying payload delivery and content helps tamp this down.</LI> <LI>Don't be precious about payloads selection. It is something that every user in your org will see, and so you want to make sure it doesn't have any obvious errors or offensive content. Over-investing time and energy into something that attackers spend mere moments on can dramatically increase the cost of your simulation program. Instead, we recommend you curate a large library of payloads that you want to use, and leverage automation to select randomly from your library.</LI> </UL> <DIV id="tinyMceEditorBrandon Koeller_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="payloads.jpg" style="width: 955px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/287565iB364584100503BDF/image-dimensions/955x537?v=v2" width="955" height="537" role="button" title="payloads.jpg" alt="payloads.jpg" /></span></P> <P> </P> <H1>Training</H1> <P>Every phish simulation includes several components that are educational in nature. These include the payload, the cred harvesting page and URL, the landing page at the end of the click-through, and then any follow-on interactive training that might get assigned. The training experiences you select for your users will be crucial in turning a potentially negative event (I've been tricked!) into a positive learning experience. As such, we recommend the following guidelines:</P> <P>&nbsp;</P> <UL> <LI>The landing page at the end of the click-through is your best opportunity to teach about the actual payload indicators. M365 Attack Simulation Training includes a landing page per simulation that renders the email message the user just received annotated with 'coach marks' describing all the things in the payload that the user could or should have noticed to indicate it was phishing. These pages are usually customizable, and you should make efforts to tailor the language to be non-threatening and engaging for the user.</LI> <LI>Every user should complete a formal training course that describes general phishing techniques and appropriate responses at least annually. The M365 Attack Simulation Training tool provides a robust library of content from Terranova Security that covers these topics in a variety of durations from 20 minutes to as little as 15 seconds. Once they have completed one course, we recommend you target different courses based on their actions taken during subsequent simulations. Don't make the user take the same course more than once per year, regardless of their actions.</LI> <LI>The training course assignment should be interactive, engaging, inclusive, and accessible on multiple platforms, including mobile.</LI> <LI>Many organizations opt to not assign training at the end of any given simulation because the phish guidance is included in other required employee training. Every organization will have a different calculus for training impacts on productivity and so we leave it to you to determine whether this makes sense for you or not. If you find that repeated simulations aren't changing your user behaviors with phishing, consider incorporating more training.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="training.jpg" style="width: 953px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/287566i83CF0FA45C71B854/image-dimensions/953x536?v=v2" width="953" height="536" role="button" title="training.jpg" alt="training.jpg" /></span></P> <P> </P> <H1>Operationalization</H1> <P>For any given phish simulation, you'll find that you will have a fairly complex process to navigate to successfully operate your program. Those steps fall into approximately five major phases:</P> <P>&nbsp;</P> <UL> <LI><EM>Analyze</EM>. What are my regulatory requirements? How much do my users understand about phishing? What kind of training will help them? Which parts of the organization are high risk or high impact for phishing? How susceptible am I to phishing?</LI> <LI><EM>Plan</EM>. Who needs to review and sign off on my simulation? Who am I going to target with which payloads, how often, and with what training experiences? What do I expect my click-through and report rates will be? What do I want them to be? Which payloads should I use?</LI> <LI><EM>Execute</EM>. Who will actually send the simulations? Have I notified the security ops team and leadership? What is the plan if something goes wrong?</LI> <LI><EM>Measure</EM>. What specific measures am I tracking? How will I aggregate and analyze the data to draw the best insights and learnings from the data? Which training experiences are affecting overall susceptibility?</LI> <LI><EM>Optimize</EM>. What is working and what should change? Which users need more help? What impacts are the simulations and training having on overall productivity? How will I communicate the status of the program to stakeholders?</LI> </UL> <P>&nbsp;</P> <P>With the right tool, huge portions of this process can be automated, and we strongly suggest that you leverage those capabilities to lower your program costs and maximize your impact. Two pieces of automation are available in the M365 Attack Simulation Training tool today:</P> <UL> <LI><EM>Payload Harvesting automation</EM>. This will allow you to harvest payloads from your organization's threat protection feed, de-weaponize it, and publish it to your organization's payload library. This is the best, most authentic source of payloads for use in simulations. It is literally what real world attackers are sending to your users. Let the bad guys help inoculate your users against their tactics.</LI> <LI><EM>Simulation automation</EM>. This capability will allow you to create workflows that will execute a simulation over some specified period of time and randomize the delivery, payloads, and targeted user audience in a way that offsets the groundhog effect and lowers the risk of a single, huge simulation going awry.</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="simconfig.jpg" style="width: 951px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/287569iCDAB80CDA52C019D/image-dimensions/951x535?v=v2" width="951" height="535" role="button" title="simconfig.jpg" alt="simconfig.jpg" /></span></P> <P> </P> <H1>Measuring Success</H1> <P>As mentioned in the goals section above, your program is essentially measuring how susceptible your organization is to phishing attacks, and the extent to which your training program is impacting that susceptibility. The key here is which specific metric do you use to express that susceptibility? Static click-through rates are problematic because they are driven by payload complexity and conceit. It is a reasonable place to start your program health measurements, alongside report rates, but it quickly becomes problematic when you need to compare two different simulations against each other and track progress over time.</P> <P>&nbsp;</P> <P>Our suggestion is to leverage metadata like Microsoft 365 Attack Simulation Training's Predicted Compromise Rate to normalize cross-simulation comparisons. Instead of measuring absolutely click-through rates, you measure the difference between the predicted compromise rate and your actual compromise rate, grounded along two dimensions: Percentage Delta and Total Users Impacted. We believe this metric is a much better, authentic representation of how training is changing end user behavior and gives you a clearer path to changing your approach.</P> <P>&nbsp;</P> Mon, 13 Sep 2021 18:23:26 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-two/ba-p/2432167 Brandon Koeller 2021-09-13T18:23:26Z Microsoft Defender for Identity Experiences in Microsoft 365 Defender https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-experiences-in-microsoft-365/ba-p/2414610 <P>Microsoft Defender for Identity is a cloud-based security solution that leverages on-premises Active Directory (AD) signals&nbsp;to protect on-premises identities,&nbsp;detect and investigate lateral movement of on-premises attacks, and identify&nbsp;compromised&nbsp;identities and malicious insiders.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P><IFRAME src="https://www.microsoft.com/en-us/videoplayer/embed/RWB19k" width="500" height="300" allowfullscreen="allowfullscreen" wmode="transparent"></IFRAME></P> <P>&nbsp;</P> <P><STRONG>We have exciting news to share!</STRONG></P> <P>&nbsp;</P> <P><STRONG>Microsoft Defender for Identity’s features are in the process of being made available as part of Microsoft 365 Defender, accessible through security.microsoft.com.&nbsp;</STRONG></P> <P>&nbsp;</P> <P>Following similar work done by the Defender for Endpoint and Defender for Office 365 teams, Defender for Identity will start making features available as part of Microsoft 365 Defender. This means all your Microsoft 365 Defender products will be in one location, simplifying administration and making life easier for administrators, SecOps analysts, and threat hunters.</P> <P>&nbsp;</P> <P>This blog series will be the source of truth to keep you on track on which Defender for Identity features are available as part of Microsoft 365 Defender and which features will be soon released. You can always come to the latest entry in this blog series by heading to <A href="#" target="_blank" rel="noopener">https://aka.ms/MDIPortalConverge</A>. We’ll also reference any of the previous entries in the series any time we post a new update.</P> <P>We recommend that customers start using these features in the Microsoft 365 security center (security.microsoft.com) as and when they are available in public preview. In addition to Defender for Identity features, you will have the ability to use unique Microsoft 365 Defender features such as <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/microsoft-365-defender-enriches-the-microsoft-defender-for/ba-p/1808275" target="_blank" rel="noopener">advanced hunting, incident correlation, and custom detection rules</A>.</P> <P>&nbsp;</P> <P>These all benefit from having Defender for Identity data contributing to them, providing customers with the unique lens of on-premises identity to their threat hunting capabilities.</P> <P>&nbsp;</P> <P>We’ll populate the table below with the latest features that land in Microsoft 365 Defender, along with any documentation that’s been released to support it. We normally announce these releases on our Tech Community blog, and so we’ll also link to those blog posts too.</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD width="200px" height="30px" style="width: 200px;"> <P><STRONG>Feature</STRONG></P> </TD> <TD width="350px" height="30px" style="width: 350px;"> <P><STRONG>Documentation</STRONG></P> </TD> <TD width="350px" height="30px" style="width: 350px; vertical-align: middle;"> <P><STRONG>Blogs</STRONG></P> </TD> </TR> <TR> <TD width="200px" height="85px"> <P>Native Alert Page&nbsp;</P> </TD> <TD width="350px" height="85px"> <P><A href="#" target="_blank" rel="noopener">Microsoft Defender for Identity security alerts in Microsoft 365 Defender | Microsoft Docs</A></P> </TD> <TD width="350px" height="85px"> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-365-defender/microsoft-defender-for-identity-native-alert-page-in-microsoft/ba-p/2348443" target="_blank" rel="noopener">Microsoft Defender for Identity native alert page in Microsoft 365 Defender - Microsoft Tech Community</A></P> </TD> </TR> <TR> <TD width="200px" height="112px"> <P>Advanced Hunting</P> </TD> <TD width="350px" height="112px"> <P><A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-identitylogonevents-table?view=o365-worldwide</A></P> </TD> <TD width="350px" height="112px"> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/using-microsoft-defender-for-identity-data-to-make-powerful/ba-p/2404305" target="_blank" rel="noopener">Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries - Microsoft Tech Community</A></P> </TD> </TR> <TR> <TD> <P>&nbsp;</P> <P>Administration and configuration settings</P> <P>&nbsp;</P> </TD> <TD> <P><A href="#" target="_blank">https://docs.microsoft.com/en-us/microsoft-365/security/defender-identity/sensor-health?view=o365-worldwide</A>&nbsp;</P> </TD> <TD> <P><A tabindex="-1" title="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-experiences-in-microsoft-365/ba-p/2414610" href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-experiences-in-microsoft-365/ba-p/2414610" target="_blank" rel="noopener noreferrer" aria-label="Link Microsoft Defender for Identity Experiences in Microsoft 365 Defender - Microsoft Tech Community">Microsoft Defender for Identity Experiences in Microsoft 365 Defender - Microsoft Tech Community</A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>To learn more about Defender for Identity, you’ll find all documentation <A href="#" target="_blank" rel="noopener">here</A> and training resources we have <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/microsoft-defender-for-identity-ninja-training/ba-p/2117904" target="_blank" rel="noopener">here.</A> Remember to bookmark this link for the latest news too.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 27 Jul 2021 16:29:49 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-defender-for-identity-experiences-in-microsoft-365/ba-p/2414610 Banu Jafarli 2021-07-27T16:29:49Z Setting up a New Phish Simulation Program - Part One https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-one/ba-p/2412854 <H1>Introduction</H1> <P>The modern enterprise, of any size, faces a complex and dangerous threat landscape. Compliance risk and security threats, both internal and external, have to be managed with a dizzying array of technologies, processes, and subject matter experts. The security industry and every major cloud service provider will tell you that end user phishing is the most common and most successful breach vector for any modern organization. Microsoft 365 Security, Compliance, Identity, and Management (M365 SCIM) provides an integrated, holistic solution to these existential risks, including phish prevention. In this blog, we want to share our best practices for creating an effective and actionable end user phishing training program.</P> <P>&nbsp;</P> <P>Every organization should start with a robust technical solution to eliminate the vast majority of phishing attempts on your organization. Microsoft Defender for Office 365 is an excellent option. The organization should then focus on creating a robust and capable security operations and administration team that can react and respond to successful phishing attacks, which will inevitably happen. You should hire good security and compliance operators, and then equip them with the right tools and resources to manage those risks.</P> <P>&nbsp;</P> <P>Finally, we believe every organization should have a data-driven phish training and behavior modification program in place to help their employees first understand how to correctly identify phishing attempts and to help them take the correct action when those threats are identified. Below, we lay out our recommendations for appropriate program goals, resources, simulation construction, training, and measuring success.</P> <H1>Goals of the Program&nbsp;</H1> <P>Phish training programs should have at least two main program goals:</P> <UL> <LI><STRONG>Measure and track the organization's susceptibility to phishing</STRONG>. This goal, while simple sounding, is quite complex to achieve. Most organizations use a click-through rate on phish simulation exercises across the organization to determine their overall susceptibility, and then&nbsp; adopt target click-through rates on simulations over time. For example, an org might run a simulation against all users at the beginning of the fiscal year, and measure that 21% of their users clicked the link of the credential harvesting phish simulation payload, and 15% actually gave up their credentials. They would then set their baseline compromise rate at 15% with a target to reduce it to 12% by the end of the fiscal year. This captures the extent to which the organization thinks users will do a 'bad' behavior in a phishing attempt. Good programs will go even further to measure whether the end user will do a 'good' behavior by reporting the phish message to security operations.</LI> </UL> <P>There are several problems with only using static click through rates to measure susceptibility. Phish clicking susceptibility depends, profoundly, on the quality of the payload being used. Attackers are known to use very cheap, generic payloads targeted at any user and can achieve high success rates. Specially crafted, high-targeted payloads directed towards high-value individuals are very difficult to detect, and have scary-high success rates. The best phish simulation solutions will leverage real-world payloads for their simulations, but program administrators are sophisticated enough to make an educated guess at whether any given simulation payload will have a higher or lower click-through rate based on its 'complexity' or 'difficulty'. This means that payload quality is the primary driver of your click through metric, and not actual end-user susceptibility.</P> <OL> <LI>Click-through rates likely don't take into account the impact of any given individual being compromised, and don't take into account the coverage of your simulation metric. You might establish a cross-organization metric at annual, or semi-annual simulations, but a much smaller number of employees, who are targeted at much higher rates because of their perceived value to attackers, might be getting 10x the number of attempts. Large-scale, infrequent simulations miss out on the nuances of high risk populations to your overall susceptibility.</LI> <LI>There are many different kinds of phishing attacks, and if your organization is only measuring the click-through rates of credential harvesting attacks, you might find very different compromise rates for different types of phishing attacks such as malware downloads, illicit app consent grants, or drive-by phishing. Like payloads, the type of attack being leveraged can have a huge impact on the baseline click through rate.</LI> <LI>Phish susceptibility is driven by externalities such as attacker focus, frequency, end user behaviors required for their job function. It is important to remember that while click-through rate is a direct measure of end user behavior, that behavior isn't the only component of the overall phishing risk. If you assume that <EM>any</EM> user will eventually get tricked by a phishing attempt (which is a very safe assumption), the contours of that compromise is driven mostly by how badly the attacker wants to compromise that specific user, or whether that user's job requires them to click on a lot of links from external parties, or to open a lot of attachments sent from third parties. Your overall susceptibility is a function of both of these components.</LI> </OL> <P>&nbsp;</P> <UL> <LI><STRONG>Educate users on how to identify and deal with phishing attempts</STRONG>. This goal is the more measurable and achievable one of the program. Phish simulations provide you with an opportunity to engage end users in two types of learning. First, the user is exposed to a very realistic execution of what a real-world phishing attack will look like from the end-user's perspective.&nbsp; Second, the user is connected to a differentiated training experience that explains how an attack works, and why it is important to prevent phishing. Most organizations have annual required corporate training topics, and so the key here is to balance the time burden of another training topic against the regular day job of its users. More on what the training experience should be like for end users below. Organizations should start with a strategy to differentiate the training in a way that connects directly to the users' knowledge and experience. Tracking completion rates, frequency, and productivity impact is a straightforward measure from there.</LI> </UL> <H1>Resources and Dependencies</H1> <P>Phish training programs are a key element of any organizational strategy to address behavioral risk, but since the core mechanism behind these programs is interacting with your users in the same way that real world attackers are going to try to engage them, you should be very transparent and intentional in the creation of these programs. There are four key resources and dependencies you will need to fulfill to get your program up and running.</P> <OL> <LI><STRONG>Executive sponsorship</STRONG>. Starting at the highest levels of the organization, your CISO, CTO, and CEO should all have a clear understanding of the purpose and implementation of your program. Strategically, they should be bought into the idea that the best way to teach and learn is through authentic experiences, and in the case of phishing, that means actually trying to phish your users with real-world payloads. It is not uncommon for Boards of Directors and other oversight functions to require phish simulation programs for organizational members.</LI> <LI><STRONG>Program owner</STRONG>. There are enough moving parts in creating and operating an effective phish program that having an individual responsible for the program is very common in the industry. Smaller organizations may have security admins operate the program overlapping with other duties, but if your org is mid-size or larger, we very often see dedicated people own and operate the program. Given the centrality of education to the mission, we've seen phish sim program owners align themselves with the security and compliance organization or human resources in equal measure. This person will be selecting payloads, determining simulation timing, selecting target groups, tracking metrics and results, and ensuring the end user experience is as educationally impactful as possible. Larger organizations may even employ a team of people to fulfill this mission.</LI> <LI><STRONG>Tooling</STRONG>. While it is theoretically possible to perform a phishing exercise without an actual tool, or using <A href="#" target="_blank" rel="noopener">open-source platforms</A>, you'll need significant technical expertise and a lot of manual work to stitch together the entire picture. Our recommendation is to license and use a commercial phish simulation tool, that includes end user training, robust metrics, and a library of authentic payloads. Microsoft Defender for Office 365 has an excellent, integrated, no-config solution called <A href="#" target="_blank" rel="noopener">Attack Simulation Training</A>. For most of the technical requirements we lay out below, we'll assume that you are using the M365 Attack Simulation Training product.</LI> <LI><STRONG>Security and Compliance stakeholder alignment</STRONG>. Your phish simulation program is doing something that most risk professionals worry about every day: exposing end users to attacker behavior. Users that don’t understand the purpose or context for these exercises can wreak havoc on normal security and compliance operations. They can cause big spikes in help desk escalations, and are fearful about why the organization is trying to catch them out by measuring their potential failure. Aligning your program goals, and mostly importantly it's execution, with your security operations is crucial for keeping everyone on the same page. Many organizations actually have their security operators perform the actual simulation creation. Ensuring your ops aren't overwhelmed with reports and escalations will maximize your results in the long run.</LI> </OL> <DIV id="tinyMceEditorBrandon Koeller_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2021-06-02_10-21-35.jpg" style="width: 939px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/286044i2A3DFCDDDBCD442A/image-dimensions/939x528?v=v2" width="939" height="528" role="button" title="2021-06-02_10-21-35.jpg" alt="2021-06-02_10-21-35.jpg" /></span></P> <P> </P> <P>Once you have these four key resources and dependencies in place, you can now work through the actual execution and analysis of your program.</P> <P>&nbsp;</P> <P>Stay tuned for <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-two/ba-p/2432167" target="_self">Part 2 of this blog</A> where we’ll cover Targeting, Frequency, Payloads, Training, Operationalization, and Measuring Success.</P> <P>If you are interested in going deep to get strategies and insights about how to develop a successful security awareness training program, please join the discussion in this upcoming Security Awareness Virtual Summit on June 22<SUP>n</SUP><SUP>d</SUP>, 2021, hosted by <A href="#" target="_blank" rel="noopener">Terranova Security</A> and sponsored by Microsoft. You can sign up to attend by <A href="#" target="_blank" rel="noopener">clicking here</A>.</P> <P>.</P> Mon, 13 Sep 2021 18:23:05 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/setting-up-a-new-phish-simulation-program-part-one/ba-p/2412854 Brandon Koeller 2021-09-13T18:23:05Z Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/using-microsoft-defender-for-identity-data-to-make-powerful/ba-p/2404305 <P>It’s been a while since we last talked about the events captured by Microsoft Defender for Identity. We last published a blog <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-365-defender/hunt-for-threats-using-events-captured-by-azure-atp-on-your/ba-p/1598212" target="_blank" rel="noopener">in August last year</A> and so we thought it would be a good opportunity to give you an update with the latest events you can use to hunt for threats on your domain controllers using advanced hunting in Microsoft 365 Defender.</P> <P>&nbsp;</P> <P>As a general rule of thumb, all Defender for Identity activities that are available in Microsoft 365 Defender advanced hunting fit into one of four data sets:</P> <P>&nbsp;</P> <UL> <LI>IdentityInfo</LI> <LI>IdentityLogonEvents</LI> <LI>IdentityQueryEvents</LI> <LI>IdentityDirectoryEvents</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1 (2).png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/285338iA05E99AD7F96199A/image-size/large?v=v2&amp;px=999" role="button" title="1 (2).png" alt="1 (2).png" /></span></P> <H6 class="lia-align-center"><EM>(Figure 1 - The advanced hunting console available as part of Microsoft 365 Defender)</EM></H6> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Learn about accounts in your organization using IdentityInfo</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P>Every effective threat hunting style investigation starts with understanding what users we are protecting, and this is what we are presented with using the IdentityInfo table. Although this data set is not exclusive to Defender for Identity, it does provide comprehensive details for the accounts being utilized in the environment. Using information made available from this data set, you can easily correlate different account attributes such as cloud / on-premises SID, UPN, and object ID.</P> <P>&nbsp;</P> <P>This table also provides rich account information from Active Directory such as personal details (name, surname, city, country), professional information (job title, department, email address), and other AD attributes (domain, display name).</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="ruby">//Find out what users are disabled. IdentityInfo | where IsAccountEnabled == “0” | summarize arg_max(AccountName,*) by AccountUpn</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Correlating information between Defender for Identity and Defender for&nbsp;</STRONG><STRONG>Endpoint</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P>With Defender for Identity installed in your organization, your on-premises Active Directory identities are protected against advanced threats, and you also have visibility into various logon events. These authentication activities, along with those being captured by Azure AD feeds into IdentityLogonEvents data set, where you can hunt over authentication activities easily.</P> <P>&nbsp;</P> <P>Defender for Identity activities are covering authentications over Kerberos, LDAP, and NTLM. Each authentication activity provides details such as the account information, the device the authentication activity was performing on, network information (such as the IP and port number), and more.</P> <P>&nbsp;</P> <P>Harnessing this data, you can easily hunt over abnormal logons during non-working hours, learn more about logon routine in the network, and correlate data with Microsoft Defender for Endpoint.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="ruby">// Enrich logon events with network activities happening on the device at the same time IdentityLogonEvents | where Timestamp &gt; ago(7d) | project LogonTime = Timestamp, DeviceName, AccountName, Application, LogonType | join kind=inner ( DeviceNetworkEvents | where Timestamp &gt; ago(7d) | project NetworkConnectionTime = Timestamp, DeviceName, AccountName = InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessCommandLine ) on DeviceName, AccountName | where LogonTime - NetworkConnectionTime between (-2m .. 2m)</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Queries targeting Active Directory objects</STRONG></P> <P>&nbsp;</P> <P>With IdentityQueryEvents, you can quickly find out what queries are targeting the domain controller. Queries can happen over the network either naturally by different services or legitimate activities in the network but can often be used by an attacker to perform reconnaissance activities on different objects like users, groups, devices or domains – seeking out those with certain attributes or privileges.</P> <P>&nbsp;</P> <P>In certain attack vectors, like <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/helping-protect-against-as-rep-roasting-with-microsoft-defender/ba-p/2244089" target="_blank" rel="noopener">AS-REP Roasting that we covered in an earlier blog post</A>, the reconnaissance portion often involves the attacker performing enumeration techniques to find users that have the pre-authentication attribute turned on. This can be found easily with a similar query:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="ruby">IdentityQueryEvents | where Timestamp &gt; ago(1d) | where QueryTarget == "Domain Admins" | where Query contains "attribute" | take 100</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Track Active Directory changes</STRONG></P> <P>&nbsp;</P> <P>Finally, we have the IdentityDirectoryEvents table. In general, this table captures three categories of events on your domain controller:</P> <UL> <LI>Remote code execution.</LI> <LI>Changes to attributes of Active Directory objects, including groups, users, and devices.</LI> <LI>Other activities performed against the directory, such as replication or SMB session enumeration.</LI> </UL> <P>Also, starting with <A href="#" target="_blank" rel="noopener">Defender for Identity version 2.148</A><SPAN>, </SPAN>if you&nbsp;<A href="#" target="_blank" rel="noopener">configure and collect</A>&nbsp;event ID 4662, Defender for Identity will report which user made the&nbsp;<A href="#" target="_blank" rel="noopener">Update Sequence Number (USN)</A>&nbsp;change to various Active Directory object properties. For example, if an account password is changed and event 4662 is enabled, the event will record who changed the password. As a result, this information can be found using advanced hunting.</P> <P>&nbsp;</P> <P>Here is a sample query you can use:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="ruby">// Track service creation activities on domain controllers IdentityDirectoryEvents | where ActionType == "Service creation" | extend ServiceName = AdditionalFields["ServiceName"] | extend ServiceCommand = AdditionalFields["ServiceCommand"] | project Timestamp, ActionType, Protocol, DC = TargetDeviceName, ServiceName, ServiceCommand, AccountDisplayName, AccountSid, AdditionalFields | limit 100</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>As always, please let us know what you think and how we can enhance this capability further. Let us know what you use advanced hunting for in the comments too!</P> <P>&nbsp;</P> <P>To learn more about advanced hunting in Microsoft 365 Defender and these new enhancements, go to the following links:</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Advanced hunting overview</A></LI> <LI><A href="#" target="_blank" rel="noopener">Preview features</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 Defender GitHub community</A></LI> </UL> Wed, 30 Jun 2021 16:40:30 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/using-microsoft-defender-for-identity-data-to-make-powerful/ba-p/2404305 Daniel Naim 2021-06-30T16:40:30Z Microsoft Announces the General Availability of the Microsoft Compliance Extension for Chrome https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-announces-the-general-availability-of-the-microsoft/ba-p/2389371 <P><SPAN data-contrast="none">Microsoft’s unified Data Loss Prevention solution&nbsp;</SPAN><SPAN data-contrast="none">provides a simpl</SPAN><SPAN data-contrast="none">e and unified</SPAN><SPAN data-contrast="none">&nbsp;approach to protecting sensitive information from risky or inappropriate sharing, transfer, or use.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">Today we are pleased to announce the General Availability of the&nbsp;</SPAN><SPAN data-contrast="none">Microsoft&nbsp;</SPAN><SPAN data-contrast="none">Compliance Extension for&nbsp;</SPAN><SPAN data-contrast="none">C</SPAN><SPAN data-contrast="none">hrome, available from the&nbsp;</SPAN><SPAN data-contrast="none">C</SPAN><SPAN data-contrast="none">hrom</SPAN><SPAN data-contrast="none">e</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">web</SPAN><SPAN data-contrast="none">&nbsp;store&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>here</SPAN></A><SPAN data-contrast="none">.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">Many organizations use the Chrome browser to support sensitive workflows and w</SPAN><SPAN data-contrast="none">ith this extension, customers now have Microsoft DLP and Insider Risk Management capabilities with</SPAN><SPAN data-contrast="none">in</SPAN><SPAN data-contrast="none">&nbsp;the Chro</SPAN><SPAN data-contrast="none">me</SPAN><SPAN data-contrast="none">&nbsp;browser of the</SPAN><SPAN data-contrast="none">ir</SPAN><SPAN data-contrast="none">&nbsp;onboarded endpoint devices</SPAN><SPAN data-contrast="none">,</SPAN><SPAN data-contrast="none">&nbsp;so</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">they can:</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none">Use Chrome as an approved browser&nbsp;</SPAN><SPAN data-contrast="none">with</SPAN><SPAN data-contrast="none">&nbsp;DLP for working with sensitive&nbsp;data</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none">Create custom&nbsp;</SPAN><SPAN data-contrast="none">and fine-grained&nbsp;</SPAN><SPAN data-contrast="none">DLP policies for Chrome to ensure sensitive data is properly handled and protected from disclosure including:</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN> <UL> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none"><STRONG>Audit mode</STRONG>: </SPAN><SPAN data-contrast="none">R</SPAN><SPAN data-contrast="none">ecords policy violation events without impacting end-user&nbsp;activity</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none"><STRONG>Block with Override mode</STRONG>: </SPAN><SPAN data-contrast="none">R</SPAN><SPAN data-contrast="none">ecords and blocks the activity, but allows the user to override when they have a legitimate business&nbsp;need</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none"><STRONG>Block mode</STRONG>: </SPAN><SPAN data-contrast="none">R</SPAN><SPAN data-contrast="none">ecords and blocks the activity without</SPAN><SPAN data-contrast="none">&nbsp;giving the user</SPAN><SPAN data-contrast="none">&nbsp;the ability to&nbsp;override </SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> </LI> </UL> <UL> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none">Use DLP events from Microsoft Compliance Extension for Chrome to support Insider Risk Management assessments and&nbsp;investigations</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="-" data-font="Calibri" data-listid="14" aria-setsize="-1" data-aria-posinset="0" data-aria-level="1"><SPAN data-contrast="none">Deliver new insights related to the obfuscation, exfiltration, or infiltration of sensitive information by insiders. For more information on Insider Risk Management, check out the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Tech Community blog</SPAN></A><SPAN data-contrast="none">.</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <P>&nbsp;</P> <P><SPAN data-contrast="none">With the</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">Microsoft&nbsp;</SPAN><SPAN data-contrast="none">Compliance E</SPAN><SPAN data-contrast="none">xtension for Chrome</SPAN><SPAN data-contrast="none">,&nbsp;</SPAN><SPAN>u</SPAN><SPAN>s</SPAN><SPAN>ers&nbsp;</SPAN><SPAN data-contrast="none">are automatically alerted when</SPAN><SPAN data-contrast="none">&nbsp;they take a risky action with sensitive data and are provided with actionable policy tips and guidance to remediate properly.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">As with other&nbsp;</SPAN><SPAN data-contrast="none">Microsoft unified</SPAN><SPAN data-contrast="none">&nbsp;DLP capabilities, the&nbsp;</SPAN><SPAN>Microsoft&nbsp;</SPAN><SPAN data-contrast="none">Compliance Extension for</SPAN><SPAN data-contrast="none">&nbsp;Chrome&nbsp;</SPAN><SPAN data-contrast="none">provides the same familiar look and feel that users are already accustomed to from the applications and services they use every day.</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">This reduces end-user training time and alert confusion and increases user confidence in the prescribed guidance and remediation offered in the policy tips</SPAN><SPAN data-contrast="none">.</SPAN><SPAN data-contrast="none">&nbsp;This approach&nbsp;</SPAN><SPAN data-contrast="none">can</SPAN><SPAN data-contrast="none">&nbsp;help</SPAN><SPAN data-contrast="none">&nbsp;improve</SPAN><SPAN data-contrast="none">&nbsp;policy compliance – without impact</SPAN><SPAN data-contrast="none">ing productivity.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="none">The Microsoft Compliance Extension for Chrome&nbsp;</SPAN></STRONG><SPAN><STRONG>Browser&nbsp;</STRONG></SPAN><STRONG><SPAN data-contrast="none">– Use Case Example</SPAN></STRONG><STRONG><SPAN data-contrast="none">s</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure 1<I>:</I> Chrome DLP block with override for printing</SPAN></STRONG><SPAN data-contrast="none">, we see how an organization can&nbsp;</SPAN><SPAN data-contrast="none">configure a DLP policy that allows the u</SPAN><SPAN data-contrast="none">se</SPAN><SPAN>&nbsp;of</SPAN><SPAN data-contrast="none">&nbsp;Chrome as an approved application to view sensitive data&nbsp;</SPAN><SPAN data-contrast="none">while&nbsp;</SPAN><SPAN data-contrast="none">protect</SPAN><SPAN data-contrast="none">ing</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">it</SPAN><SPAN data-contrast="none">&nbsp;from being printed. In this example, the policy was also configured to allow the information worker to override the policy when there is a justified business need.</SPAN><SPAN data-contrast="none">&nbsp;The business justification is logged as part of the DLP event in Compliance Center and can be reviewed&nbsp;at a later date&nbsp;to ensure compliance with approved business justifications.</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 1 Chrome Animation_1 Print sensitive file.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284001iBBA19DB30DE16A06/image-size/large?v=v2&amp;px=999" role="button" title="Figure 1 Chrome Animation_1 Print sensitive file.gif" alt="Figure 1 Chrome Animation_1 Print sensitive file.gif" /></span></SPAN></P> <P>&nbsp;</P> <P><STRONG><I><SPAN data-contrast="none">Figure&nbsp;</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">1</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">: Chrome DLP&nbsp;</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">block with override for printing</SPAN></I></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure 2<I>:</I> Chrome DLP allowing upload of a sensitive file to a sanctioned service domain</SPAN></STRONG><SPAN data-contrast="none">, we see how a customer configured a DLP policy to allow an information worker using Chrome to upload a sensitive file to&nbsp;</SPAN><SPAN data-contrast="none">Box</SPAN><SPAN>,</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">an</SPAN><SPAN data-contrast="none">&nbsp;approved service domain</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 2 Chrome Animation_2 Allow Upload to box.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284002i7C836A591E63CC8D/image-size/large?v=v2&amp;px=999" role="button" title="Figure 2 Chrome Animation_2 Allow Upload to box.gif" alt="Figure 2 Chrome Animation_2 Allow Upload to box.gif" /></span></SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Figure&nbsp;</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">2</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">: Chrome DLP allowing upload of a sensitive file to a sanctioned service&nbsp;domain&nbsp;</SPAN></I></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">3<I>:&nbsp;</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome DLP&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">blocking upload of a sensitive file to an unsanctioned service&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">domain</SPAN></STRONG><SPAN data-contrast="none">, we see how a customer configured a DLP policy to block an information worker from using Chrome to upload a sensitive file to&nbsp;</SPAN><SPAN data-contrast="none">Dro</SPAN><SPAN>p</SPAN><SPAN data-contrast="none">box</SPAN><SPAN data-contrast="none">. Dropbox is defined as</SPAN><SPAN data-contrast="none">&nbsp;an unsanctioned</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">service domain</SPAN><SPAN data-contrast="none">&nbsp;in this DLP policy</SPAN><SPAN data-contrast="none">.</SPAN><SPAN data-contrast="none">&nbsp;In this instance</SPAN><SPAN>,</SPAN><SPAN data-contrast="none">&nbsp;the policy was not configured to support user override</SPAN><SPAN data-contrast="none">&nbsp;and the user is unable to upload the document Dropbox</SPAN><SPAN data-contrast="none">.&nbsp;</SPAN><SPAN data-contrast="none">Th</SPAN><SPAN data-contrast="none">is</SPAN><SPAN data-contrast="none">&nbsp;policy violation is recorded&nbsp;</SPAN><SPAN data-contrast="none">as</SPAN><SPAN data-contrast="none">&nbsp;a DLP event and is available to be reviewed with full context in Compliance Center.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 3 Chrome Animation_3 Block Dropbox.gif" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284005iB76A2D0CACC25EBE/image-size/large?v=v2&amp;px=999" role="button" title="Figure 3 Chrome Animation_3 Block Dropbox.gif" alt="Figure 3 Chrome Animation_3 Block Dropbox.gif" /></span></SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Figure&nbsp;</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">3:</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">&nbsp;Chrome DLP blocking upload of a sensitive file to an unsanctioned service domain</SPAN></I></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">The Microsoft Compliance Extension for Chrome</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;in</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Compliance Center</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">4<I>:</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Compliance Center with Chrome App Event Fil</SPAN></STRONG><SPAN><STRONG>t</STRONG></SPAN><STRONG><SPAN data-contrast="none">er</SPAN></STRONG><SPAN data-contrast="none">, we see how an organization can&nbsp;</SPAN><SPAN data-contrast="none">apply a new filter to list Chrome related events for review and investigation.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 4 - CC with Chrome App Event Filter.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284006iBE0B314FF0E4AAA6/image-size/large?v=v2&amp;px=999" role="button" title="Figure 4 - CC with Chrome App Event Filter.png" alt="Figure 4 - CC with Chrome App Event Filter.png" /></span></SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">4<I>:</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Compliance Center with Chrome App Event Filer</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">5<I>:</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File Print&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details 1</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-contrast="none">and</SPAN><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">6</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;–&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File Print&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">2</SPAN></STRONG><SPAN data-contrast="none">, we see&nbsp;</SPAN><SPAN data-contrast="none">the full details of the Chrome file print event&nbsp;</SPAN><SPAN data-contrast="none">for review and&nbsp;investigation</SPAN><SPAN>.</SPAN></P> <P>&nbsp;</P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 5 - Chrome File Print Details 1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284007iABC0B20B385D193B/image-size/large?v=v2&amp;px=999" role="button" title="Figure 5 - Chrome File Print Details 1.png" alt="Figure 5 - Chrome File Print Details 1.png" /></span></SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">Figure&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">5<I>:</I></SPAN></SPAN><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">Chrome File Print&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">Event&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW65668860 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW65668860 BCX8">Details 1</SPAN></SPAN></STRONG><SPAN class="EOP SCXW65668860 BCX8" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN><SPAN class="EOP SCXW65668860 BCX8" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 6 - Chrome File Print Details 2.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284010iFA8E40D4D3F54614/image-size/large?v=v2&amp;px=999" role="button" title="Figure 6 - Chrome File Print Details 2.png" alt="Figure 6 - Chrome File Print Details 2.png" /></span></SPAN></SPAN></P> <P><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">6<I>:&nbsp;</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File Print&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">2</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">In&nbsp;</SPAN><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">7<I>:</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Copied to Cloud</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details 1</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-contrast="none">and</SPAN><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">8</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;–&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Copied to Cloud</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">2</SPAN></STRONG><SPAN data-contrast="none">, we see the full details of the Chrome file upload to Dropbox event for review and investigation.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="none"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 7 - Chrome File Copied to Cloud Details 1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284011i74BCEE0275DC54B1/image-size/large?v=v2&amp;px=999" role="button" title="Figure 7 - Chrome File Copied to Cloud Details 1.png" alt="Figure 7 - Chrome File Copied to Cloud Details 1.png" /></span></SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">Figure&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">7<I><SPAN data-contrast="none">:</SPAN></I></SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">Chrome File&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">Copied to Cloud</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">Event&nbsp;</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">Details 1</SPAN></SPAN><SPAN class="TextRun Highlight SCXW139780909 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW139780909 BCX8">&nbsp;</SPAN></SPAN><SPAN class="EOP SCXW139780909 BCX8" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></STRONG></P> <P>&nbsp;</P> <P><SPAN data-contrast="none"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 8 - Chrome File Copied to Cloud Details 2.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284013i6924A745AA36E7E6/image-size/large?v=v2&amp;px=999" role="button" title="Figure 8 - Chrome File Copied to Cloud Details 2.png" alt="Figure 8 - Chrome File Copied to Cloud Details 2.png" /></span></SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="none">Figure&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">8<I>:&nbsp;</I></SPAN></STRONG><STRONG><SPAN data-contrast="none">Chrome File&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Copied to Cloud</SPAN></STRONG><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Event&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">2</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Microsoft Unified DLP&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="none">Quick Path to Value</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">To help customers accelerate their deployment of a comprehensive information protection and data loss prevention strategy across all their environments containing sensitive data&nbsp;</SPAN><SPAN data-contrast="none">and&nbsp;</SPAN><SPAN data-contrast="none">help&nbsp;</SPAN><SPAN data-contrast="none">ensure immediate value,&nbsp;</SPAN><SPAN data-contrast="none">M</SPAN><SPAN data-contrast="none">icrosoft provides a one-stop approach to data protection and DLP policy deployment within the Microsoft 365 Compliance Center.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Microsoft Information Protection</SPAN><SPAN data-contrast="none">&nbsp;(MIP)</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">provides&nbsp;</SPAN><SPAN data-contrast="none">a&nbsp;</SPAN><SPAN data-contrast="none">common&nbsp;</SPAN><SPAN data-contrast="none">set of&nbsp;</SPAN><SPAN data-contrast="none">classification&nbsp;</SPAN><SPAN data-contrast="none">and data labeling tools that leverage&nbsp;</SPAN><SPAN data-contrast="none">AI</SPAN><SPAN data-contrast="none">&nbsp;and&nbsp;</SPAN><SPAN data-contrast="none">m</SPAN><SPAN data-contrast="none">achine&nbsp;</SPAN><SPAN data-contrast="none">l</SPAN><SPAN data-contrast="none">earning to support even the most complex of regulatory or internal&nbsp;</SPAN><SPAN data-contrast="none">sensitive information&nbsp;</SPAN><SPAN data-contrast="none">compliance mandates.</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">MIP’s over 1</SPAN><SPAN data-contrast="none">5</SPAN><SPAN data-contrast="none">0 sensitive information types and over 40 built-in policy templates for common industry regulations and compliance&nbsp;</SPAN><SPAN data-contrast="none">offer a quick path to&nbsp;</SPAN><SPAN data-contrast="none">value.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Consistent User Experience</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">No matter where DLP is applied, users have a consistent and familiar experience when notified of an activity that is in violation of a defined policy.&nbsp; Policy Tips and guidance&nbsp;</SPAN><SPAN data-contrast="none">are</SPAN><SPAN data-contrast="none">&nbsp;provided using a</SPAN><SPAN data-contrast="none">&nbsp;familiar look and feel users are already accustomed to from applications and services they use every day</SPAN><SPAN data-contrast="none">. This</SPAN><SPAN data-contrast="none">&nbsp;approach can</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">reduce end-user training time</SPAN><SPAN data-contrast="none">,</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">eliminates&nbsp;</SPAN><SPAN data-contrast="none">alert confusion, increases user confidence in prescribed guidance and remediation, and improves overall compliance with policies – without impacting productivity.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Integrated Insights</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Microsoft</SPAN><SPAN data-contrast="none">&nbsp;DLP&nbsp;</SPAN><SPAN data-contrast="none">integrates with&nbsp;</SPAN><SPAN data-contrast="none">other Security &amp; Compliance solutions such as&nbsp;</SPAN><SPAN data-contrast="none">M</SPAN><SPAN data-contrast="none">IP</SPAN><SPAN data-contrast="none">, Microsoft</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">Defender</SPAN><SPAN data-contrast="none">,</SPAN><SPAN data-contrast="none">&nbsp;and Insider Risk&nbsp;</SPAN><SPAN data-contrast="none">Management&nbsp;</SPAN><SPAN data-contrast="none">to provide broad and comprehensive coverage and visibility required by organization</SPAN><SPAN data-contrast="none">s</SPAN><SPAN data-contrast="none">&nbsp;to meet regulatory and policy compliance.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 9 - Microsoft Unified Approach.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284015i48E051AFA4963638/image-size/large?v=v2&amp;px=999" role="button" title="Figure 9 - Microsoft Unified Approach.png" alt="Figure 9 - Microsoft Unified Approach.png" /></span></SPAN></P> <P>&nbsp;</P> <P><STRONG><I><SPAN data-contrast="none">Figure&nbsp;</SPAN></I></STRONG><SPAN><STRONG><I>9</I></STRONG></SPAN><STRONG><I><SPAN data-contrast="none">:&nbsp;</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">Integrated In</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">s</SPAN></I></STRONG><STRONG><I><SPAN data-contrast="none">ights</SPAN></I></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">This</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">approach&nbsp;</SPAN><SPAN data-contrast="none">reduces the dependence on individual and&nbsp;</SPAN><SPAN data-contrast="none">uncoordinated</SPAN><SPAN data-contrast="none">&nbsp;solutions from disparate providers to monitor user actions, remediate policy violations and educate users on the correct handling of sensitive data at the endpoint, on-premise</SPAN><SPAN data-contrast="none">s,</SPAN><SPAN data-contrast="none">&nbsp;and in the cloud</SPAN><SPAN data-contrast="none">.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P aria-level="2"><STRONG><SPAN data-contrast="none">Get Started</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Microsoft&nbsp;</SPAN><SPAN data-contrast="none">DLP</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">solution&nbsp;</SPAN><SPAN data-contrast="none">is part of a broader set of&nbsp;</SPAN><SPAN data-contrast="none">Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite.&nbsp;</SPAN><SPAN data-contrast="none">Y</SPAN><SPAN data-contrast="none">ou can sign up for a&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">trial</SPAN></A><SPAN data-contrast="none">&nbsp;o</SPAN><SPAN data-contrast="none">f Microsoft 365 E5 o</SPAN><SPAN data-contrast="none">r navigate&nbsp;to&nbsp;the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Microsoft 365&nbsp;</SPAN><SPAN data-contrast="none">C</SPAN><SPAN data-contrast="none">ompliance&nbsp;</SPAN><SPAN data-contrast="none">C</SPAN><SPAN data-contrast="none">enter</SPAN></A><SPAN data-contrast="none">&nbsp;to get started today.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P aria-level="5"><STRONG><SPAN data-contrast="none">Additional resources:</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">For more information on Data Loss Prevention, please&nbsp;see </SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/a-unified-approach-to-data-loss-prevention-from-microsoft/ba-p/1694492" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> and </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For videos on Microsoft Unified DLP approach and Endpoint DLP see </SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/understanding-and-maximizing-the-value-of-microsoft-s-dlp/m-p/1688051" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> and </SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/extending-microsoft-dlp-deployment-to-endpoints/m-p/1688046" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For a Microsoft Mechanics video on Endpoint DLP see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For more information on the Microsoft Compliance Extension for Chrome see&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>this</SPAN></A><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">and&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For more information on DLP Alerts and Event Management, see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For more information on Sensitivity Labels as a condition for DLP policies,&nbsp;see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none">  </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For more information on Sensitivity Labels, please&nbsp;see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none">  </SPAN><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For more information on conditions and actions for Unified DLP, please&nbsp;see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For the latest on Microsoft Information Protection, see </SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-contrast="none"> and </SPAN><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/what-s-new-and-what-s-coming-in-information-protection/ba-p/1797438" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="20" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">For&nbsp;</SPAN><SPAN data-contrast="none">more information on AIP scanner,&nbsp;see&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">this</SPAN></A><SPAN data-ccp-props="{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-contrast="none">Thank you,</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">The Microsoft Information Protection team</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Thu, 27 May 2021 23:10:43 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-announces-the-general-availability-of-the-microsoft/ba-p/2389371 EricEOuellet 2021-05-27T23:10:43Z Microsoft Virtual Security and Compliance Summit 2021 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-virtual-security-and-compliance-summit-2021/ba-p/2385816 <P>Microsoft <STRONG>IS</STRONG> a Security and Compliance leader!&nbsp; We are constantly humbled that the market keeps validating our goal on <A href="#" target="_blank" rel="noopener">delivering Security for All in a Zero Trust World</A>.&nbsp; We are not only best in suite we are also best in breed. Just in the month of May alone Microsoft has added these accolades to it list.&nbsp;</P> <P>&nbsp;</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave</A></LI> <LI><A href="#" target="_blank" rel="noopener">Gartner names Microsoft a Leader in the 2021 Endpoint Protection Platforms Magic Quadrant</A></LI> <LI><A href="#" target="_blank" rel="noopener">Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft is a Leader in the 2021 Forrester Endpoint Security Software as a Service Wave</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021</A></LI> </UL> <P>&nbsp;</P> <P>And while we could just rest on our laurels our team is determined to continue to improve and create intelligent security and compliance solutions for the world.</P> <P>&nbsp;</P> <P>Join us at <A href="#" target="_blank" rel="noopener">Microsoft Virtual Security &amp; Compliance Summit</A> on Thursday, June 3, 2021 between 9:00 AM–12:00 PM Pacific Time (12:00 PM–3:00 PM Eastern Time).</P> <P>&nbsp;</P> <H2><A title="Microsoft Virtual Security &amp; Compliance Summit 2021" href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Virtual-Security-Compliance-Summit-2021.PNG" style="width: 933px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/283767i7E9A31E8A89B5AD6/image-size/large?v=v2&amp;px=999" role="button" title="Virtual-Security-Compliance-Summit-2021.PNG" alt="Virtual-Security-Compliance-Summit-2021.PNG" /></span></A></H2> <P>&nbsp;</P> <P>&nbsp;</P> <H2><STRONG><A href="#" target="_blank" rel="noopener">CLICK HERE TO REGISTER</A> </STRONG></H2> <P>&nbsp;</P> <P>The realities of widespread remote and hybrid work scenarios pose new challenges for organizations. Security, compliance, and identity are more complex—and more critical—than ever. Join us to hear some of the industry’s leading voices speak on mitigating risks and strengthening your security posture.</P> <P>&nbsp;</P> <P>Join Microsoft leaders such as CVP &amp; CMO of Security - Vasu Jakkal, CVP of Security - Ann Johnson,&nbsp;Executive Chief Security Advisor – Jim Eckhart, Chief Security Advisor - Hafid Elabdellaoui, and others to hear the latest insights and strategies.</P> <P>&nbsp;</P> <P>At this event, you’ll gain fresh insights on:</P> <P>&nbsp;</P> <UL> <LI>What’s top of mind for CISOs—like cloud-first security, training, and resiliency.</LI> <LI>How we secure Microsoft today—an insider look.</LI> <LI>Securing the remote and hybrid workplace.</LI> <LI>Trends and best practices from Microsoft defenders, detection, and response teams.</LI> <LI>Strategies for protecting against insider risk.</LI> <LI>Tactics to protect and govern data across your digital estate.</LI> </UL> <P>&nbsp;</P> <P>Don’t miss this interactive, high-profile event with Microsoft experts—and the opportunity to connect with your peers on the cybersecurity techniques you need to help safeguard your organization in 2021 and beyond.</P> <P>&nbsp;</P> <P>To learn more about Microsoft Security solutions,&nbsp;<A href="#" target="_blank" rel="noopener">visit our&nbsp;website</A>.&nbsp;Bookmark the&nbsp;<A href="#" target="_blank" rel="noopener">Security blog</A>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<A href="#" target="_blank" rel="noopener">@MSFTSecurity</A>&nbsp;for the latest news and updates on cybersecurity.</P> <P>&nbsp;</P> <P>Follow Christopher on&nbsp;<A href="#" target="_blank" rel="noopener">Twitter</A>&nbsp;and&nbsp;<A href="#" target="_blank" rel="noopener">LinkedIn</A></P> Wed, 02 Jun 2021 17:28:26 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-virtual-security-and-compliance-summit-2021/ba-p/2385816 ChristopherCampbell 2021-06-02T17:28:26Z Record Confidential Transaction Logs with Azure Confidential Ledger https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/record-confidential-transaction-logs-with-azure-confidential/ba-p/2377226 <P><STRONG>Introducing Azure Confidential Ledger - a blockchain-powered service designed with security and integrity at its core</STRONG></P> <P><SPAN>Built on the <A href="#" target="_blank" rel="noopener">Confidential Consortium Framework</A> (CCF) Microsoft Research project, we are excited to announce the public preview of <A href="#" target="_blank" rel="noopener">Azure Confidential Ledger</A> (ACL), a fully managed service that provides the ability to store sensitive data records with integrity and confidentiality protections, all in a highly available and scalable service. Using ACL, customers can store data in an immutable, tamper-protected, and append-only ledger. The service provides these assurances by harnessing the power of Confidential Computing’s hardware-encrypted secure enclaves when setting up the decentralized blockchain network, limiting Microsoft’s access to operating the nodes in the ledger.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG><SPAN>Use cases for Azure Confidential Ledger</SPAN></STRONG></P> <P><SPAN>Azure customers are rapidly adopting ACL for a variety of purposes, including audit logging and tracking of highly sensitive admin operations. In collaborative environments, where multiple parties are involved in the sharing of sensitive data, ACL addresses the requirements to trace access to critical business information. For example:</SPAN></P> <UL> <LI><SPAN>Healthcare institutes may want to record access to medical devices by technicians performing maintenance on the device. Those medical devices may store private patient data, such as imageries or health measurements.</SPAN></LI> <LI><SPAN>Financial or retail businesses can track financial transactions that happen on the regular payment circuits and build an immutable log of value transfer between parties at a specific timestamp. </SPAN></LI> <LI><SPAN>Financial or healthcare organizations interacting with multiple parties will be able to resolve potential disputes or provide insurance services on events that occurred in the line of the business system.</SPAN></LI> <LI><SPAN>IT departments can apply administrative and control changes, such as grant access permissions to critical resources, and then record security events separately from proprietary line-of-business applications.</SPAN></LI> <LI><SPAN>Supply chain can also benefit from connected devices and platforms for logging transactions. Microsoft has championed the use of blockchain technology in the supply chain to improve resiliency, traceability, and predictability of the end-to-end process. ACL can be an important ingredient in providing traceability guarantees. You can read more in the Microsoft Industry blog: <A href="#" target="_blank" rel="noopener">Improve supply chain resiliency, traceability, and predictability with blockchain.</A></SPAN></LI> <LI><SPAN>Any time deeds are exchanged, a proof of authenticity of documents provides assurances that transactions have been completed and accepted by all parties involved; the confidential ledger may contain references to such deeds, and its confidentiality necessary to prevent access by unauthorized parties, including the cloud provider.</SPAN></LI> <LI><SPAN>Any other need for e-discovery and forensic access to records, which would result in confidential records being disclosed with investigating third parties. While certain solutions exist in the marketplace, ACL can provide stronger guarantees that are easy to verify.</SPAN></LI> </UL> <P><SPAN>&nbsp;</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ShubhraS_0-1621637796263.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/282789iFA56E6F9C18814DD/image-size/medium?v=v2&amp;px=400" role="button" title="ShubhraS_0-1621637796263.png" alt="ShubhraS_0-1621637796263.png" /></span></P> <P>&nbsp;</P> <P><EM>Azure Confidential Ledger use cases</EM></P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG><SPAN>&nbsp;</SPAN></STRONG></P> <P><STRONG>The technology behind Azure Confidential Ledger&nbsp;&nbsp;&nbsp;&nbsp;</STRONG></P> <P><SPAN>Based on a permissioned blockchain model by the <A href="#" target="_blank" rel="noopener">Confidential Consortium Framework</A> (CCF), ACL offers unique data integrity advantages. These include immutability, making the ledger write-only, and tamper-protecting to ensure all records are kept intact. The ledger runs exclusively on hardware-backed secure enclaves, a heavily monitored and isolated runtime environment, which keeps potential attacks at bay. Specifically,&nbsp;</SPAN>ACL runs on a minimalistic Trusted Computing Base (TCB) which <U>prevents access to ACL service developers, datacenter technicians, and cloud administrators</U>.</P> <P>&nbsp;</P> <P><SPAN>Key features of Azure Confidential Ledger include:</SPAN></P> <OL> <LI><SPAN>Tamper-protected digital ledger for immutable data storage in a permissioned blockchain; its <A href="#" target="_self">Merkle-tree</A> architecture ensures that ledger receipts are universally verifiable.</SPAN></LI> <LI><SPAN>Runs in hardware secured enclaves to provide append-only functionality with strong hardware-rooted confidentiality and integrity protections; data submitted from the client goes directly to the ledger’s enclave.</SPAN></LI> <LI><SPAN>Tampering verification can be executed by users at any time.</SPAN></LI> <LI><SPAN>Publicly available governance model where governance logs are part of the ledger and auditable by users at any time.</SPAN></LI> <LI><SPAN>Managed web service with a REST API for ledger administrative tasks as well as record tracking, read previous records and verify tamper evidence.</SPAN></LI> </OL> <P><SPAN>&nbsp;</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ShubhraS_1-1621637796269.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/282790i4891B06A3B9C7D6F/image-size/large?v=v2&amp;px=999" role="button" title="ShubhraS_1-1621637796269.png" alt="ShubhraS_1-1621637796269.png" /></span></P> <P>&nbsp;</P> <P><EM><SPAN>Azure Confidential Ledger architecture</SPAN></EM></P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG><SPAN>ACL security</SPAN></STRONG></P> <P><SPAN>Data is sent to ACL over a required TLS 1.2 connection, and the TLS connection terminates inside the hardware backed security enclaves. This ensures that no one can intercept the connection between the customer’s client and the ACL server nodes.</SPAN></P> <P><SPAN>In addition to interacting with the ACL API, it is possible to verify the ACL service integrity via an offline verification tool.</SPAN></P> <P>&nbsp;</P> <P><SPAN>What makes ACL more secure than any other comparable digital ledger solution is that it leverages the <A href="#" target="_blank" rel="noopener">Azure Confidential Computing</A> platform. An instance of ACL runs in a dedicated and fully attested hardware-backed enclave. The ledger’s integrity is maintained through a consensus-based blockchain.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG><SPAN>ACL storage</SPAN></STRONG></P> <P><SPAN>Ledgers in ACL are created as blocks in blob storage containers. Transaction data can either be stored as encrypted or in plaintext depending on your needs.</SPAN></P> <P>&nbsp;</P> <P><SPAN>By adopting a Merkle tree-based approach, receipts of data writes include a full tree path to a signed root-of-trust. This means that users can verify transactions without storing or managing any ledger data, thus simplifying the additional burden of managing those receipts in a separate storage facility.</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN>ACL APIs</SPAN></STRONG></P> <P><SPAN>The ACL instance can be managed by administrators using an Administrative API and can be called directly by your application code through a Functional API. The Administrative API supports operations such as create, update, get, and delete of ledgers. The Functional API allows direct interaction with your instantiated ledger and includes operations such as put, get and verify data.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><STRONG><SPAN>Get started!</SPAN></STRONG></P> <P><SPAN>How can you tell whether Azure Confidential Ledger would be useful to your organization? You should consider using ACL if your organization stores records that are valuable enough for a motivated attacker to try and compromise the underlying logging/storage system. This includes “insider” scenarios where a rogue employee might attempt to forge, modify, or remove records.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If this sounds right for you, <A href="#" target="_blank" rel="noopener">we encourage you to try ledger and also chat with us about your experience.</A> During the public preview period, ACL is free of charge. </SPAN></P> Fri, 28 May 2021 19:02:52 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/record-confidential-transaction-logs-with-azure-confidential/ba-p/2377226 ShubhraS 2021-05-28T19:02:52Z Enabling Multi-Cloud Compliance https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/enabling-multi-cloud-compliance/ba-p/2376639 <P>We know that the vast majority of enterprise customers have multi-cloud strategies. Our customers want and need to integrate Microsoft compliance solutions - including Information Protection and Governance, Insider Risk Management, eDiscovery as well as Compliance Management - with their other existing security, compliance, and identity-related investments. That is why we are building our Compliance platform to be extensible and address our customers’ multi-cloud reality. To that end, we see extensibility as a horizontal capability and developers as a key enabler of this across all compliance solutions.</P> <P>&nbsp;</P> <P><STRONG>Multi-cloud data access</STRONG></P> <P>To enable our customers to apply Microsoft Compliance value to their entire data landscape including Microsoft and non-Microsoft systems we have an extensible <A href="#" target="_blank" rel="noopener">data connector platform</A>. To learn more about how a global bank leveraged our data connectors <SPAN>to modernize communication and collaboration without compromising on security and compliance needs </SPAN>read this<SPAN> <A href="#" target="_blank" rel="noopener">success story</A>. </SPAN>We are constantly adding new data sources, you can learn more about available data connectors <A href="#" target="_blank" rel="noopener">here</A>.</P> <P>For in-place compliance value spanning structured and unstructured data, we have <A href="#" target="_blank" rel="noopener">Azure Purview</A> that covers cloud data repositories such as AWS S3 buckets. To learn more about available non-Microsoft data sources and the latest innovations in Azure Purview view our latest blog <A href="#" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P><STRONG>APIs for integration</STRONG></P> <P>To enable system-level integrations and enabling compliance in the flow of work - we are doubling down on our APIs investments. We have <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/extending-the-microsoft-compliance-ecosystem-with-new-connectors/ba-p/1506992" target="_blank" rel="noopener">announced</A> multiple <A href="#" target="_blank" rel="noopener">Microsoft Graph APIs</A> that developers can use to enable Compliance-related scenarios including Advance eDiscovery (AeD), Data Loss Prevention (DLP) and Teams Export, etc. The <A href="#" target="_blank" rel="noopener">Microsoft Information Protection SDK</A> also enables discovery, classification, protection, and monitoring of sensitive data across various SaaS/LOB apps. To learn more about the latest on MIP SDK read this <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-sdk-1-9-now-available/ba-p/2279555" target="_blank" rel="noopener">blog post</A>.</P> <P>Today, we are excited to announce that we are enabling compliance for enterprise app data ingested through Microsoft Graph Connectors as well as several enhancements to our existing Microsoft Graph API for AeD.</P> <P>&nbsp;</P> <P><STRONG>Built-in Compliance for Microsoft 365-connected apps </STRONG></P> <P>With <A href="#" target="_blank" rel="noopener">Microsoft Graph connectors</A>, organizations can index third-party data so it appears in Microsoft Search results. This feature expands the types of content sources that are searchable in your Microsoft 365 productivity apps and the broader Microsoft ecosystem. The third-party data can be hosted on-premises or in the public or private clouds. We are excited to announce the developer preview of built-in compliance value – starting with Advanced eDiscovery - of Microsoft 365 connected apps. Our aim is to enable compliance for apps integrating into the Microsoft 365 ecosystem to empower our users with seamless compliance experiences.</P> <P>While many apps seek enterprise adoption, companies often require compliance for enterprise data, creating some hurdles to adoption. Furthermore, our app partners seek to increase their app usage by making their products widely available across the Microsoft 365 ecosystem. This new integration of built-in Compliance for Microsoft Graph Connectors will empower our app developers and partners to enable Advanced eDiscovery on their app content and enable Microsoft 365 users to more broadly adopt compliant app solutions within the Microsoft 365 ecosystem.</P> <P>Utilizing graph connectors is a powerful solution to surface 3P app data across the Microsoft 365 ecosystem. Ingesting via Microsoft Graph enables participation in compliance, enterprise search, and intelligent discovery experiences across Office, Teams, and more. These are not multiple integrations, but one to power multiple experiences. One of the great benefits of ingesting your content into graph connectors is easily lighting up Microsoft compliance to manage and take control of 3P app data.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Microsoft 365 connected apps as a non-custodial data source.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/282709i192962CFA64A2B55/image-size/large?v=v2&amp;px=999" role="button" title="Microsoft 365 connected apps as a non-custodial data source.jpg" alt="Enabling Microsoft 365 connected apps as a non-custodial data location." /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Enabling Microsoft 365 connected apps as a non-custodial data location.</span></span></P> <P>&nbsp;</P> <P>Advanced eDiscovery is a powerful solution allowing you to take control of your data in the case of any legal investigation. By ingesting your app data into the Graph, you can also light up the Advanced eDiscovery experience. Advanced e-Discovery ensures you can collect and review your data when needed, and apps can preemptively take control of their data through a single ingestion into Microsoft Graph.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Microsoft 365 connected apps - review set.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/282716i38FD3D6132FB6E34/image-size/large?v=v2&amp;px=999" role="button" title="Microsoft 365 connected apps - review set.jpg" alt="Review set in AeD showing content from Microsoft 365 connected app" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Review set in AeD showing content from Microsoft 365 connected app</span></span></P> <P>&nbsp;</P> <P>To learn more about how to build Microsoft 365 connected apps and how to enable them for AeD scenarios watch the&nbsp;<A href="#" target="_blank" rel="noopener">Compliance ecosystem break-out</A> session at Build conference.</P> <P>&nbsp;</P> <P><STRONG>Enhancements in Microsoft Graph APIs for Advanced eDiscovery</STRONG></P> <P>With AeD, organizations can respond to investigations or litigation with efficient access to collect and discover communications and collaboration content from the source; quickly assess and get estimates for the size and scope of your investigation, narrow and target to get to just the right, most relevant content to help your investigation, and find out who knew what when. With the Microsoft Graph APIs for AeD developers can establish automated, repeatable processes and integration to existing or home-grown systems.</P> <P>Last year we <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/extending-the-microsoft-compliance-ecosystem-with-new-connectors/ba-p/1506992" target="_blank" rel="noopener">announced</A>&nbsp;the availability of Microsoft Graph API for AeD. These APIs, currently in public preview - already enable Case, Review Set/Query, Custodians, Holds, Collections/Search, and Export related scenarios. Today we are excited to share the addition of Review set tags, Non-Custodial Data Sources, and Case Settings as well. With this addition, we have completed the full end-to-end workflow for AeD automation.</P> <P>&nbsp;</P> <P>To learn more about Microsoft Graph APIs for AeD visit <A href="#" target="_blank" rel="noopener">aka.ms/ediscoGraph</A>. &nbsp;</P> <P>&nbsp;</P> <P>These new capabilities enable a multitude of possibilities for developers, customers, and partners. Additionally, as <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-compliance-joins-the-microsoft-intelligent-security/ba-p/2160904" target="_blank" rel="noopener">recently announced</A>, Microsoft Compliance has joined the Microsoft Intelligent Security Association (MISA) program. There are already 60+ offerings including product integrations and managed services offerings. We are very excited to see what you will build next!</P> <P>&nbsp;</P> <UL> <LI>Use <A href="#" target="_blank" rel="noopener">Data Connectors</A> for high-fidelity non-Microsoft data ingestion into Microsoft Compliance platform.</LI> <LI>Use <A href="#" target="_blank" rel="noopener">Azure Purview</A>&nbsp;for in-place multi-cloud access to structured and unstructured data.</LI> <LI><A href="#" target="_blank" rel="noopener">Build Microsoft 365 connected apps</A> using Microsoft Graph connector and Teams to benefit from built-in compliance.</LI> <LI>Integrate and automate your AeD applications using <A href="#" target="_blank" rel="noopener">Microsoft Graph APIs for AeD</A>.</LI> </UL> <P>&nbsp;</P> <P>Thank you,</P> <P>Rudra Mitra,<BR />CVP, Program Management, Microsoft 365 Security and Compliance Engineering<BR />Hammad Rajjoub<BR />Director, Product Marketing, Microsoft 365 Compliance Marketing</P> Tue, 25 May 2021 15:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/enabling-multi-cloud-compliance/ba-p/2376639 HammadRajjoub 2021-05-25T15:00:00Z Walkthrough for AIP labelByCustomProperties Advanced Feature https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/walkthrough-for-aip-labelbycustomproperties-advanced-feature/ba-p/2376527 <P>In the Information Protection world there are several technologies customers could choose to deploy. Ultimately, decisions will also be made to migrate away from them to other vendor products. When this happens, customers generally want to maintain a mapping from the older labels to newer labels, ensuring that they can easily apply new labels without the need for additional manual work.</P> <P>&nbsp;</P> <P>This document will walk through how to leverage the labelByCustomProperties advanced feature for the cmdlet Set-Label included in the Security and Compliance PowerShell. This will enable us to create a mapping from one label to another, and is useful for use cases of moving from another labeling technology to Sensitivity labels, Secure Islands to Sensitivity labels, Sensitivity labels in Commercial tenants to Sensitivity labels in GCCH tenant, and much more.</P> <P>&nbsp;</P> <P>Please keep in mind that the mapping is limited to labeling only, meaning that protection capabilities cannot be maintained during this mapping. There is also a potential for performance issues regarding its use with labeled emails.</P> <P>&nbsp;</P> <OL> <LI>Connect to the Security and Compliance Center (SCC) PowerShell. This enables you to leverage many of the advanced settings for sensitivity labeling. Ensure that the Module ExchangeOnlineManagement is installed. You can either use Windows PowerShell in admin mode and run the following command:</LI> </OL> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="applescript">Install-Module -Name ExchangeOnlineManagement</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">&nbsp;</P> <P class="lia-indent-padding-left-30px">Or <A href="#" target="_blank" rel="noopener">https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.5</A> to manually download the module and then use it. After doing this, go ahead and import the module using the following command:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="applescript">Import-Module ExchangeOnlineManagement</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">&nbsp;</P> <P class="lia-indent-padding-left-30px">2. Connect to the PowerShell for your organization. You can specifically use this for organizations in Commercial M365 and M365 GCC:</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="applescript">Connect-IPPSSession -UserPrincipalName navin@contoso.com</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">Make sure to change the UPN that is tailored for your use case. For other endpoints such as GCCH organizations and more see&nbsp;<A href="#" target="_self">here</A>.&nbsp;</P> <P>&nbsp;</P> <P class="lia-indent-padding-left-30px">3. Now you will be able to use the advanced settings by leveraging the SCC PowerShell. We will start by demonstrating one mapping of an AIP label in tenant A to an AIP label in tenant B. The example is demonstrated below:</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="applescript">Set-Label -Identity YOURTENANTBLABELNAME -AdvancedSettings @{labelByCustomProperties="description of rule,MSIP_Label_fc45349f-e0b8-4318-8dac-6a12a9c611fd_Enabled,true"} </LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>The advanced setting key is defined as labelByCustomProperties and the value is entered using the following format:</P> <P>&nbsp;</P> <P>“Description of rule, Label Property, metadata”</P> <P>&nbsp;</P> <P>To unpack the example some more, we start by using Set-Label as the command to set up the mapping of one label to another. To create more mappings, you create more instances of this Set-Label command.</P> <P>&nbsp;</P> <P>For the -Identity parameter, you want to input what the resulting label name should be. I.e. if you were taking a document in Tenant A with “x” label and wanted it to display “y” label in Tenant B, you would want to input “y” for the -Identity parameter.</P> <P>&nbsp;</P> <P>The -AdvancedSettings parameter has the key and value described earlier but let’s break down the value format further. For “Description of rule” you can input any string that would help you describe the mapping. For “Label Property” this would be the custom metadata property specific to our use case. In the example above we have an MSIP_Label that is indicative of the label from Tenant A which is “x”. Finally, we have the “metadata” and here we used “true” in the example to denote the scenario when this label metadata is present in Tenant B.</P> <P>&nbsp;</P> <P>Thus, this label essentially allows us to go from one label in a tenant to another label in another tenant. There are other potential permutations of this, but we hope you understand how you can use this for your own use cases moving forward.</P> Mon, 24 May 2021 19:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/walkthrough-for-aip-labelbycustomproperties-advanced-feature/ba-p/2376527 Arvind_Chandaka 2021-05-24T19:00:00Z Microsoft Build 2021 | Security, Compliance, Identity, and Management Tech Community Blog https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-build-2021-security-compliance-identity-and-management/ba-p/2381062 <P><STRONG><I><SPAN data-contrast="auto">Security, Compliance, Identity, and Management is excited for you to join us at&nbsp;Microsoft Build starts&nbsp;on&nbsp;May 25,&nbsp;2021!&nbsp;The event&nbsp;begins bright and&nbsp;early&nbsp;at 8:00am PST!!</SPAN></I></STRONG><SPAN data-contrast="auto">&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Register now</SPAN></A><SPAN data-contrast="auto">&nbsp;to&nbsp;join&nbsp;subject matter&nbsp;experts&nbsp;as we&nbsp;celebrate the&nbsp;developer community.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">We&nbsp;are&nbsp;super&nbsp;excited to&nbsp;bring together this community of&nbsp;developers&nbsp;from across the&nbsp;globe&nbsp;to join us&nbsp;virtually, live&nbsp;or on-demand,&nbsp;to get updates on the newest&nbsp;technologies, innovations and&nbsp;connect with peers and Microsoft professionals.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Participate in a&nbsp;Breakout Session&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><I><SPAN data-contrast="auto">Breakout sessions (30mins) delivered twice.&nbsp;Did you attend a Breakout Session, but still have questions? Join the corresponding Ask the Experts session for a live Q&amp;A with subject matter experts.&nbsp;</SPAN></I><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">Senior Program Manager</SPAN></I><SPAN data-contrast="auto">,&nbsp;Kalyan&nbsp;Krishna,</SPAN><I><SPAN data-contrast="auto">&nbsp;and&nbsp;Principal PM&nbsp;Manager&nbsp;</SPAN></I><SPAN data-contrast="auto">Saeed Akhter</SPAN><STRONG><SPAN data-contrast="auto">&nbsp;</SPAN></STRONG><SPAN data-contrast="auto">as they&nbsp;discuss how the Zero Trust model assumes breach and verifies every access request, regardless of origin or access resource&nbsp;in,&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">“Build Zero Trust ready applications starting with the Microsoft identity platform”.</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">In this session, you will learn how to ensure your app is built according to Zero Trust best practices and is ready to be managed when your customers want to embrace Zero Trust.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time:&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">BRK234 |</SPAN><SPAN data-contrast="auto">&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Wednesday, May 26 | 12:00PM –&nbsp;12:30PM PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK234 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Wednesday May 26, | 1:00PM – 1:30PM PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">BRK234-R1 |</SPAN><SPAN data-contrast="auto">&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, May 27 | 4:00AM – 4:30AM PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK234-R1 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, May 27 | 5:00AM – 5:30AM PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><I><SPAN data-contrast="auto">Program Manager,</SPAN></I><SPAN data-contrast="auto">&nbsp;Anne Raheem,&nbsp;</SPAN><I><SPAN data-contrast="auto">Director, Product Marketing,</SPAN></I><SPAN data-contrast="auto">&nbsp;Hammad Rajjoub,&nbsp;</SPAN><I><SPAN data-contrast="auto">Principal Program Manager,</SPAN></I><SPAN data-contrast="auto">&nbsp;Nick Robinson, and&nbsp;</SPAN><I><SPAN data-contrast="auto">Principal Pm Manager</SPAN></I><SPAN data-contrast="auto">,&nbsp;Yaron Hezroni,&nbsp;as they discuss how&nbsp;Compliance APIs and extensibility capabilities that enable multi-cloud compliance</SPAN><STRONG><SPAN data-contrast="auto">&nbsp;</SPAN></STRONG><SPAN data-contrast="auto">in&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">“Build, integrate and accelerate Multi-cloud Compliance”</SPAN></STRONG><SPAN data-contrast="auto">.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Date/Time:&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">BRK245 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>Wednesday, May 26 |&nbsp;2:00PM – 2:30PM PST&nbsp;&nbsp;</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK245 |&nbsp;</SPAN><SPAN data-contrast="none">Thursday, May 27 | 4:00AM – 4:30AM PST</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="auto">BRK245-R1 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday, May 27 | 6:00AM – 6:30AM PST</SPAN></A><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:276}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="auto">ATEBRK245-R1 |&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Thursday. May 27 |&nbsp;</SPAN><SPAN data-contrast="none">&nbsp;7:00AM – 7:30AM PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:252}">&nbsp;</SPAN></LI> </UL> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Discover our&nbsp;On-demand Sessions&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Looking for more security-centric content? The&nbsp;Microsoft Build platform will host a variety of pre-recorded content&nbsp;available&nbsp;for your&nbsp;viewing at any time.&nbsp;For the complete list of&nbsp;all Security, Compliance, Identity, and Management on-demand sessions that will be&nbsp;featured during the event&nbsp;check out the list below.&nbsp;Click the links below to save these sessions to your Microsoft Build Schedule.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <TABLE data-tablestyle="MsoTable15Plain3" data-tablelook="1184" aria-rowcount="6"> <TBODY> <TR aria-rowindex="1"> <TD data-celllook="272"> <P><STRONG><SPAN data-contrast="auto">SESSION CODE&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="256"> <P><STRONG><SPAN data-contrast="auto">SESSION TITLE&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="2"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD479</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="auto">Broadening Confidential Computing Support across Azure</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="3"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD491</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="auto">Down with sign-ups, just sign-in!</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="4"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD500</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="auto">Build secure B2C applications​ with Azure AD External Identities</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="5"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD501</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="auto">Build Secured IoT Solutions for Azure Sphere with IoT Hub</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="6"> <TD data-celllook="16"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">OD547</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><SPAN data-contrast="auto">Develop Compliance Powered LOB Applications with Microsoft Information Protection (MIP) SDK</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> </TBODY> </TABLE> <P><STRONG><SPAN data-contrast="none">Tune into&nbsp;Interstitial Programming&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Join&nbsp;</SPAN><STRONG><I><SPAN data-contrast="auto">Anne Raheem and Hammad Rajjoub</SPAN></I></STRONG><SPAN data-contrast="auto">&nbsp;for “</SPAN><SPAN data-contrast="none">Build, integrate and accelerate Multi-cloud Compliance”&nbsp;May 25</SPAN><SPAN data-contrast="none">th</SPAN><SPAN data-contrast="none">&nbsp;between 3:00pm – 3:30pm PST for a live Q&amp;A and conversation&nbsp;as they discuss&nbsp;Compliance APIs and extensibility capabilities that enable multi-cloud compliance.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Join&nbsp;</SPAN><STRONG><I><SPAN data-contrast="none">Chief Technology Officer, Mark Russinovich</SPAN></I></STRONG><SPAN data-contrast="none">,&nbsp;</SPAN><STRONG><I><SPAN data-contrast="none">VP of Engineering at Signal Messenger, Jim O’Leary</SPAN></I></STRONG><SPAN data-contrast="none">, and&nbsp;</SPAN><STRONG><I><SPAN data-contrast="none">Software Engineer at&nbsp;Signal Messenger, Jon Chambers&nbsp;</SPAN></I></STRONG><SPAN data-contrast="none">for “Azure Confidential Computing: Signal Messenger Customer Story”&nbsp;May&nbsp;26</SPAN><SPAN data-contrast="none">th</SPAN><SPAN data-contrast="none">, between 10:30am – 11:00am PST&nbsp;as they&nbsp;discuss their story.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">The free private messaging app Signal protects the privacy of messages and user data. The nonprofit had employed Microsoft Azure confidential computing as one of its cloud solutions, using secure enclaves to obfuscate user data. But when the open-source app experienced a huge spike in new users in 2021, Signal moved all its confidential computing loads related to user signups to Azure because of its availability, reliability, and the support the app received to maintain performance during its massive growth.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:720,&quot;335559738&quot;:240,&quot;335559739&quot;:120,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="none">Meet&nbsp;our&nbsp;Security&nbsp;Experts&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="none">Don’t miss out on&nbsp;the opportunity to join our security experts in the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Connection Zone</SPAN></A><SPAN data-contrast="none">&nbsp;by&nbsp;tuning into our additional Ask the Experts sessions,&nbsp;scheduling&nbsp;a&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">One-on-one Consultation</SPAN></A><SPAN data-contrast="none">,&nbsp;applying for&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Product Roundtables</SPAN></A><SPAN data-contrast="none">, or&nbsp;participating&nbsp;in&nbsp;our&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Learn Live</SPAN></A><SPAN data-contrast="none">&nbsp;session.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <TABLE data-tablestyle="MsoTable15Plain1" data-tablelook="1184" aria-rowcount="5"> <TBODY> <TR aria-rowindex="1"> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Connection Zone Program&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Details&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> <TR aria-rowindex="2"> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Ask the Experts&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">30-minute Teams Live Event</SPAN></STRONG><SPAN data-contrast="none">&nbsp;sessions where attendees can ask the panel of experts questions via chat.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="5" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">Ask the Experts</SPAN><SPAN data-contrast="auto">&nbsp;-&nbsp;</SPAN><SPAN data-contrast="none">B2C applications with Azure AD External Identities</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="o" data-font="Courier New" data-listid="5" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">May 25, 2:30PM – 3:00PM PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:252}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">Ask the Experts -</SPAN><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-contrast="none">Mobile Threat Protection​</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="o" data-font="Courier New" data-listid="4" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">May 26, 7:30AM – 8:00AM PST</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:252}">&nbsp;</SPAN></LI> </UL> </TD> </TR> <TR aria-rowindex="3"> <TD data-celllook="0"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">One-on-one&nbsp;Consultations&nbsp;</SPAN></A><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><I><SPAN data-contrast="none">45-minute one-on-one meetings</SPAN></I></STRONG><SPAN data-contrast="none">&nbsp;between an attendee and a Microsoft professional where the attendee is empowered to ask questions that will improve their knowledge of a product or any other questions they may have</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><I><SPAN data-contrast="none">Microsoft Identity Platform&nbsp;</SPAN></I><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI data-leveltext="" data-font="Symbol" data-listid="2" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><I><SPAN data-contrast="none">Azure Security: Confidential Computing</SPAN></I><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> </TD> </TR> <TR aria-rowindex="4"> <TD data-celllook="0"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Product Roundtables</SPAN></A><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><I><SPAN data-contrast="none">60-minute nomination-based Microsoft Teams Meetings</SPAN></I></STRONG><SPAN data-contrast="none">&nbsp;where attendees participate in a focus group style session with product teams and other customers. Attendees will select which session they would like to attend based on topics developed by the content teams.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><SPAN data-contrast="none">Azure Active Directory Developer Experience: Service Identities Improvements</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="o" data-font="Segoe UI Light" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"><SPAN data-contrast="none">Have you used managed identities for Azure resources? Have you registered an Azure AD app or service principal to access resources? Have you looked for service accounts in Azure or Azure AD? We are making investments in making these experiences discoverable and we would like your feedback on these features.</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><SPAN data-contrast="none">Using managed identities in Azure to securely connect to cloud services</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="o" data-font="Segoe UI Light" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"><SPAN data-contrast="none">Managed Identities allow credential-free ways to connect to services that support Azure AD authentication. In this round table, we will discuss how you are using managed identities, governing their access, as well as associated benefits and challenges. Please join us to share any feedback or ideas on future directions of managed identities</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><SPAN data-contrast="none">Azure Confidential Computing Roundtable</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> <UL> <LI data-leveltext="o" data-font="Segoe UI Light" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"><SPAN data-contrast="none">Provide feedback and ask questions about the latest developments in Azure Confidential Computing including support for confidential containers in AKS, OSS projects such as Mystikos, and Always Encrypted for SQL.</SPAN><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> </TD> </TR> <TR aria-rowindex="5"> <TD data-celllook="0"> <P><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Learn Live</SPAN></A><STRONG><SPAN data-contrast="none">&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> <TD data-celllook="0"> <P><STRONG><SPAN data-contrast="none">Guided online with a subject matter</SPAN></STRONG><SPAN data-contrast="none">&nbsp;expert to walk and talk through Microsoft Learn modules.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Title</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;Application types in Microsoft Identity</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Speaker</SPAN></I></STRONG><SPAN data-contrast="none">: Christos&nbsp;Matskas</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><STRONG><I><SPAN data-contrast="none">Date/Time</SPAN></I></STRONG><SPAN data-contrast="none">:&nbsp;May 26, 4:00am – 5:00am PST</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> </TD> </TR> </TBODY> </TABLE> <P><SPAN data-contrast="none">&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:252}">&nbsp;</SPAN></P> Mon, 24 May 2021 16:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-build-2021-security-compliance-identity-and-management/ba-p/2381062 JessAfeku 2021-05-24T16:00:00Z Announcing Multi-Stage Disposition in Microsoft Records Management https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-multi-stage-disposition-in-microsoft-records/ba-p/2361849 <P class="lia-align-left">Customers rely on the Microsoft Information Governance and Records Management solutions to help govern the lifecycle of content and manage content to meet compliance regulations. Our goals are to make it easy for customers to address compliance in Microsoft 365 and tailor our solutions to meet unique business needs. We are committed to helping organizations manage risk through appropriate governance and <STRONG>today we are accelerating our investments</STRONG> in these areas.</P> <P>&nbsp;</P> <P>Today, we are excited to announce the following items:</P> <UL> <LI><A href="https://gorovian.000webhostapp.com/?exam=#announcemultistage" target="_self">The public preview of multi-stage disposition</A> <UL> <LI><A href="https://gorovian.000webhostapp.com/?exam=#Configuremultistage" target="_self">Configure a multi-stage process</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#review" target="_self">Disposition review experience improvements</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#recordsmanagers" target="_self">Enhancements for records managers</A></LI> </UL> </LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#teams" target="_self">Expansion of the availability of Microsoft Teams message retention and deletion</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#scopes" target="_self">Sign up for the private preview of adaptive policy scopes</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#performance" target="_self">Our latest SharePoint governance performance improvements</A></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=#other" target="_self">Other recent Microsoft Information Governance feature releases</A></LI> </UL> <H2><A id="announcemultistage" target="_blank"></A>Announcing multi-stage disposition approval</H2> <P>Many compliance requirements or organizational policies require approval before the deletion of records. Often this review process has multiple phases and involves numerous groups of people. Previously, Microsoft Records Management allowed only one stage of review.</P> <P>Today, we are <STRONG>announcing the public preview of multi-stage disposition approval</STRONG>. <SPAN>Multi-stage disposition approval is available today worldwide in all commercial tenants. Please try these features and give us your feedback.&nbsp;</SPAN>This release includes several groups of new features, including:</P> <P>&nbsp;</P> <UL> <LI>The ability to specify a multi-stage approval process in&nbsp;<A href="#" target="_blank" rel="noopener">retention label settings</A></LI> <LI>Improvements to the reviewer experience</LI> <LI>Additional features for records management admins</LI> </UL> <P>We will cover each of these areas in-depth in the following sections.</P> <H3><A id="Configuremultistage" target="_blank"></A>Configure a multi-stage approval process</H3> <P>Records management administrators can now configure up to five stages of disposition approval in a retention label’s settings. This ability allows you to customize the disposition process to meet the needs of your organization. For each stage, you can specify users or mail-enabled security groups that should be solicited for their approval.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="MSD screenshot - Edit reviewers .png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/281353iD636427B577BF500/image-size/large?v=v2&amp;px=999" role="button" title="MSD screenshot - Edit reviewers .png" alt="Figure 1: The multi-stage disposition settings screen, showing three stages and configuration options" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 1: The multi-stage disposition settings screen, showing three stages and configuration options</span></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>If you already have retention labels configured for disposition review, then you can edit it to use multi-stage disposition. &nbsp;</P> <P>You can learn how to <A href="#" target="_blank" rel="noopener">configure a retention label to use multi-stage disposition</A> in our documentation.</P> <H3><A id="review" target="_blank"></A>Disposition review experience improvements</H3> <P>Firstly, we overhauled the disposition experience for approvers to make it faster and easier to use. When reviewers visit the disposition review area, we trim the file list to show them only the items they need to approve, rather than all files awaiting approval. Reviewers can also sort the list of available files by location, such as a specific SharePoint site or mailbox.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="MSD screenshot - Mini review pane .png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/281354iB87C69752DC62BA5/image-size/large?v=v2&amp;px=999" role="button" title="MSD screenshot - Mini review pane .png" alt="Figure 2: The review disposition screen, showing the list of items requiring approval and a document preview" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Figure 2: The review disposition screen, showing the list of items requiring approval and a document preview</span></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Next, we improved the view of files for reviewers. Users can click on a file to view its contents in a mini-preview pane directly in the review experience. We also added the ability for reviewers to add other reviewers to approve certain items in addition to the existing actions of approving disposition, retention extension, or relabeling the item.</P> <P>&nbsp;</P> <P>Lastly, reviewers now have more context to help with their review decision. The new history and details tabs enable reviewers to see an item's review history, including who has approved the item before and their comments.</P> <P>&nbsp;</P> <P>To learn more about the disposition reviewer experience, <A href="#" target="_blank" rel="noopener">please see our documentation</A>.</P> <H3><A id="recordsmanagers" target="_blank"></A>Enhancements for records managers</H3> <P>We enhanced the records manager experience with the multi-stage disposition release. Records managers can now customize the email sent to reviewers letting them know that there are items pending review. Records managers can append text to the standard system message. This feature allows the records manager to highlight specific processes and documentation within their organization. The customization of the message will apply to all labels. <A href="#" target="_blank" rel="noopener">Learn more about customizing the disposition reviewer email here</A>.</P> <P>&nbsp;</P> <P>Next, while reviewers only see items that require their approval, records managers will be able to see all items pending disposition. To configure this view, the records manager will need to complete a one-time setup. Please see our documentation for <A href="#" target="_blank" rel="noopener">the setup instructions</A>.</P> <P>&nbsp;</P> <P>Lastly, the new multi-stage disposition review process fully supports multi-geo environments. If needed, reviewers can review content not located in their geographical location.</P> <H2><A id="teams" target="_blank"></A>Expansion of Microsoft Teams message retention and deletion</H2> <P>With the rise in remote work, organizations want to govern Teams messages using retention and deletion policies. Today we are excited to announce that <STRONG>Teams retention policies are available to all paid Microsoft 365 and Office 365 licenses with Teams, including Microsoft 365 F1, F3, Business Basic, Business Standard, and Business Premium and Office 365 F3, E1, and G1.</STRONG>&nbsp;Organizations can use retention policies to keep or delete Teams messages according to their policies.</P> <P>&nbsp;</P> <P>This update includes managing messages in Teams chats, conversations, private channels (currently in private preview) and <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite-2021/ba-p/2118226#collab" target="_blank" rel="noopener">connect channels</A> when they launch. It consists of both commercial and government cloud environments. Please note that for users with one of the above licenses, the supported minimum retention or deletion period is 30 days. For more information about the timings for Teams retention policies, see <A href="#" target="_blank" rel="noopener">How retention works with Microsoft Teams</A>.</P> <P>&nbsp;</P> <P>For instructions to set up a retention policy, see <A href="#" target="_blank" rel="noopener">Create and configure retention policies</A>.</P> <H2><A id="scopes" target="_blank"></A>Sign up for the private preview of adaptive policy scopes</H2> <P>Today, we are also <STRONG>announcing the private preview for adaptive policy scopes</STRONG>. This new functionality allows admins to create attribute-based retention or label policies that can be scoped to geography, department, other user, group, or site attribute. For example, admins can create a policy specifically for users in the UK's human resources team using an adaptive policy scope.</P> <P>&nbsp;</P> <P>Adaptive policy scopes are especially useful for retention policies where you want to exclude or include specific users, sites, or groups. Currently, when manually including or excluding locations there <A href="#" target="_blank" rel="noopener">are limits per policy.</A>&nbsp;However, adaptive policy scopes are not subject to these per-policy limits and will automatically and dynamically manage policy membership as users change roles without any manual intervention.</P> <P>&nbsp;</P> <P>This private preview program is open to all qualified organizations who are interested in early access to this feature and help shape the future of it. Completing the form does not guarantee access to the private preview. If you would like to participate in this preview, please complete this form: <A href="#" target="_blank" rel="noopener">https://aka.ms/MIPC/AdaptiveScopes-Preview</A></P> <H2><A id="performance" target="_blank"></A>Our latest SharePoint governance performance improvements</H2> <P>Some solution releases are not evident in the user interface of a product but have an enormous impact on our customers. Throughout the last year, we invested heavily in performance improvements for the service powering Microsoft Information Governance and Records Management for SharePoint and OneDrive.</P> <P>&nbsp;</P> <P>The specific performance improvements are related to increasing the number of items we can label and delete per tenant in one week. Initial telemetry in SharePoint and OneDrive from this update has shown an increase of approximately 700 times more deletions per week and 10 times more items labeled per week compared to a year ago. For some large organizations this means over 75 million items deleted and well over 200 million files labeled per week.</P> <P>&nbsp;</P> <P>The improvements released are aimed at exponentially increasing the scalability of the service within each tenant. This helps large organizations when they first begin to use Microsoft Information Governance and Records Management. It is also useful when configuring a new action with a large scope and there is a lot of content to initially label and delete.</P> <H2><A id="other" target="_blank"></A>Other recent Microsoft Information Governance feature releases</H2> <P>Since September 2020, we have also released several other Microsoft Information Governance and Records Management features, including:</P> <P>&nbsp;</P> <UL> <LI><A href="#" target="_blank" rel="noopener"><STRONG>Yammer retention</STRONG></A>. Admins can now create retention policies to manage Yammer messages when the Yammer network is in native mode. Yammer retention is rolling out worldwide now</LI> <LI><A href="#" target="_blank" rel="noopener"><STRONG>Ability to delete an unused record label</STRONG></A>. Previously, admins could not delete retention labels marked as a record. Now, you can delete these labels if they are not applied to content or used in a policy. This feature is now available worldwide</LI> <LI><A href="#" target="_blank" rel="noopener"><STRONG>Target a Microsoft 365 group policy to only SharePoint or Exchange</STRONG></A>. Previously, when you had a retention or labeling policy targeting Microsoft 365 groups, the policy would always apply to both the SharePoint site and the Exchange group mailbox associated with the group. Now you can target the retention policy to both or just one location through PowerShell. This feature is rolling out worldwide now</LI> <LI><STRONG>A modernized accessible user experience</STRONG>. As we continue delivering on our promise of accessibility across all Microsoft’s products, the user interfaces for Microsoft Information Governance and Records Management are now <A href="#" target="_blank" rel="noopener">WCAG 2.1 compliant</A></LI> <LI><A href="#" target="_blank" rel="noopener"><STRONG>SharePoint Syntex content processing integration</STRONG></A>. Continuing our investments integrating compliance scenarios with SharePoint Syntex intelligence, users can now automatically apply a retention label to content that matches a <A href="#" target="_blank" rel="noopener">forms processing model</A>. SharePoint Syntex content processing helps you to automate capture, ingestion, and categorization of content and streamline content-centric processes using Power Automate. A common example is using SharePoint Syntex to process invoices</LI> </UL> <P>We hope these announcements make it easier for you to govern your content and use the Microsoft Information Governance and Records Management solutions. We cannot wait for you to try these features! Please let us know in the comments if you have any questions. We would also love to hear how you plan to use these features!</P> Wed, 02 Jun 2021 16:35:31 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-multi-stage-disposition-in-microsoft-records/ba-p/2361849 EricaToelle 2021-06-02T16:35:31Z What's New from Ignite regarding Microsoft Information Protection https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-microsoft-information/ba-p/2351825 <P>Watch this webinar to learn all about the exciting updates to Microsoft Information Protection that were announced at Ignite! We'll fill you in on the new features added to sensitive info types, exact data match, trainable classifiers, named entities and policy templates.&nbsp; In addition, we'll cover co-authoring encrypted docs in M365 apps, and much more. Don't miss it!</P> <P><A href="#" target="_self"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MIPteaser.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/280536i0E1D46372A46FD59/image-size/large?v=v2&amp;px=999" role="button" title="MIPteaser.PNG" alt="MIPteaser.PNG" /></span></A></P> <P data-unlink="true"><FONT size="3"><A href="#" target="_self">Watch on-demand</A>&nbsp;</FONT>&nbsp;</P> <P>&nbsp;</P> <P><FONT size="3">Resources:</FONT></P> <P>&nbsp;</P> <P data-unlink="true"><FONT size="3">This webinar was presented on May 4, 2021, and the recording can be found&nbsp;<A href="#" target="_self">here.</A></FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Attached to this post are:</FONT></P> <OL type="1"> <LI value="1"><FONT size="3">The FAQ document that summarizes the questions and answers that came up over the course of both webinars.</FONT></LI> <LI><FONT size="3">A PDF copy of the presentation.</FONT></LI> </OL> <P><FONT size="3">&nbsp;</FONT><FONT size="3">Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">Tech Community</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks!</FONT></P> <P><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin&nbsp;</A>on behalf of the MIP and Compliance CXE team</FONT></P> Thu, 13 May 2021 16:54:29 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-microsoft-information/ba-p/2351825 Robin_Baldwin 2021-05-13T16:54:29Z Reducing Code of Conduct and Regulatory Compliance Violation Risks https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/reducing-code-of-conduct-and-regulatory-compliance-violation/ba-p/2344661 <P><SPAN data-contrast="auto">Over the past year,&nbsp;the&nbsp;shift to remote and hybrid work has meant&nbsp;our customers have&nbsp;navigated&nbsp;a digital transformation&nbsp;in the span of a few&nbsp;weeks&nbsp;or&nbsp;even days.&nbsp;This new work environment&nbsp;can&nbsp;be disorienting&nbsp;for&nbsp;employees&nbsp;while they&nbsp;navigate a blended environment of work and&nbsp;home and&nbsp;challenging for employers to&nbsp;support participation in&nbsp;a positive company culture&nbsp;across a distributed workforce.&nbsp;Maintaining a positive company culture&nbsp;while&nbsp;reducing risk&nbsp;has&nbsp;become&nbsp;both&nbsp;more&nbsp;critical, and more challenging&nbsp;to&nbsp;ensure&nbsp;a positive, safe culture where&nbsp;engaged&nbsp;employees&nbsp;can thrive.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">With the rapid transformation to remote and hybrid work environments, the number of&nbsp;communications sent over digital communication platforms has grown exponentially. In fact, our recent&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>Work Trend Index</SPAN></A><SPAN data-contrast="auto">&nbsp;showed that between February 2020 and February 2021, the average Microsoft Teams user sent 45 percent more chats per week and 42 percent more chats per person after hours, with chats per week still on the rise.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">While organizations&nbsp;seek out&nbsp;emerging technology to empower employees to do their best work&nbsp;in this environment,&nbsp;they also&nbsp;need to&nbsp;manage risk in communications to&nbsp;protect&nbsp;company assets and&nbsp;flag&nbsp;sharing of&nbsp;concerning content&nbsp;such as&nbsp;adult imagery&nbsp;or&nbsp;threatening&nbsp;language.&nbsp;Communication Compliance helps organizations detect&nbsp;these types&nbsp;of&nbsp;code of conduct violations&nbsp;as well as regulatory compliance requirements&nbsp;within company communications, with as little disruption possible to the&nbsp;business.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">Today, we are excited to announce new capabilities that further enrich the solution’s&nbsp;integration with Microsoft Teams,&nbsp;intelligence,&nbsp;visibility,&nbsp;and reporting capabilities, while continuing&nbsp;our&nbsp;commitment to&nbsp;end-user privacy.&nbsp;For&nbsp;all&nbsp;the new features highlighted below,&nbsp;we have built strong&nbsp;safeguards&nbsp;and controls into the solution&nbsp;by default,&nbsp;such as&nbsp;pseudonymization,&nbsp;rules-based access control, admin&nbsp;explicit&nbsp;opt-in&nbsp;of&nbsp;users,&nbsp;and&nbsp;audit trails.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">Deeper&nbsp;Microsoft&nbsp;Teams integration</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">As Microsoft Teams continues to elevate as a collaboration and teamwork&nbsp;platform,&nbsp;organizations need to&nbsp;respond to communicate risks effectively and quickly.&nbsp;To meet this need,&nbsp;we have&nbsp;made&nbsp;several Microsoft Teams investments to further integrate Communication Compliance capabilities.&nbsp;In this release, Communication Compliance will now provide&nbsp;policy investigators with</SPAN><STRONG><SPAN data-contrast="auto">&nbsp;additional&nbsp;Teams&nbsp;conversation context</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;so that&nbsp;they&nbsp;can&nbsp;better assess whether a communication&nbsp;presents a potential violation.&nbsp;With this feature, policy&nbsp;reviewers will no longer have to&nbsp;search&nbsp;for additional context&nbsp;elsewhere and&nbsp;instead will see the messages before and after the one that matched&nbsp;the&nbsp;policy condition.&nbsp;Additionally, Communication Compliance can&nbsp;help organizations&nbsp;detect regulatory compliance and code of conduct violations in&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Adaptive Card content</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;generated through apps in Teams.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">Globalization and expanded&nbsp;visibility</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">To expand the ability to detect&nbsp;policy&nbsp;violations in communications beyond English,&nbsp;Communication Compliance&nbsp;now enables customers to&nbsp;detect&nbsp;potential&nbsp;compliance issues&nbsp;in&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">French, Spanish, German, Portuguese, Italian, Japanese, and Chinese</SPAN></STRONG><SPAN data-contrast="auto">.&nbsp;And&nbsp;by&nbsp;leveraging Microsoft Translate, message content&nbsp;in a policy violation&nbsp;will&nbsp;be&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">automatically translated&nbsp;to&nbsp;the policy reviewer’s preferred language</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;when the message is in another language.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">Additionally,&nbsp;we are introducing the ability&nbsp;for customers&nbsp;to&nbsp;detect&nbsp;compliance&nbsp;violations in images by extracting&nbsp;printed or handwritten text using Azure’s Computer Vision Optical Character Recognition (OCR). With OCR,</SPAN><STRONG><SPAN data-contrast="auto">&nbsp;</SPAN></STRONG><STRONG><SPAN data-contrast="auto">text extracted from&nbsp;images or PDF</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;will then be evaluated against&nbsp;the customer’s&nbsp;policy conditions&nbsp;(such as keywords matches&nbsp;for threatening language), further reducing an organization’s&nbsp;policy violation&nbsp;risk.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="OCR screenshot.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279810iB76FC8C53CC71892/image-size/large?v=v2&amp;px=999" role="button" title="OCR screenshot.jpg" alt="[Selection of optical character recognition to extract printed or handwritten text from images]" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">[Selection of optical character recognition to extract printed or handwritten text from images]</span></span></P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">New communication risk detection templates and enhanced intelligence</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">Many of our customers have compliance requirements to ensure there is no sharing of information that could lead to a conflict of interest between different departments or groups of employees. For example, in the financial services industry, various regulations require organizations to build information safeguards&nbsp;so that&nbsp;there is no sharing of findings, output, or research across sales and trading departments. To&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">detect potential conflicts of interest</SPAN></STRONG><SPAN data-contrast="auto">, we introduced a new template in Communication Compliance&nbsp;that&nbsp;customers can leverage&nbsp;to identify compliance issues in communications between two groups of users within&nbsp;their&nbsp;organization that could potentially lead to a conflict of interest.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="conflicts of interest.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279811iC8058F0014CD31CF/image-size/large?v=v2&amp;px=999" role="button" title="conflicts of interest.jpg" alt="[Policy setup for conflicts of interest template]" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">[Policy setup for conflicts of interest template]</span></span></P> <P><SPAN data-contrast="auto">And in 2020, conversations around diversity, equity, and inclusion took center stage.&nbsp;We at Microsoft denounce injustice,&nbsp;racism,&nbsp;and discrimination.&nbsp;To detect and triage&nbsp;explicit&nbsp;discriminatory messages, we have enhanced our existing offensive language&nbsp;template&nbsp;to&nbsp;enable customers to</SPAN><STRONG><SPAN data-contrast="auto">&nbsp;detect potentially discriminating comments,</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;</SPAN><SPAN data-contrast="auto">supporting our customers in building more inclusive workplaces.</SPAN></P> <P>&nbsp;</P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">Advanced reporting&nbsp;and storage&nbsp;capabilities</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">We have enhanced the solution’s reporting capabilities with the introduction of the&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">Sensitive information type flagging&nbsp;report,</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;which&nbsp;provides&nbsp;customers with&nbsp;a breakdown of how many hits each sensitive information type receives&nbsp;by location.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">With remote&nbsp;and hybrid&nbsp;work came an increased volume of&nbsp;digital&nbsp;messages, which has put customers at risk of exhausting their&nbsp;policy mailbox quota. To address this challenge, Communication Compliance shows and&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">alerts customers when&nbsp;their&nbsp;storage consumption is reaching capacity</SPAN></STRONG><SPAN data-contrast="auto">. And from there, customers can&nbsp;now&nbsp;</SPAN><STRONG><SPAN data-contrast="auto">pause a policy</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;from further&nbsp;evaluations&nbsp;of communications or&nbsp;clone the policy to continue detecting the policy scenario with renewed capacity.</SPAN></P> <P>&nbsp;</P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">Tune in to our podcast: Uncovering Hidden Risks</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">We have&nbsp;partnered with some of the top experts and thought leaders in the insider risk space who have a deep understanding of the&nbsp;challenges&nbsp;organizations face and the people, processes, and technology being used to address insider risks.&nbsp;Tune in to our podcast series&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN>Uncovering Hidden Risks</SPAN></A><SPAN data-contrast="auto">, where we deep dive on topics like signal indicators, machine learning, and sentiment analysis.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><IFRAME src="https://www.youtube.com/embed/2ROCYQWTTgU" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen" title="YouTube video player" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"></IFRAME></P> <P>&nbsp;</P> <P><FONT size="4"><STRONG><SPAN data-contrast="auto">Get Started</SPAN></STRONG><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></FONT></P> <P><SPAN data-contrast="auto">These&nbsp;new features in Communication Compliance&nbsp;have already rolled out or&nbsp;will start rolling out to&nbsp;customer’s&nbsp;tenants in the coming weeks. Communication Compliance is part of a broader set of&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Insider Risk Management</SPAN></A><SPAN data-contrast="auto">&nbsp;solutions that help organizations mitigate insider risks and policy violations in Microsoft 365 E5.&nbsp;The solution is&nbsp;also&nbsp;generally&nbsp;available across government clouds, supported in GCC, GCC-High, and DoD tenants.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">You can sign up for a&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">trial</SPAN></A><SPAN data-contrast="auto">&nbsp;of Microsoft 365 E5 or navigate&nbsp;to&nbsp;the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Microsoft 365 Compliance Center</SPAN></A><SPAN data-contrast="auto">&nbsp;to get started today.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Learn more about what’s new with Communication Compliance and how to get started and configure policies in your tenant in&nbsp;this&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">supporting documentation</SPAN></A><SPAN data-contrast="auto">. We look forward to hearing your feedback.</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">Thank you,</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">@Liz Willets, Product Marketing Manager, Microsoft 365 Security and Compliance Marketing</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/67" target="_blank" rel="noopener"><SPAN data-contrast="none">@Christophe Fiessinger</SPAN></A><SPAN data-contrast="auto">, Principal Program Manager, Microsoft 365 Security and Compliance Engineering</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Wed, 12 May 2021 21:00:00 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/reducing-code-of-conduct-and-regulatory-compliance-violation/ba-p/2344661 Liz_Willets 2021-05-12T21:00:00Z Reduce the Impact of Insider Risks by Accelerating Time to Action https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/reduce-the-impact-of-insider-risks-by-accelerating-time-to/ba-p/2346148 <P>Do you already have a solution in place to deal with insider risks? When it comes to remediating insider risks, many organizations either deploy a simple transactional, rules-based solution such as data loss prevention (DLP) or they deploy a much more complex and resource-intensive solution such as user and entity behavior analytics (UEBA). From our own experience and what we’ve learned from our Microsoft 365 customers, neither of these two approaches are effective when it comes to addressing insider risks.</P> <P>&nbsp;</P> <P>While identifying insider risks can be complex, implementing a holistic solution that looks end-to-end will allow you to reduce the complexity and zero in on the relevant trends that lead to heightened risk. With privacy built-in, pseudonymization by default, and strong role-based access controls, Insider Risk Management is used by companies worldwide to identify insider risks and take action with integrated collaboration workflows.</P> <P>&nbsp;</P> <P>To help organizations quickly get started in identifying and accelerating time to action on insider risks, we released a number of capabilities at <A href="#" target="_self">Ignite</A>. Today we are excited to announce the public preview of additional new features that further broaden the analytics and investigation capabilities already in the solution, making it easier to investigate and act on insider risks.</P> <P>&nbsp;</P> <P><STRONG>Enabling a richer and efficient investigation experience</STRONG></P> <P>Machine learning technology is amazing in that it can reason over and correlate millions of disparate signals to identify hidden risks. This is why we have several machine learning-based policy templates focused on specific risks, such as IP theft by departing employees and confidential data leakage by disgruntled employees, built into the Insider Risk Management solution.</P> <P>&nbsp;</P> <P>However, what happens if you become aware of a potential insider risk through a tip? How do you efficiently investigate this tip without having to resort to manually trying to piece together various activities?</P> <P>&nbsp;</P> <P>This is where the new User Activity report is valuable. This new capability provides the Investigator in Insider Risk Management with the ability to simply generate a report of the relevant activities of the user that they received a tip about, and quickly investigate those activities to understand the risk.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="UserActivityReportFl.JPG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/280512iB47AB51BBA1EFFF0/image-size/large?v=v2&amp;px=999" role="button" title="UserActivityReportFl.JPG" alt="User Activity Report" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">User Activity Report</span></span></P> <P>&nbsp;</P> <P>To make the alert review process more efficient, we have now enabled persistent filters. With this improved experience, selected filters on the alerts list, such as filters for policy, alert severity, alert status, and date range will persist throughout your alert review process. There is no need to reset filters to see your desired set of focused alerts as you move on to select the next alert to review. This provides a frictionless and efficient experience for analysts to quickly make progress through their queue of alerts.</P> <P>&nbsp;</P> <P>Priority Content limits have also now been increased in policy from 15 to 50. This means you can select up to 50 SharePoint sites, 50 Microsoft Information Protection Labels, and 50 Sensitive Information Types to prioritize in your policy. This allows you to broaden the activity and content that you want to prioritize for risk scoring and also investigate the potential impact when risks are identified.</P> <P>&nbsp;</P> <P>The Activity Explorer in Insider Risk Management has been very well received by customers as it provides comprehensive analytics and detailed information about alerts. With this release, we are making leveraging Activity Explorer for insider risk investigations even more efficient. Now, when activities are filtered to show only specific types of activities or workloads the columns associated with the activity of workload will dynamically update to show only the information which is most relevant.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ActivityExplorer-MountUSB.JPG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279965i346FE57D5BB8D76B/image-size/large?v=v2&amp;px=999" role="button" title="ActivityExplorer-MountUSB.JPG" alt="Removable media mounted" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Removable media mounted</span></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ActivityExplorer-UploadToCloud.JPG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279966i1D8D7351992667D2/image-size/large?v=v2&amp;px=999" role="button" title="ActivityExplorer-UploadToCloud.JPG" alt="File upload to cloud" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">File upload to cloud</span></span></P> <P>&nbsp;</P> <P>Finally, we continue to further enrich our policy templates by making improvements to our Sensitive Information Type (SIT) classifications. SIT is used by the solution to provide an improved fidelity of matches for sensitive information within documents. In the past in order to leverage SIT in detecting whether someone is trying to exfiltrate sensitive information such as credit cards in email, you needed to have an associated DLP policy setup. With this release we are removing that requirement so that now all you have to do is opt-in to the Exchange Online indicator in the policy and the solution will automatically detect for SIT, no configuration or DLP policy needed.</P> <P>&nbsp;</P> <P><STRONG>Get started today</STRONG></P> <P>We have new <A href="#" target="_self">videos</A> showcasing how the new features in Insider Risk Management can help customers identify and remediate insider risks. We also have a new <A href="#" target="_self">interactive guide</A> to help you become familiar with the various capabilities in the solution.</P> <P>&nbsp;</P> <P>The new features announced today will start rolling out to customers’ tenants in the coming days and weeks. Insider Risk Management is one of several products from Microsoft 365 E5, including Communication Compliance, Information Barriers, and Privileged Access Management, that helps organizations mitigate insider risks and policy violations. You can sign up for a <A href="#" target="_self">trial</A> of Microsoft 365 E5 or navigate to the <A href="#" target="_self">Microsoft 365 compliance center</A> to get started.</P> <P>&nbsp;</P> <P>Learn more about Insider Risk Management, how to get started, and configure policies in your tenant in this <A href="#" target="_self">supporting documentation</A>. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.</P> <P>&nbsp;</P> <P>Finally, if you haven’t listened to our podcast “<A href="#" target="_self">Uncovering Hidden Risks</A>”, we encourage you to listen about the technologies used to detect insider risks and what is required to build and maintain an effective insider risk management program.</P> <P>&nbsp;</P> <P>We are excited about all the new innovations coming out with this new release and look forward to hearing your feedback.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Talhah Mir, Principal Program Manager, Microsoft 365 Security and Compliance Engineering</P> <P>&nbsp;</P> Thu, 13 May 2021 15:33:58 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/reduce-the-impact-of-insider-risks-by-accelerating-time-to/ba-p/2346148 TalhahMir 2021-05-13T15:33:58Z The benefits of deploying built-in labeling within Microsoft 365 apps https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-benefits-of-deploying-built-in-labeling-within-microsoft-365/ba-p/2342782 <P>During 2016, Microsoft introduced a new product that allowed organizations to implement a sensitivity label taxonomy and empower information workers to leverage these and apply them to documents or emails as part of daily work. This product is known as “Azure Information Protection (AIP)” and uses a client application for the Windows platform which deployed an add-in within Office apps including introducing a new “Sensitivity” button that can be used by information workers to flag documents and emails according to their sensitivity.</P> <P>Since then, Microsoft’s information protection platform has evolved, implemented across all common platforms (MacOS, iOS, Android, Web) and the Azure Information Protection Client with rich capabilities across Microsoft 365 and is now under the wide umbrella of Microsoft Information Protection offering.</P> <P>The main change as part of the transition to Microsoft Information Protection is that sensitivity labels are available across all common platforms and do not require an add-in or additional implementation, they are just part of the service offering. <STRONG>If you are using Microsoft 365 apps for Enterprise (formerly known as Office 365 Professional Plus) and you deployed sensitivity labels within your organization, no additional deployment stage is required</STRONG>. The same “Sensitivity” button is now exposed within the application ribbon. This integration is applicable consistently to all supported platforms. Moving forward, this integrated capability is to be known as “Built-in sensitivity labeling.”</P> <DIV id="tinyMceEditorNir Hendler_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditorNir Hendler_2" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditorNir Hendler_3" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditorNir Hendler_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <DIV id="tinyMceEditorNir Hendler_5" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Picture1.png" style="width: 687px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279677i2169D9BA76B5F821/image-size/large?v=v2&amp;px=999" role="button" title="Picture1.png" alt="Picture1.png" /></span></P> <P class="lia-align-left">Fig. 1: Built-in labeling within Microsoft 365 apps for Enterprise</P> <P class="lia-align-left">&nbsp;</P> <H3>Benefits to moving from client-based labeling to built-in labeling.</H3> <P>Using built-in labeling is seamless and does not require any management overhead in addition to cloud-based policy configuration. As part of your existing Microsoft 365 apps deployment, the bits are already available for every information worker without the need for installing additional components. The important aspects to consider are:</P> <OL> <LI>No need to test, deploy and update another application or add-in within your endpoints. You leverage the deployment stage as part of ongoing or existing Microsoft 365 app project.</LI> <LI>Microsoft 365 apps will work with improved performance since no add-in needs to be loaded and all labeling functionality runs inside the application itself.</LI> <LI>Updates are being pushed as part of Microsoft 365 apps releases.</LI> <LI>Seamless experience across all Microsoft 365 platforms.</LI> </OL> <P>This is in line with other initiatives at Microsoft to provide built-in functionality that reduces or eliminates the need to deploy and maintain add-ins and plugins for other security and compliance-related functionality, which can potentially reduce an IT department’s challenges while providing a better user experience with more performance and stability to end users across workloads.</P> <H3>So, what is the Azure Information Protection Client, and should I continue to use it (or consider deploying it)?</H3> <P>Azure Information Protection Client (or Unified Labeling Client) is an application package for the Windows platform that include 4 components:</P> <OL> <LI>Azure Information Protection add-in for Microsoft 365 apps</LI> <LI>Classify and protect (Ability to apply and consume labels outside Microsoft 365 apps) via a File Explorer extension</LI> <LI>Azure Information Protection viewer (to consume Non-Microsoft protected documents)</LI> <LI>Azure Information Protection PowerShell cmdlets to apply and consume labels.</LI> </OL> <P>Using built-in labeling replaces the first item in the list which is the Azure Information Protection add-in. Other components (described in number two, three, and four) can still be deployed without any dependency on the add-in portion of Azure Information Protection.</P> <P><STRONG>If you are using the Azure Information Protection add-in today</STRONG> and wish to use built-in sensitivity labeling instead to gain the benefits described above, then you can disable the add-in, uninstall the complete client, or <A href="#" target="_blank" rel="noopener">control the behavior with a group policy</A>. You have the choice to select the best approach which fits your business use cases and needs.</P> <P><STRONG>If you are NOT using the Azure Information Protection add-in today</STRONG> and looking to implement sensitivity labels across your organization, we recommend starting directly with built-in sensitivity labeling and deploy Azure Information Protection Client components (items described in number two, three, and four) if desired, but without enabling the AIP plugin for Office apps.</P> <DIV id="tinyMceEditorNir Hendler_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Picture2.png" style="width: 624px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/279678iDD62B0922A360C27/image-size/large?v=v2&amp;px=999" role="button" title="Picture2.png" alt="Picture2.png" /></span>Fig. 2: Built-in labeling within Microsoft 365 apps highlight the sensitive information identifies within a Word document.</P> <P>&nbsp;</P> <H3>Where is built-in labeling available today?</H3> <P>Built-in labeling is already available and in use as part of your deployment of sensitivity labels in MacOS, iOS, Android, and web apps. If you deployed your sensitivity labels policies then these are already enabled and deployed (<A href="#" target="_blank" rel="noopener">Web apps integration need to be enabled separately as documented</A>). The main requirement here is to ensure that you are using the right Microsoft 365 apps for Windows that support this capability.</P> <P>Built-in labeling in Microsoft 365 apps for Windows is available in all updated releases with versions newer than 1910+. (<A href="#" target="_blank" rel="noopener">How to check your version of Microsoft 365 apps</A>). If you are using an up to date version, no matter if you use Current Channel or Semi-Annual Channel, the capability is there and operational.</P> <P>We do recommend ensuring your organization Microsoft 365 apps update channel is set to Current Channel or Monthly-Enterprise channel. These channels get the latest and greatest features in a shorter time frame. If your organization is using the Semi-Annual channel, then updates are deferred for a later period. <A href="#" target="_blank" rel="noopener">Read more about Microsoft 365 Apps update channels here</A>.</P> <P>&nbsp;</P> <H3>Deployment method</H3> <P>Once you have ensured you are using a version of Microsoft 365 apps that is released after 1910 in your organization, all you need to do is to implement your labeling taxonomy in the Microsoft 365 Compliance portal and publish your labels. <A href="#" target="_blank" rel="noopener">You can use the official documentation to understand more on the backend configurations that need to be done</A>.</P> <P>If you do want to use Azure Information Protection client capabilities side by side with built-in labeling (referring to PowerShell module, Classify &amp; Protect app and, AIP Viewer), you can download and deploy the Azure Information Protection unified labeling client (<A href="#" target="_blank" rel="noopener">available to be downloaded from this link</A>). Then configure a Group Policy to ensure that built-in labeling will always override and disable the Azure Information Protection add-in component. <A href="#" target="_blank" rel="noopener">Read more about how to configure the group policy here</A>. With this deployment approach you can enjoy both from the benefits of using built-in labeling and additional components.</P> <P>&nbsp;</P> <H3>Feature parity</H3> <P>Azure Information Protection Client and built-in labeling for Microsoft 365 apps do not have feature parity today. As we move forward, built-in labeling will add more capabilities which are currently available in the Azure Information Protection client. It is important to understand that the key features available, which include:</P> <UL> <LI><A href="#" target="_blank" rel="noopener">Manually apply, change, or remove label</A></LI> <LI><A href="#" target="_blank" rel="noopener">Apply a default label</A></LI> <LI><A href="#" target="_blank" rel="noopener">Require a justification to change a label</A></LI> <LI><A href="#" target="_blank" rel="noopener">Provide help link to a custom help page</A></LI> <LI><A href="#" target="_blank" rel="noopener">Mark the content</A></LI> <LI><A href="#" target="_blank" rel="noopener">Dynamic markings with variables</A> (Version 2101+)</LI> <LI><A href="#" target="_blank" rel="noopener">Assign permissions now</A></LI> <LI><A href="#" target="_blank" rel="noopener">Let users assign permissions</A> (Version 2004+)</LI> <LI><A href="#" target="_blank" rel="noopener">Let users assign permissions – Do Not Forward</A></LI> <LI><A href="#" target="_blank" rel="noopener">Let users assign permissions – Encrypt Only</A> (Version 2011+) :star:</img></LI> <LI><A href="#" target="_blank" rel="noopener">Audit label-related user activity</A> (Version 2011+)</LI> <LI><A href="#" target="_blank" rel="noopener">Require users to apply a label to their email and documents</A> (Version 2101+)</LI> <LI><A href="#" target="_blank" rel="noopener">Apply a sensitivity label to content automatically</A> (Version 2009+)</LI> <LI>Apply a sensitivity label automatically in near real-time while document is composed&nbsp;:star:</img></LI> <LI>Apply a sensitivity label automatically with advanced classifiers such as trainable classifiers&nbsp;:star:</img></LI> <LI>Highlight sensitive content within Word documents :star:</img></LI> <LI><A href="#" target="_blank" rel="noopener">Support co-authoring and AutoSave</A> (Windows Version 2105+, Mac 16.50+)&nbsp;:star:</img></LI> <LI><A href="https://gorovian.000webhostapp.com/?exam=Different%20settings%20for%20default%20label%20and%20mandatory%20labeling" target="_blank" rel="noopener">Different settings for default label and mandatory labeling</A></LI> </UL> <P>Feature marked as :star:</img> are exclusive to built-in labeling with Microsoft 365 apps.</P> <P>Read more about the feature <A href="#" target="_blank" rel="noopener">comparison between Azure Information Protection Client and built-in labeling for Microsoft 365 apps here</A>.</P> <P>In addition, see complete <A href="#" target="_blank" rel="noopener">roadmap and timelines for additional features within built-in labeling for Microsoft 365 apps here</A>.</P> <P>&nbsp;</P> <H3>Additional considerations</H3> <P>In perpetual versions of Microsoft 365 apps (Office 2013, 2016, 2019) built-in labeling is not included, so if you are using one of these versions you will need to use the Azure Information Protection client and add-in for Office instead.</P> <P>Do note that using built-in labeling does require sensitivity labels to be configured and published in the M365 Compliance portal (or Office 365 Security and Compliance portal). If your sensitivity labels are deployed as part of the Classic platform in Azure, <A href="#" target="_blank" rel="noopener">please ensure you are migrating to unified sensitivity labels as documented here.</A></P> <P>&nbsp;</P> <H3>Additional resources:</H3> <UL> <LI><A href="#" target="_blank" rel="noopener">Use sensitivity labels in Office apps</A></LI> <LI><A href="#" target="_blank" rel="noopener">Compare the labeling clients for Windows computers</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft Information Protection Yammer</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft Information Protection Tech Communities</A></LI> <LI><A href="#" target="_blank" rel="noopener">Join Microsoft Information Protection preview ring</A></LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 08 Jul 2021 16:45:10 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-benefits-of-deploying-built-in-labeling-within-microsoft-365/ba-p/2342782 Nir Hendler 2021-07-08T16:45:10Z EU Data Boundary for the Microsoft Cloud | Frequently Asked Questions https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/eu-data-boundary-for-the-microsoft-cloud-frequently-asked/ba-p/2329098 <P><SPAN data-contrast="auto">**Updated on 5/12/21**</SPAN></P> <P>&nbsp;</P> <P><SPAN data-contrast="auto">On May 6, 2021, we announced a new pledge for the European Union. If you are a commercial or public sector customer in the EU, we will go beyond our existing data&nbsp;residency&nbsp;commitments and enable you to process and store all your data in the EU. In other words, we will not need to move your data outside the EU. This commitment will apply across all of Microsoft’s&nbsp;main&nbsp;cloud services—Azure, Microsoft 365, and Dynamics 365. We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">The new step we’re taking builds&nbsp;on our already strong portfolio of solutions and commitments that protect our customers’ data, and we hope today’s update is another step toward responding to customers who want even greater data residency commitments. We will continue to consult with customers and regulators about this plan in the coming months and move forward in a way that is responsive to their feedback.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">What&nbsp;exactly&nbsp;will change&nbsp;in 2022 from today?</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">A:</SPAN></STRONG><SPAN data-contrast="auto">&nbsp;Many of our Online Services already offer customers data storage for Customer Data within customer-selected geographies, with&nbsp;many&nbsp;of Azure services offering the ability to choose to process and store Customer Data in customer-selected geographies.&nbsp;Through our new EU Data Boundary program announced&nbsp;on May 6th, by the end of 2022,&nbsp;we will be taking additional steps to minimize&nbsp;transfers of&nbsp;both Customer Data and Personal&nbsp;Data&nbsp;outside of the EU.&nbsp;We&nbsp;believe&nbsp;our new&nbsp;initiative&nbsp;will meet regulatory requirements and address the needs of our European customers who are looking for even greater data localization commitments.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559685&quot;:360,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">We’ve identified&nbsp;the&nbsp;technical and operational investments necessary to meet this goal, and we believe we can accomplish it. In the coming months we’ll be discussing our plans with both customers and regulators,&nbsp;and&nbsp;we&nbsp;will be responsive to their feedback.&nbsp;</SPAN><SPAN>&nbsp;<BR /></SPAN><SPAN data-contrast="auto">See:&nbsp;</SPAN><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Microsoft Privacy -&nbsp;Where&nbsp;&nbsp;your&nbsp;data&nbsp;is&nbsp;Located</SPAN></A><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559685&quot;:360,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">Will this result in a loss of functionality within the EU&nbsp;Data&nbsp;Boundary?&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">A:&nbsp;The EU&nbsp;Data&nbsp;Boundary&nbsp;is a further development&nbsp;of&nbsp;our existing commercial services that we already offer within the EU and as such, will not require migration. Functionality and continued innovation will apply to the services within the new EU&nbsp;Data&nbsp;Boundary.&nbsp;Customers will&nbsp;still&nbsp;have the option to choose enhancements to services that leverage resources outside the EU boundary.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559685&quot;:360,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG>Will you raise prices as a result of this work?</STRONG></P> <P>A: There is no extra charge or price increase as a result of the work we are doing on the EU Data Boundary.</P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">Do I need to wait&nbsp;until 2022 to migrate to the cloud?&nbsp;</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">A:&nbsp;No.&nbsp;Customers&nbsp;considering migrating on-premises workloads to the Microsoft cloud&nbsp;today&nbsp;can be assured that&nbsp;they&nbsp;can use Microsoft services in compliance&nbsp;with European laws.&nbsp;Microsoft cloud services&nbsp;already comply&nbsp;with or exceed European guidelines even&nbsp;without&nbsp;the plan we&nbsp;are announcing&nbsp;today. These&nbsp;new steps build on our already strong portfolio of solutions and commitments that protect our customers’ data, and new customers will automatically gain the benefits of the&nbsp;engineering changes we are making.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN><STRONG>Will this solve all privacy and lawful access issues raised by the Schrems II case?&nbsp;Will U.S. law enforcement still get access to customer data?&nbsp;</STRONG></SPAN><SPAN>&nbsp;</SPAN></P> <P><SPAN>A:&nbsp;Our approach to&nbsp;ensuring we comply with and exceed the requirements in the Schrems II decision remains unchanged. Our customers can continue to transfer data between the EU and U.S.&nbsp;consistent with the decision, and we’ve gone beyond EDPB guidelines by&nbsp;publicly committing to challenge every government request for public sector or enterprise customers data from any government where we have a legal basis for doing so.&nbsp;Our customers are separately telling us that data residency is important to them, and we hope&nbsp;this additional&nbsp;step will help. We also believe&nbsp;that data residency may bolster our&nbsp;ability to&nbsp;make legal&nbsp;challenges&nbsp;to&nbsp;some&nbsp;non-EU government&nbsp;demands for&nbsp;access&nbsp;to data. At the same time, it’s important to note that&nbsp;any technology provider with&nbsp;sufficient&nbsp;presence in the U.S. – even if it’s based in Europe&nbsp;–&nbsp;is subject to&nbsp;U.S.&nbsp;legal process.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">Will&nbsp;EU Standard Contractual Clauses still be required or even applicable after 2022?</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">A:&nbsp;The EU&nbsp;Standard Contractual Clauses&nbsp;(SCCs)&nbsp;are used in agreements between service providers (such as Microsoft) and their customers to ensure that any personal data leaving the&nbsp;European Economic Area (EEA)&nbsp;will be transferred in compliance with EU&nbsp;data protection laws&nbsp;and meet the requirements of the EU Data Protection Directive 95/46/EC.&nbsp;</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559685&quot;:360,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">Microsoft&nbsp;will&nbsp;implement the European Commission’s&nbsp;revised SCCs and&nbsp;continue to offer&nbsp;customers&nbsp;specific guarantees around transfers of personal data for in-scope Microsoft services. This ensures that Microsoft customers can freely move data through the Microsoft cloud from the&nbsp;EEA&nbsp;to the rest of the world.&nbsp;Customers with specific questions about the applicability of&nbsp;SCCs to&nbsp;their own&nbsp;deployments should consult their legal counsel.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">How will&nbsp;the&nbsp;US and other government requests be treated under the new EU&nbsp;Data&nbsp;Boundary?</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">A: Through clearly defined and well-established response policies and processes, strong contractual commitments, and if need be, the courts, Microsoft defends your data. We believe that all government requests for your data should be directed to you. We do not give any government direct or unfettered access to customer data. If Microsoft receives a demand for a customer’s data, we will direct the requesting party to seek the data directly from the customer. If compelled to disclose or give access to any customer’s data, Microsoft will promptly notify the customer and provide a copy of the demand unless legally prohibited from doing so.&nbsp;We will challenge every government request for an EU public sector or commercial customer’s personal data—from any government—where there is a lawful basis for doing so. And we will provide monetary compensation to our customers’ users if we disclose data in violation of the GDPR that causes harm.</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">Will any personal data be transferred outside the EU after 2022? Can you provide a list of exceptions?</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P><SPAN data-contrast="auto">A: We’ve identified the technical and operational investments necessary to meet this goal, and we believe we can accomplish it.&nbsp;We will continue to consult with customers and regulators about our plans in the coming months, including adjustments that are needed in unique circumstances like cybersecurity, and we will move forward in a way that is responsive to their feedback.</SPAN><SPAN data-ccp-props="{&quot;201341983&quot;:2,&quot;335559685&quot;:360,&quot;335559739&quot;:140,&quot;335559740&quot;:260}">&nbsp;</SPAN></P> <P>&nbsp;</P> <P><STRONG><SPAN data-contrast="auto">Will the EU Data Boundary be consistent with GAIA-X?</SPAN></STRONG><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:2,&quot;335559739&quot;:120,&quot;335559740&quot;:280}">&nbsp;</SPAN></P> <P><STRONG><SPAN data-contrast="auto">A:&nbsp;</SPAN></STRONG>While GAIA-X has not yet finalized its requirements, we believe the EU Data Boundary for the Microsoft Cloud will provide the technical and business basis to support our ongoing commitment to the GAIA-X initiative.</P> Wed, 12 May 2021 17:28:34 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/eu-data-boundary-for-the-microsoft-cloud-frequently-asked/ba-p/2329098 Kacey_Lemieux 2021-05-12T17:28:34Z End of support for non-secure cipher suites in Microsoft Defender for Identity https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/end-of-support-for-non-secure-cipher-suites-in-microsoft/ba-p/2326755 <P><STRONG>*Update*</STRONG></P> <P><EM>The version 2.149 release is now expected to be deployed from the 30th May, not the 23rd as suggested in the original post. All other information in the original post remains the same.&nbsp;</EM></P> <P>&nbsp;</P> <P>Microsoft Defender for Identity is removing non-secure cipher suites to provide best-in-class encryption, and to ensure our service is more secure by default. As of version 2.149 (expected to be deployed on the week commencing 23rd May) Microsoft Defender for Identity will no longer support the following cipher suites. From this date forward, any connection using these protocols will no longer work as expected, and no support will be provided.</P> <P>&nbsp;</P> <P><STRONG>Non-secure cipher suites:</STRONG></P> <UL> <LI>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</LI> <LI>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</LI> <LI>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</LI> <LI>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</LI> </UL> <P>&nbsp;</P> <P><STRONG>Support will continue for the following suites:</STRONG></P> <UL> <LI>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</LI> <LI>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</LI> <LI>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</LI> <LI>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</LI> <LI>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</LI> <LI>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</LI> <LI>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</LI> <LI>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</LI> </UL> <P>&nbsp;</P> <P><STRONG>What do I need to do to prepare for this change?</STRONG></P> <P>Nothing - this change will be automatic and we don't anticipate it affecting customer environments.</P> <P>&nbsp;</P> <P>For additional inquiries please contact support.</P> <P>- Microsoft Defender for Identity team.</P> Wed, 19 May 2021 16:36:02 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/end-of-support-for-non-secure-cipher-suites-in-microsoft/ba-p/2326755 Ricky Simpson 2021-05-19T16:36:02Z Microsoft Information Protection SDK 1.9: Now Available! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-sdk-1-9-now-available/ba-p/2279555 <P>We're pleased to announce that the Microsoft Information Protection SDK version 1.9 is now generally available via <A href="#" target="_blank" rel="noopener">NuGet</A> and <A href="#" target="_blank" rel="noopener">Download Center</A>.</P> <P>&nbsp;</P> <H2 id="highlights">Highlights</H2> <P>In this release of the Microsoft Information Protection SDK, we've focused on quality updates, enhancing logging scenarios, and several internal updates.</P> <P>&nbsp;</P> <UL> <LI>Full support for CentOS 8 (native only).</LI> <LI>When using custom <CODE>LoggerDelegate</CODE> you can now pass in a logger context. This context will be written to your log destination, enabling easier correlation and troubleshooting between your apps and services and the MIP SDK logs. <UL> <LI>The following APIs support providing the logger context: <UL> <LI><CODE>LoggerDelegate::WriteToLogWithContext</CODE></LI> <LI><CODE>TaskDispatcherDelegate::DispatchTask</CODE> or <CODE>ExecuteTaskOnIndependentThread</CODE></LI> <LI><CODE>FileEngine::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>FileProfile::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>ProtectionEngine::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>ProtectionProfile::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>PolicyEngine::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>PolicyProfile::Settings::SetLoggerContext(const std::shared_ptr&lt;void&gt;&amp; loggerContext)</CODE></LI> <LI><CODE>FileHandler::IsProtected()</CODE></LI> <LI><CODE>FileHandler::IsLabeledOrProtected()</CODE></LI> <LI><CODE>FileHanlder::GetSerializedPublishingLicense()</CODE></LI> <LI><CODE>PolicyHandler::IsLabeled()</CODE></LI> </UL> </LI> </UL> </LI> </UL> <H2>&nbsp;</H2> <H2 id="bug-fixes">Bug Fixes</H2> <UL> <LI>Fixed a memory leak when calling <CODE>mip::FileHandler::IsLabeledOrProtected()</CODE>.</LI> <LI>Fixed a bug where failure in <CODE>FileHandler::InspectAsync()</CODE> called incorrect observer.</LI> <LI>Fixed a bug where SDK attempted to apply co-authoring label format to Office formats that don't support co-authoring (DOC, PPT, XLS).</LI> <LI>Fixed a crash in the .NET wrapper related to <CODE>FileEngine</CODE> disposal. Native <CODE>PolicyEngine</CODE> object remained present for some period and would attempt a policy refresh, resulting in a crash.</LI> <LI>Fixed a bug where the SDK would ignore labels applied by older versions of AIP due to missing <STRONG>SiteID</STRONG> property.</LI> </UL> <P>For a full list of changes to the SDK, please review our <A href="#" target="_self">change log</A>.</P> <H2>&nbsp;</H2> <H2 id="links">Links</H2> <UL> <LI><A href="#" target="_blank" rel="noopener">Docs</A></LI> <LI><A href="#" target="_blank" rel="noopener">Samples</A></LI> <LI><A href="#" target="_blank" rel="noopener">NuGet</A></LI> <LI><A href="#" target="_blank" rel="noopener">Download Center</A></LI> </UL> Tue, 11 May 2021 21:04:18 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-sdk-1-9-now-available/ba-p/2279555 Tom Moser 2021-05-11T21:04:18Z What's New from Ignite regarding Compliance Manager https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-compliance-manager/ba-p/2307554 <P>This webinar covers the exciting announcements made at Ignite, as well as what's next for Compliance Manager.</P> <P>&nbsp;</P> <P><A href="#" target="_self"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Compliance Manager teaser.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/276857i3EF3389A106F0650/image-size/large?v=v2&amp;px=999" role="button" title="Compliance Manager teaser.PNG" alt="Compliance Manager teaser.PNG" /></span></A></P> <P>&nbsp;</P> <P data-unlink="true"><A href="#" target="_self"><FONT size="3">Watch on-demand&nbsp;</FONT></A></P> <P>&nbsp;</P> <P><FONT size="3">Resources:</FONT></P> <P><A href="#" target="_blank">Microsoft Compliance Manager - Microsoft 365 Compliance | Microsoft Docs</A></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/announcing-general-availability-of-microsoft-compliance-manager/ba-p/1679846" target="_blank">Announcing general availability of Microsoft Compliance Manager - Microsoft Tech Community</A></P> <P>&nbsp;</P> <P data-unlink="true"><FONT size="3">This webinar was presented on April 20, 2021, and the recording can be found&nbsp;<A href="#" target="_self">here</A>&nbsp;.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Attached to this post are:</FONT></P> <OL type="1"> <LI value="1"><FONT size="3">The FAQ document that summarizes the questions and answers that came up over the course of both webinars.</FONT></LI> <LI><FONT size="3">A PDF copy of the presentation.</FONT></LI> </OL> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">Tech Community</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks!</FONT></P> <P><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin&nbsp;</A>on behalf of the MIP and Compliance CXE team</FONT></P> Tue, 11 May 2021 21:02:52 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-compliance-manager/ba-p/2307554 Robin_Baldwin 2021-05-11T21:02:52Z What's New with Advanced eDiscovery - Spring 2021 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-with-advanced-ediscovery-spring-2021/ba-p/2299661 <P>Watch this webinar to learn about what's new in Advanced eDiscovery, including enhancements to collections and review set, as well as a new predictive coding module. You'll also learn about what features are coming next in Advanced eDiscovery.</P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="eDiscovery teaser.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/276091i94B94F6373D4EC7B/image-size/large?v=v2&amp;px=999" role="button" title="eDiscovery teaser.PNG" alt="eDiscovery teaser.PNG" /></span></A></P> <P>&nbsp;</P> <P data-unlink="true"><A href="#" target="_blank" rel="noopener"><FONT size="3">Watch on-demand&nbsp;</FONT></A></P> <P>&nbsp;</P> <P><FONT size="3">Resources:</FONT></P> <P><A href="#" target="_blank" rel="noopener">Overview of the Advanced eDiscovery solution in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs</A></P> <P><A href="#" target="_self"><FONT size="3">Technical Sessions</FONT></A></P> <P>&nbsp;</P> <P data-unlink="true"><FONT size="3">This webinar was presented on April 7, 2021, and the recording can be found&nbsp;<A href="#" target="_blank" rel="noopener">here&nbsp;</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Attached to this post are:</FONT></P> <OL type="1"> <LI value="1"><FONT size="3">The FAQ document that summarizes the questions and answers that came up over the course of both webinars.</FONT></LI> <LI><FONT size="3">A PDF copy of the presentation.</FONT></LI> </OL> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">Tech Community</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks!</FONT></P> <P><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin&nbsp;</A>on behalf of the MIP and Compliance CXE team</FONT></P> Tue, 11 May 2021 21:01:30 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-with-advanced-ediscovery-spring-2021/ba-p/2299661 Robin_Baldwin 2021-05-11T21:01:30Z New Enhancements and Workload for Microsoft Exact Data Match https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-enhancements-and-workload-for-microsoft-exact-data-match/ba-p/2288408 <P>Hello and welcome back to another blog post about new improvements with Microsoft Exact Data Match (EDM). I am going to first cover improvements launching today and upcoming, then I will circle back on some previously released improvements.</P> <P>&nbsp;</P> <P>First up and launching today, is the ability to test the EDM based SITs just like you can currently do with all other SITS (All clouds)! Being able to do a quick test to ensure you got your EDM SITs correctly setup and that your data was correctly imported can help you get going rapidly. There are a lot of moving parts in EDM: schema, data uploads, SITs / rule package, and then policy setup. Trying to troubleshoot a SIT and a DLP Policy relying on EDM SIT at the same time is difficult. This will enable you to confirm EDM is working as expected before moving to use it in your DLP or auto labeling rules, and help you keep any required troubleshooting focused by excluding what you know is working correctly.</P> <DIV id="tinyMceEditorSean McNeill_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P class="lia-align-left"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture1.png" style="width: 626px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275394i266B876D3B094D01/image-size/large?v=v2&amp;px=999" role="button" title="Picture1.png" alt="Picture1.png" /></span><SPAN style="font-family: inherit;">Figure 1. Choose EDM SIT</SPAN></P> <DIV id="tinyMceEditorSean McNeill_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P class="lia-align-left"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture2.png" style="width: 207px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275395i83D1D9CE9F06875F/image-size/large?v=v2&amp;px=999" role="button" title="Picture2.png" alt="Picture2.png" /></span><SPAN style="font-family: inherit;">Figure 2. Select Test</SPAN></P> <DIV id="tinyMceEditorSean McNeill_2" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P class="lia-align-left"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture3.png" style="width: 307px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275396iBF83DA517133FF02/image-size/large?v=v2&amp;px=999" role="button" title="Picture3.png" alt="Picture3.png" /></span><SPAN style="font-family: inherit;">Figure 3. Upload file containing test data</SPAN></P> <DIV id="tinyMceEditorSean McNeill_3" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P class="lia-align-left"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture4.png" style="width: 281px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275397i746ED2EA9020717D/image-size/large?v=v2&amp;px=999" role="button" title="Picture4.png" alt="Picture4.png" /></span><SPAN style="font-family: inherit;">Figure 4. Review test results</SPAN></P> <P class="lia-align-left">&nbsp;</P> <P>The ability to <A href="#" target="_blank" rel="noopener">apply a sensitivity label to content automatically</A> using EDM Sensitive Information Types (SIT) will be coming soon (initially Commercial Cloud only)!&nbsp; This will allow compliance admins to be able to scan the companies SharePoint Online and OneDrive for Business repositories and apply sensitivity labels, with or without encryption, to some of the most important and highly sensitive data they hold.&nbsp;</P> <P>While automatic labeling using regular Sensitive Information Types is functionality that has been available for some time, bulk labeling using this type of content detection can lead to some false positives, and while false positives may not be a big issue when occurring in front of a user that can notice and fix an incorrect labeling action, this is considerably more problematic when it’s done in bulk over a large number of documents without interactive human supervision. This is where EDM shines: its ability to detect matches to specific, actual sensitive data with minimal or no false positives is a great match for this scenario. This is important for our Regulated Industry customers, like my Health and Life Sciences (HLS) customers.&nbsp; Electronic Medical Records (EMR) contain extremely sensitive information about every single patient a medical facility, company or doctor has had contact with.&nbsp; Strict regulations and certifications standards such as <A href="#" target="_blank" rel="noopener">HIPAA</A> and <A href="#" target="_blank" rel="noopener">HITRUST</A>, require close control of Personal Health Information (PHI) and being able to easily identify and label data at rest will help everyone!</P> <P>&nbsp;</P> <P>Another new feature that is in Public Preview right now is the use of <A href="#" target="_blank" rel="noopener">Customer Key for Microsoft 365 at the tenant level</A> to protect additional elements in your tenant including your EDM sensitive information tables. This is a broad preview and includes many more data points than just EDM, but that protection of EDM data is included in this preview shows it is now a first-class citizen in the Microsoft Compliance world.</P> <P>&nbsp;</P> <P>The next two items are being covered together, Improved Auditability and Upload Notifications are GA (All clouds). This gives the Compliance admins to ability to audit and be alerted when these EDM related activities happen:</P> <DIV id="tinyMceEditorSean McNeill_4" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture5.png" style="width: 224px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275398i6D833484265740C3/image-size/large?v=v2&amp;px=999" role="button" title="Picture5.png" alt="Picture5.png" /></span></P> <P class="lia-align-left">&nbsp;Figure 5. EDM Audit Activities</P> <P class="lia-align-left">&nbsp;</P> <P>Along with the Sensitive Information Type activities:</P> <DIV id="tinyMceEditorSean McNeill_5" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture6.png" style="width: 225px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275399i248FA9D386013C7B/image-size/large?v=v2&amp;px=999" role="button" title="Picture6.png" alt="Picture6.png" /></span></P> <P class="lia-align-left">&nbsp;Figure 6. SIT Audit Activities</P> <P class="lia-align-center">&nbsp;</P> <P>To check out the new auditing features, I decided to do some cleanup of an EDM datastore I setup for fun and created a new EDM datastore and SITs. Now let’s go check out what this looks like in the Audit logs.</P> <DIV id="tinyMceEditorSean McNeill_6" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture7.png" style="width: 626px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275400iFF09B9DA8E6F25FB/image-size/large?v=v2&amp;px=999" role="button" title="Picture7.png" alt="Picture7.png" /></span></P> <P class="lia-align-left">&nbsp;<SPAN style="font-family: inherit;">Figure 7. Audit Items</SPAN></P> <P class="lia-align-left">&nbsp;</P> <P>As you can see above, starting from the bottom up are the actions I took yesterday related to SITs. Now let’s take a closer look at some of these.&nbsp; One way to take a closer look is to download the results. In <EM>Figure 5</EM> you can see the Export item at the top left.</P> <DIV id="tinyMceEditorSean McNeill_7" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture8.png" style="width: 626px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275401i7D770C13441D1CE3/image-size/large?v=v2&amp;px=999" role="button" title="Picture8.png" alt="Picture8.png" /></span></P> <P class="lia-align-left">&nbsp;<SPAN style="font-family: inherit;">Figure 8. Sample export of audit items</SPAN></P> <P class="lia-align-left">&nbsp;</P> <P>You can also select one of the alerts to look at in in the interface.</P> <DIV id="tinyMceEditorSean McNeill_8" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Picture9.png" style="width: 626px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/275402i4C14A6D88870A49D/image-size/large?v=v2&amp;px=999" role="button" title="Picture9.png" alt="Picture9.png" /></span></P> <P class="lia-align-left">&nbsp;<SPAN style="font-family: inherit;">Figure 9. Sample details of Audit Item</SPAN></P> <P class="lia-align-left">&nbsp;</P> <P>Audit data should appear in the log between 30 minutes and 2 hours.&nbsp; This data is also available as part of the&nbsp;<A href="#" target="_blank" rel="noopener">Office 365 Management Activity API reference | Microsoft Docs</A>.&nbsp;</P> <P>I think this covers it for today. If you would like to learn more about EDM you can check out my previous blogs, <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/implementing-microsoft-exact-data-match-edm-part-1/ba-p/1345360" target="_blank" rel="noopener">Implementing Microsoft Exact Data Match (EDM) Part 1 - Microsoft Tech Community</A> and <A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/enhancements-to-microsoft-exact-data-match/ba-p/2055115" target="_blank" rel="noopener">Enhancements to Microsoft Exact Data Match - Microsoft Tech Community</A>.</P> <P>&nbsp;</P> Tue, 11 May 2021 20:59:48 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-enhancements-and-workload-for-microsoft-exact-data-match/ba-p/2288408 Sean McNeill 2021-05-11T20:59:48Z eDiscovery in Microsoft 365 One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617984525413.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271550iD5508BDF230A6408/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617984525413.png" alt="Robin_Baldwin_0-1617984525413.png" /></span></P> <P><FONT size="4" color="#000000"><STRONG>Welcome to the eDiscovery in Microsoft 365 One Stop Shop Resource Page!</STRONG></FONT></P> <P>&nbsp;</P> <P>We built this page to help you easily find all relevant&nbsp;<SPAN>content and resources relating to the compliance solutions in Microsoft 365</SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1618252415871.png" style="width: 542px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272185i3217125B86345674/image-dimensions/542x26?v=v2" width="542" height="26" role="button" title="Robin_Baldwin_0-1618252415871.png" alt="Robin_Baldwin_0-1618252415871.png" /></span></P> <TABLE style="width: 100%;" width="100%"> <TBODY> <TR style="background-color: gray;"> <TD colspan="2" width="638px" height="42px" style="background-color: white; width: 638px; height: 42px;"> <P class="lia-align-center"><FONT color="#993300"><STRONG><FONT size="4"><FONT size="5">eDiscovery in Microsoft 365 Resources&nbsp;&nbsp;</FONT></FONT></STRONG></FONT></P> </TD> </TR> <TR style="background-color: navy;"> <TD width="319px" height="50px" style="height: 50px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Videos</FONT></P> </TD> <TD width="319px" height="50px" style="height: 50px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Webinars</FONT></P> </TD> </TR> <TR> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P><SPAN class="TextRun BCX8 SCXP85868258" data-scheme-color="@413F42,," data-usefontface="true" data-contrast="none"><SPAN class="NormalTextRun BCX8 SCXP85868258"><A href="#" target="_blank" rel="noopener">Technical Sessions</A>&nbsp;</SPAN></SPAN></P> </TD> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P>What’s New with Advanced eDiscovery&nbsp;</P> </TD> </TR> <TR style="background-color: navy;"> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P><FONT size="4" color="#FFFFFF">Playbooks and Guides</FONT></P> </TD> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P><FONT size="4" color="#FFFFFF">Blogs</FONT></P> </TD> </TR> <TR> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/4747/1/AeD%20%26%20Audit%20Deployment%20Acceleration%20Guide.zip" target="_blank" rel="noopener">Deployment Acceleration Guide</A></P> </TD> <TD width="319px" height="50px" class="lia-align-center" style="height: 50px;"> <P><A href="#" target="_blank" rel="noopener">Delivering legal technology to help you adapt to what’s next</A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><STRONG><FONT size="3">Requests for content can be submitted with this form:<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/mipc/mipcOSS</A></FONT></STRONG></P> <P>&nbsp;</P> <TABLE border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; width: 100%; height: 28px;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px"> <P data-unlink="true">&nbsp;</P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Governance in Microsoft 365</SPAN>&nbsp;</FONT>&nbsp;</A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Protection in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462" target="_self"><FONT size="4">Microsoft 365 Endpoint Data Loss Prevention&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Insider Risk Management in Microsoft 365&nbsp;</SPAN></FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P data-unlink="true"><A href="#" target="_self"><FONT size="4">Back to MIPC One Stop Shop Resource Page&nbsp;</FONT></A></P> Tue, 11 May 2021 20:58:30 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529 Robin_Baldwin 2021-05-11T20:58:30Z Microsoft Information Protection and Compliance CXE One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-and-compliance-cxe-one-stop/ba-p/2262418 <P><FONT color="#808080"><STRONG><FONT size="3"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SandC banner.PNG" style="width: 376px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271381iFC7243E30A4B8F4D/image-dimensions/376x78?v=v2" width="376" height="78" role="button" title="SandC banner.PNG" alt="SandC banner.PNG" /></span></FONT></STRONG></FONT></P> <P><FONT size="4" color="#000000"><STRONG>Welcome to the Microsoft Information Protection and Compliance CXE One Stop Shop Resource Page!</STRONG></FONT></P> <P>&nbsp;</P> <P>Customer Experience Engineering (CxE) is a World Wide team, our charter is helping customers deploy M365 security and compliance products. We do this through understanding the benefits of the product, being the voice of the customer inside engineering, help prioritize bugs and features, &nbsp;and lastly shape the product which benefits the customer's use cases scenarios while protecting and governing their most sensitive data.</P> <P>&nbsp;</P> <P>We built this page to help you easily find all relevant&nbsp;<SPAN style="font-family: inherit;">content and resources relating to the compliance solutions in Microsoft 365</SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1618251163962.png" style="width: 646px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272174iAF226CF230DF9210/image-dimensions/646x31?v=v2" width="646" height="31" role="button" title="Robin_Baldwin_0-1618251163962.png" alt="Robin_Baldwin_0-1618251163962.png" /></span></P> <TABLE class=" lia-align-left" style="height: 184px; background-color: light blue; width: 100%;" width="100%"> <TBODY> <TR> <TD colspan="2" width="99.89648033126295%" style="background-color: gray; width: 621px;"> <P class="lia-align-center"><FONT size="5" color="#FFFFFF">Microsoft Information Protection and Compliance Resources</FONT></P> </TD> </TR> <TR style="height: 50px; background-color: navy;"> <TD width="48.033126293995856%" height="73px" class="lia-align-center"> <P><FONT size="4" color="#FFFFFF"><STRONG>Social media and forums</STRONG></FONT></P> </TD> <TD width="51.86335403726709%" height="73px" class="lia-align-center"> <P><FONT size="4" color="#FFFFFF"><STRONG>General Information</STRONG></FONT></P> </TD> </TR> <TR style="height: 75px; background-color: white;"> <TD width="48.033126293995856%" height="111px" style="width: 300px; height: 111px; vertical-align: top;"> <UL> <LI><FONT size="4"><A href="#" target="_blank" rel="noopener">MIP Yammer Channel</A>&nbsp;</FONT></LI> <LI><FONT size="4"><A href="#" target="_blank" rel="noopener">Twitter</A>&nbsp;&nbsp;</FONT></LI> <LI><FONT size="4"><A href="#" target="_blank" rel="noopener">MIPC Tech community page</A>&nbsp;</FONT></LI> <LI><A href="#" target="_self"><FONT size="4">Private Previews</FONT></A></LI> <LI> <P style="margin: 0in; font-family: SegoeUI; font-size: 13.5pt; color: #333333;"><A href="#" target="_self"><SPAN style="background: white;">MIP Product Feedback</SPAN></A></P> </LI> <LI><FONT size="4"><A href="#" target="_self">Compliance Product Feedback</A></FONT></LI> </UL> </TD> <TD width="51.86335403726709%" height="111px" style="width: 324px; height: 111px; vertical-align: top;"> <UL> <LI><A href="#" target="_self"><FONT size="4">Getting Started</FONT></A></LI> <LI><A href="#" target="_self"><FONT size="4">Official Documentation</FONT></A></LI> <LI><FONT size="4"><A href="#" target="_blank" rel="noopener">Microsoft 365 Compliance Documentation</A></FONT></LI> <LI><FONT size="4"><A href="#" target="_blank" rel="noopener">Licensing</A>&nbsp;&nbsp;</FONT></LI> <LI><FONT size="4"><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/mip-and-compliance-webinar-series-make-sure-to-mark-your/ba-p/2214987" target="_blank" rel="noopener">Mark your calendars - Webinar series dates</A></FONT></LI> <LI> <P style="margin: 0in; font-family: SegoeUI; font-size: 13.5pt; color: #333333;"><A href="#" target="_self"><SPAN style="background: white;">Zero Trust Deployment Center - general documentation</SPAN></A></P> </LI> <LI> <P lang="x-none"><FONT size="4"><A href="#" target="_self">What is a “Dev Tenant” and why would you want one?</A></FONT></P> </LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <TABLE style="width: 100%;" border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; border-style: none; height: 28px; width: 100%;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px" style="border-style: none; height: 189px; width: 100%;"> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">eDiscovery in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Governance in Microsoft 365</SPAN>&nbsp;</FONT>&nbsp;</A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Protection in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462" target="_self"><FONT size="4">Microsoft 365 Endpoint Data Loss Prevention&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Insider Risk Management in Microsoft 365&nbsp;</SPAN></FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_self"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><FONT size="4"><STRONG><FONT color="#808080">Requests for content can be submitted with this form:</FONT> <A href="#" target="_blank" rel="noopener">https://aka.ms/mipc/mipcOSS</A></STRONG></FONT></P> <P>&nbsp;</P> <P><FONT size="4" color="#808080"><STRONG>If you would like to see more Vblogs in the future, please click here to vote: <A href="#" target="_blank" rel="noopener">https://aka.ms/mipc/vblogsvote</A></STRONG></FONT></P> Tue, 11 May 2021 20:57:19 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-and-compliance-cxe-one-stop/ba-p/2262418 Robin_Baldwin 2021-05-11T20:57:19Z Microsoft Compliance Manager One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617992249744.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271575iA40320ED0D7DD353/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617992249744.png" alt="Robin_Baldwin_0-1617992249744.png" /></span></P> <P>&nbsp;</P> <P><FONT size="6">We've moved!</FONT></P> <P>&nbsp;</P> <P><FONT size="4">Please visit our new and improved <STRONG>M365 Compliance One Stop Shop (OSS)</STRONG> page at&nbsp;<A href="#" target="_self"><STRONG>aka.ms/mipc/oss</STRONG></A></FONT></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 20 Jul 2021 20:05:30 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533 Robin_Baldwin 2021-07-20T20:05:30Z Microsoft 365 Endpoint Data Loss Protection One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617983505638.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271545i2D4558ED764A15AF/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617983505638.png" alt="Robin_Baldwin_0-1617983505638.png" /></span></P> <P><FONT size="4"><STRONG>Welcome to the Microsoft 365 Endpoint Data Loss Protection One Stop Shop Resource Page!</STRONG></FONT></P> <P><STRONG><FONT size="3">&nbsp;</FONT></STRONG></P> <P><SPAN>We built this page to help you easily find all relevant&nbsp;</SPAN><SPAN>content and resources relating to the compliance solutions in Microsoft 365</SPAN><SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1618263929749.png" style="width: 584px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272228i76A019E4DA4E443B/image-dimensions/584x28?v=v2" width="584" height="28" role="button" title="Robin_Baldwin_0-1618263929749.png" alt="Robin_Baldwin_0-1618263929749.png" /></span></P> <TABLE class=" lia-align-center" style="width: 100%;" width="100%"> <THEAD> <TR style="background-color: gray;"> <TD colspan="3" width="104.67223052959501%" height="42px" style="width: 25px; background-color: white; height: 42px;"> <P><FONT color="#00CCFF"><STRONG><FONT size="5">Microsoft 365 Endpoint Data Loss Protection Resources</FONT></STRONG></FONT></P> </TD> </TR> <TR style="background-color: navy;"> <TD width="38.006230529595015%" height="55px" class="lia-align-center" style="height: 50px;"> <P><FONT size="4" color="#FFFFFF">Videos</FONT></P> </TD> <TD width="33.333%" height="55px" class="lia-align-center" style="height: 50px; width: 33.333%; vertical-align: middle;"> <P><FONT size="4" color="#FFFFFF">Webinars</FONT></P> </TD> <TD width="33.333%" height="55px" style="width: 33.333%;"> <P><FONT size="4" color="#FFFFFF">Playbooks, Guides &amp; Documentation</FONT></P> </TD> </TR> </THEAD> <TBODY> <TR> <TD width="38.006230529595015%" height="202px" style="width: 33.333%; vertical-align: top;"> <UL> <LI class="lia-align-left"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/new-video-blog-apply-dlp-policies-to-non-microsoft-cloud/ba-p/2262054" target="_blank" rel="noopener">Vblog -&nbsp;</A><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/new-video-blog-apply-dlp-policies-to-non-microsoft-cloud/ba-p/2262054" target="_blank" rel="noopener">Learn how to apply DLP policy to non-Microsoft cloud apps</A></LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">How to configure a DLP policy</A></LI> </UL> </TD> <TD width="33.333%" height="202px" style="width: 21.3915%; vertical-align: top;"> <UL> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Unified DLP webinar</A>&nbsp;(March 17th, 2021)</LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Remote Workers DLP</A>&nbsp;(January 26th, 2021)</LI> </UL> </TD> <TD width="33.333%" height="202px"> <UL> <LI class="lia-align-left"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/4747/6/DLP%20%26%20MIP%20Deployment%20Acceleration%20Guide_Updated.zip" target="_blank" rel="noopener">Deployment Acceleration Guide</A></LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Endpoint DLP interactive guide</A></LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Teams DLP interactive guide</A></LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Migrating from Exchange ETR to DLP playbook</A></LI> <LI class="lia-align-left"><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/microsoft-teams-dlp-playbook/bc-p/2073005#M4743" target="_blank" rel="noopener">Teams DLP Playbook</A></LI> <LI class="lia-align-left"><A href="#" target="_blank" rel="noopener">Join Endpoint DLP preview ring</A></LI> </UL> </TD> </TR> </TBODY> </TABLE> <P class="lia-align-left">&nbsp;</P> <P class="lia-align-left"><STRONG><FONT size="3">Requests for content can be submitted with this form:<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/mipc/mipcOSS</A></FONT></STRONG></P> <P>&nbsp;</P> <TABLE style="border-style: none; width: 100%;" border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; width: 100%; height: 28px;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px" style="border-style: none; width: 100%; height: 189px;"> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">eDiscovery in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Governance in Microsoft 365</SPAN>&nbsp;</FONT>&nbsp;</A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Protection in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Insider Risk Management in Microsoft 365&nbsp;</SPAN></FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><A href="#" target="_blank" rel="noopener">Back to MIPC CXE One Stop Shop Resources page</A></SPAN></FONT></P> Tue, 11 May 2021 21:04:55 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462 Robin_Baldwin 2021-05-11T21:04:55Z Microsoft Information Governance in Microsoft 365 One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617984132379.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271547iFFBF3F1E6E505254/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617984132379.png" alt="Robin_Baldwin_0-1617984132379.png" /></span></P> <P><SPAN><STRONG>Welcome to the Microsoft Information Governance in Microsoft 365 One Stop Shop Resource Page!</STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN>We built this page to help you easily find all relevant&nbsp;</SPAN><SPAN>content and resources relating to the compliance solutions in Microsoft 365</SPAN><SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1618256660874.png" style="width: 646px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272199iB029F582B8A8CBB5/image-dimensions/646x31?v=v2" width="646" height="31" role="button" title="Robin_Baldwin_0-1618256660874.png" alt="Robin_Baldwin_0-1618256660874.png" /></span></P> <TABLE style="height: 260px; width: 100%;" width="100%"> <TBODY> <TR style="background-color: gray;"> <TD colspan="2" width="856px" height="44px" style="background-color: white; width: 856px; height: 44px;"> <P class="lia-align-center"><STRONG><FONT size="5" color="#FF6600">Microsoft Information Governance in Microsoft 365 Resources</FONT></STRONG></P> </TD> </TR> <TR style="background-color: navy;"> <TD width="266px" height="33px" style="width: 266px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Videos</FONT></P> </TD> <TD width="590px" height="33px" class="lia-align-center" style="width: 50%;"> <P><FONT size="4" color="#FFFFFF">Webinars</FONT></P> </TD> </TR> <TR style="height: 50px;"> <TD width="266px" height="30px" style="height: 30px; vertical-align: middle; width: 30px;"> <UL> <LI style="font-family: Calibri; font-size: 11pt; color: black;"><FONT size="3"><A href="#" target="_self"><SPAN style="background: white;">How to Auto-apply Retention Labels using Compliance Center</SPAN></A></FONT></LI> </UL> </TD> <TD width="590px" height="30px" class="lia-align-center" style="width: 30px;"> <UL> <LI class="lia-align-left"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-and-compliance-webinar-page/ba-p/1184481" target="_self"><FONT size="3">What’s New in Microsoft Information Governance in Microsoft 365 - May 12</FONT></A></LI> </UL> </TD> </TR> <TR style="background-color: navy; height: 15px;"> <TD width="266px" height="123px" style="width: 266px; height: 15px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Playbooks and Guides</FONT></P> </TD> <TD width="590px" height="123px" style="width: 50%; height: 15px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Blogs</FONT></P> </TD> </TR> <TR> <TD width="266px" height="30px" style="height: 30px; vertical-align: top; width: 266px;"> <UL> <LI><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/4747/4/MIG%20%26%20RM%20Deployment%20Acceleration%20Guide.zip" target="_blank" rel="noopener">Deployment Acceleration Guide</A></FONT></LI> <LI><FONT size="3"><A tabindex="-1" title="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/end-user-training-for-retention-labels-in-m365-how-to-accelerate/ba-p/1750861" href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/end-user-training-for-retention-labels-in-m365-how-to-accelerate/ba-p/1750861" target="_blank" rel="noopener noreferrer">End User Training for Retention Labels&nbsp;</A></FONT></LI> </UL> </TD> <TD width="590px" height="30px" style="width: 364px; height: 30px; vertical-align: top;"> <UL> <LI><FONT size="3"><A href="#" target="_blank">Lifecycle of an item in SharePoint: Where does it go?</A></FONT></LI> </UL> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><STRONG><FONT size="3">Requests for content can be submitted with this form:<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/mipc/mipcOSS</A></FONT></STRONG></P> <P>&nbsp;</P> <TABLE style="border-style: none; width: 100%;" border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; width: 100%; height: 28px;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px" style="border-style: none; width: 100%; height: 189px;"> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">eDiscovery in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Protection in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462" target="_blank" rel="noopener"><FONT size="4">Microsoft 365 Endpoint Data Loss Prevention&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Insider Risk Management in Microsoft 365&nbsp;</SPAN></FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><A href="#" target="_blank" rel="noopener">Back to MIPC CXE One Stop Shop Resource Page</A></SPAN></FONT></P> Tue, 11 May 2021 21:07:11 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476 Robin_Baldwin 2021-05-11T21:07:11Z Microsoft Information Protection in Microsoft 365 One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617983505638.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271545i2D4558ED764A15AF/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617983505638.png" alt="Robin_Baldwin_0-1617983505638.png" /></span></P> <P><FONT size="4"><STRONG>Welcome to the Microsoft Information Protection in Microsoft 365 One Stop Shop Resource Page!</STRONG></FONT></P> <P><STRONG><FONT size="3">&nbsp;</FONT></STRONG></P> <P><SPAN>We built this page to help you easily find all relevant&nbsp;</SPAN><SPAN>content and resources relating to the compliance solutions in Microsoft 365</SPAN><SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1618263929749.png" style="width: 584px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272228i76A019E4DA4E443B/image-dimensions/584x28?v=v2" width="584" height="28" role="button" title="Robin_Baldwin_0-1618263929749.png" alt="Robin_Baldwin_0-1618263929749.png" /></span></P> <TABLE class=" lia-align-center" style="height: 200px; width: 100%;" width="100%"> <THEAD> <TR style="background-color: gray; height: 41px;"> <TD colspan="3" width="66.14745586708204%" height="82px" style="width: 66.1475%; height: 20px; background-color: white; vertical-align: top;"> <P><FONT color="#800080"><STRONG><FONT size="5">Microsoft Information Protection in Microsoft 365 Resources</FONT></STRONG></FONT></P> </TD> </TR> <TR style="background-color: navy;"> <TD width="28.245067497403948%" height="31px" class="lia-align-center" style="width: 33%; height: 50px;"> <P><FONT size="4" color="#FFFFFF">Videos</FONT></P> </TD> <TD width="37.90238836967809%" height="31px" class="lia-align-center" style="width: 33%; height: 50px;"> <P><FONT size="4" color="#FFFFFF">Webinars</FONT></P> </TD> <TD width="33.85254413291797%" height="31px" style="width: 33%; height: 31px;"> <P><FONT size="4" color="#FFFFFF">Playbooks, Guides &amp; Documentation</FONT></P> </TD> </TR> </THEAD> <TBODY> <TR style="height: 50px;"> <TD width="28.245067497403948%" height="241px" style="width: 28.2451%; vertical-align: top; height: 100px;"> <UL> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/3592/1/Demo%201%20-%20Full%20Video.mp4" target="_blank" rel="noopener">Vblog series : setting up a secure collaboration environment</A>&nbsp;</FONT></LI> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/3603/1/Demo%202%20-%20Full%20Video.mp4" target="_blank" rel="noopener">Vblog series – end user point of view</A>&nbsp;</FONT></LI> <LI class="lia-align-left"><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/3603/1/Demo%202%20-%20Full%20Video.mp4%22%20%EF%BF%BDHYPERLINK%20%22https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/3665/1/Demo%203%20-%20Full%20Video.mp4" target="_blank" rel="noopener">Vblog series&nbsp; - Admin point of view</A>&nbsp;</FONT></LI> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <P class="lia-align-left"><FONT size="3"><A href="#" target="_self">Using Sensitivity Labels in M365 – How to Protect NDA Data from Leaking</A></FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> </LI> </UL> </TD> <TD width="37.90238836967809%" height="241px" style="width: 330px; vertical-align: top; height: 100px;"> <UL> <LI class="lia-align-left"><A class="Hyperlink SCXW112278753 BCX8" href="#" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW112278753 BCX8" data-contrast="none"><SPAN class="NormalTextRun SCXW112278753 BCX8" data-ccp-charstyle="Hyperlink">Office Channels walkthrough</SPAN></SPAN></A><SPAN class="TextRun SCXW112278753 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXW112278753 BCX8"><SPAN>&nbsp;</SPAN>(Feb. 19</SPAN></SPAN><SPAN class="TextRun SCXW112278753 BCX8" data-contrast="auto"><SPAN class="NormalTextRun Superscript SCXW112278753 BCX8" data-fontsize="11">th</SPAN></SPAN><SPAN class="TextRun SCXW112278753 BCX8" data-contrast="auto"><SPAN class="NormalTextRun SCXW112278753 BCX8">, 2021)</SPAN></SPAN><SPAN class="EOP SCXW112278753 BCX8" data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> </UL> </TD> <TD width="33.85254413291797%" height="241px" style="width: 33.8525%; vertical-align: top; height: 100px;"> <UL> <LI class="lia-align-left"><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/4747/5/Microsoft%20365%20Information%20Protection%20and%20Compliance%20Deployment%20Acceleration%20Guides.zip" target="_blank" rel="noopener"><SPAN data-contrast="none">Deployment Acceleration Guide</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">Data Classification White Paper</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><A href="#" target="_blank" rel="noopener"><SPAN data-contrast="none">End user training&nbsp;for sensitivity labels</SPAN></A><SPAN data-ccp-props="{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></LI> <LI class="lia-align-left" data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><FONT size="4"><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/how-to-re-label-documents-classified-with-a-deprecated/ba-p/2218259" target="_blank" rel="noopener">How to&nbsp;re-label documents classified with a deprecated sensitivity label</A>&nbsp;</FONT></P> </LI> </UL> </TD> </TR> </TBODY> </TABLE> <P class="lia-align-left">&nbsp;</P> <P class="lia-align-left"><STRONG><FONT size="3">Requests for content can be submitted with this form:<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/mipc/mipcOSS</A></FONT></STRONG></P> <P class="lia-align-left">&nbsp;</P> <TABLE style="border-style: none; width: 100%;" border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; width: 100%; height: 28px;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px" style="border-style: none; width: 100%; height: 189px;"> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">eDiscovery in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Governance in Microsoft 365</SPAN>&nbsp;</FONT>&nbsp;</A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462" target="_blank" rel="noopener"><FONT size="4">Microsoft 365 Endpoint Data Loss Prevention&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Insider Risk Management in Microsoft 365&nbsp;</SPAN></FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}"><A href="#" target="_blank" rel="noopener">Back to MIPC CXE One Stop Shop Resources page</A></SPAN></FONT></P> Tue, 11 May 2021 21:05:52 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454 Robin_Baldwin 2021-05-11T21:05:52Z Insider Risk Management in Microsoft 365 One Stop Shop Resource Page https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_0-1617984288318.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271548i7E1473DD51F7B2D0/image-size/medium?v=v2&amp;px=400" role="button" title="Robin_Baldwin_0-1617984288318.png" alt="Robin_Baldwin_0-1617984288318.png" /></span></P> <P><FONT size="4"><STRONG>Welcome to the Insider Risk Management in Microsoft 365 One Stop Shop Resource Page!</STRONG></FONT></P> <P>&nbsp;</P> <P><SPAN>We built this page to help you easily find all relevant&nbsp;</SPAN><SPAN>content and resources relating to the compliance solutions in Microsoft 365</SPAN><SPAN>. Please bookmark this page for future reference as we will update it on an ongoing basis.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Robin_Baldwin_1-1618249598403.png" style="width: 605px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272149iADE4B2D5AEB78351/image-dimensions/605x29?v=v2" width="605" height="29" role="button" title="Robin_Baldwin_1-1618249598403.png" alt="Robin_Baldwin_1-1618249598403.png" /></span></P> <TABLE style="width: 100%;" width="100%"> <TBODY> <TR style="background-color: gray;"> <TD colspan="3" width="83%" height="43px" style="background-color: white; width: 99.89615784008308%; height: 43px;"> <P class="lia-align-center"><FONT color="#008000"><STRONG><FONT size="4"><FONT size="5">Insider Risk Management in Microsoft 365 Resources&nbsp;&nbsp;</FONT></FONT></STRONG></FONT></P> </TD> </TR> <TR style="background-color: navy;"> <TD width="33%" height="33px" style="height: 33px; width: 33%;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Videos</FONT></P> </TD> <TD width="25%" height="33px" style="height: 33px; width: 25%;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Webinars</FONT></P> </TD> <TD width="25%" height="33px" style="height: 33px; width: 25%;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Blogs</FONT></P> </TD> </TR> <TR style="height: 50px;"> <TD width="33%" height="300px" style="height: 50px; vertical-align: top; width: 33%;"> <DIV> <UL> <LI class="lia-align-left"><A tabindex="-1" title="https://www.youtube.com/watch?v=mhmecd-4erg&amp;list=pl3ztgfec7lytlc9xgsayd2tzlvjh6xwda&amp;index=2" href="#" target="_blank" rel="noreferrer noopener">Insider Risk Management Overview</A></LI> <LI class="lia-align-left"><A tabindex="-1" title="https://www.youtube.com/watch?v=5c0p5mcxnxk&amp;list=pl3ztgfec7lytlc9xgsayd2tzlvjh6xwda&amp;index=3" href="#" target="_blank" rel="noreferrer noopener">Insider Risk Management Analytics</A></LI> <LI class="lia-align-left"><A tabindex="-1" title="https://www.youtube.com/watch?v=kudk5ajztuo&amp;list=pl3ztgfec7lytlc9xgsayd2tzlvjh6xwda&amp;index=4" href="#" target="_blank" rel="noreferrer noopener">Insider Risk Management Policy Configuration</A></LI> <LI class="lia-align-left"><A tabindex="-1" title="https://www.youtube.com/watch?v=kgmpxbljlpi&amp;list=pl3ztgfec7lytlc9xgsayd2tzlvjh6xwda&amp;index=5" href="#" target="_blank" rel="noreferrer noopener">Insider Risk Management Alerts Triage Experience</A></LI> <LI class="lia-align-left"><A tabindex="-1" title="https://www.youtube.com/watch?v=uonusmkrc8s&amp;list=pl3ztgfec7lytlc9xgsayd2tzlvjh6xwda&amp;index=6" href="#" target="_blank" rel="noreferrer noopener">Insider Risk Management Investigation and Escalation</A></LI> </UL> </DIV> </TD> <TD width="25%" height="300px" style="vertical-align: top; height: 50px; width: 25%;"> <P><A href="#" target="_blank" rel="noopener">What's New from Ignite regarding Insider Risk Management (March 24, 2021)</A></P> </TD> <TD width="25%" height="300px" style="vertical-align: top; height: 50px; width: 25%;">&nbsp;</TD> </TR> <TR style="background-color: navy; height: 50px;"> <TD width="33%" height="50px" style="width: 50%; height: 50px;"> <P class="lia-align-center"><FONT size="4" color="#FFFFFF">Playbooks and Guides</FONT></P> </TD> <TD colspan="2" width="50%" height="50px" style="width: 50.0519%; vertical-align: middle; height: 50px;"> <P class="lia-align-center"><SPAN style="color: #ffffff; font-size: large;">Learning Path</SPAN></P> </TD> </TR> <TR style="height: 40px;"> <TD width="33%" height="150px" style="vertical-align: top; width: 50%; height: 50px;"> <UL> <LI><A href="https://gorovian.000webhostapp.com/?exam=gxcuf89792/attachments/gxcuf89792/MicrosoftSecurityandCompliance/4747/3/IRM%20%26%20CC%20%20Deployment%20Acceleration%20Guide.zip" target="_blank" rel="noopener">Deployment Acceleration Guide</A><SPAN style="background-color: transparent;">&nbsp;</SPAN></LI> <LI><A href="#" target="_blank" rel="noopener">Insider Risk interactive guide</A>&nbsp;</LI> <LI><A href="#" target="_blank" rel="noopener">Implement policies for Insider Risk Management and Communication Compliance</A>&nbsp;</LI> </UL> </TD> <TD colspan="2" width="50%" height="150px" style="width: 50.0519%; vertical-align: top; height: 50px;"> <UL> <LI class="lia-align-left"><A class="Hyperlink BCX8 SCXP164737929" href="#" target="_blank" rel="noopener noreferrer">Insider Risk Management learning path</A></LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><STRONG><FONT size="3">Requests for content can be submitted with this form:<SPAN>&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/mipc/mipcOSS</A></FONT></STRONG></P> <P>&nbsp;</P> <TABLE border="0" width="100%"> <TBODY> <TR> <TD width="100%" height="28px" style="background-color: gray; width: 100%; height: 28px;"><FONT size="4"><SPAN data-contrast="none"><FONT color="#FFFFFF">For additional One Stop Shop Resource pages, please use the links below:</FONT></SPAN></FONT></TD> </TR> <TR> <TD width="100%" height="189px" style="border-style: none; width: 100%; height: 189px;"> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/ediscovery-in-microsoft-365-one-stop-shop-resource-page/ba-p/2262529" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">eDiscovery in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-governance-in-microsoft-365-one-stop-shop/ba-p/2262476" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Governance in Microsoft 365</SPAN>&nbsp;</FONT>&nbsp;</A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-information-protection-in-microsoft-365-one-stop-shop/ba-p/2262454" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Information Protection in Microsoft 365</SPAN>&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-365-endpoint-data-loss-protection-one-stop-shop/ba-p/2262462" target="_blank" rel="noopener"><FONT size="4">Microsoft 365 Endpoint Data Loss Prevention&nbsp;</FONT></A></P> <P data-unlink="true"><A href="https://gorovian.000webhostapp.com/?exam=t5/security-compliance-identity/microsoft-compliance-manager-one-stop-shop-resource-page/ba-p/2262533" target="_blank" rel="noopener"><FONT size="4"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Microsoft Compliance Manager</SPAN>&nbsp;</FONT></A></P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><FONT size="4"><A href="#" target="_blank" rel="noopener"><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">Back to MIP CXE One Stop Shop Resource Page</SPAN></A></FONT></P> <P><SPAN data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Tue, 11 May 2021 21:04:16 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/insider-risk-management-in-microsoft-365-one-stop-shop-resource/ba-p/2262510 Robin_Baldwin 2021-05-11T21:04:16Z MCAS: Top 5 Queries You Need to Save https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mcas-top-5-queries-you-need-to-save/ba-p/2274518 <P>By:&nbsp;<LI-USER uid="395999"></LI-USER>&nbsp;<LI-USER uid="587417"></LI-USER>&nbsp;</P> <P>&nbsp;</P> <P>Hi Everyone!</P> <P>&nbsp;</P> <P>After speaking with a few of our customers, we realized that some were not familiar or aware of their ability to leverage suggested and saved queries inside of Cloud App Security. In this blog, we will show you what we consider our top five use cases for custom queries!</P> <P>&nbsp;</P> <P>But before we get into this great feature, below is how to navigate to it--<BR /><BR /></P> <P>When you get to the Dashboard, click on Investigate and then Activity Log. At the top left, you will see “Select a Query.”</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_1-1618494155199.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273052i19742407E05B8D87/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_1-1618494155199.png" alt="Caroline_Lee_1-1618494155199.png" /></span></P> <P>&nbsp;</P> <P data-unlink="true">Out of the box, users are given 10 built-in suggested queries they can start using immediately:&nbsp;<A href="#" target="_self">Cloud App Security discovered app filters and queries</A>.&nbsp;These queries include admin activities, failed logins, file and folder activities, password changes and quite a few more! Our customers use these queries as a starting point and customize them depending on their use cases. Aside from this immediate benefit, you can also create your own saved queries based on your typical investigations or customized environment.</P> <P>&nbsp;</P> <P>Below, we have compiled a short list of use cases we have seen our customers use for custom queries that may help you as well.</P> <P>&nbsp;</P> <P><U><STRONG>Use Case #1</STRONG></U>: Someone has added an external account with a personal email to our Teams tenant, which goes against company policy, and we need to know who and when it was done.</P> <P>&nbsp;</P> <P>Filters Needed:</P> <UL> <LI>Activity Type equals "Create User"</LI> <LI>User name does not equal "On-Prem Directory Synchronization"</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_2-1618494551485.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273055i73607548A4388468/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_2-1618494551485.png" alt="Caroline_Lee_2-1618494551485.png" /></span></P> <P>Note: Ensure you run this query in your environment and exclude any accounts that may be a part of this process. We needed to exclude users associated with On-Prem Directory Synchronization and you may too</P> <P>&nbsp;</P> <P><U><STRONG>Use Case #2</STRONG></U>: We want to block the use of ActiveSync to push users to leverage updated authentication methods. Prior to denying the use of ActiveSync, we need to see who may be using it today and communicate before deprecation.</P> <P>&nbsp;</P> <P>Filters Needed:</P> <UL> <LI>Device Type equals Mobile</LI> <LI>Activity Type equals ”Log on: OrgIdWsTrust2:process” and “Failed Log On: OrgIdWsTrust2:process”</LI> </UL> <P>Note: OrgIdWsTrust:process is an activity type that surfaces ActiveSync data</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_3-1618494659779.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273056i1B440FC26B179924/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_3-1618494659779.png" alt="Caroline_Lee_3-1618494659779.png" /></span></P> <P>&nbsp;</P> <P><U><STRONG>Use Case #3</STRONG></U>: We recently had a user that was potentially compromised, we forced them to reset their password but we want to ensure that they have completed this as directed.</P> <P>&nbsp;</P> <P>Filters Needed:</P> <UL> <LI>Activity Type equals “Force User to change password on next logon” and “Change password</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_4-1618494743082.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273057i7081A105E5665357/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_4-1618494743082.png" alt="Caroline_Lee_4-1618494743082.png" /></span></P> <P>&nbsp;</P> <P><U><STRONG>Use Case #4</STRONG></U>: All of our administrators are given Windows laptops, we would like to see if any administrative activities have been conducted using a Mac.</P> <P>&nbsp;</P> <P>Filters Needed:</P> <UL> <LI>User Agent String contains “MAC OS X”</LI> <LI>Administrative Activity is “True”</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_0-1618494860137.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273061i18C9FC27B2BCFAFD/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_0-1618494860137.png" alt="Caroline_Lee_0-1618494860137.png" /></span></P> <P>&nbsp;</P> <P><U><STRONG>Use Case #5</STRONG></U>: As an administrator, I want to see all file downloads that were not blocked via session controls from an unmanaged device.</P> <P>&nbsp;</P> <P>Filters Needed:</P> <UL> <LI>Activity type equals “Download File”</LI> <LI>Applied Action does not equal “Blocked”</LI> <LI>Source equals “Session Control”</LI> <LI>Device Tag does not equal “Hybrid Azure Ad joined, Intune Compliant”</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_1-1618494932341.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273062i59BCD1503AFC0DDD/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_1-1618494932341.png" alt="Caroline_Lee_1-1618494932341.png" /></span></P> <P>&nbsp;</P> <P>For ease of use, all queries can be saved and can be accessed later under “Saved queries,” this will reduce the time and resources needed to reproduce the filters.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_2-1618494949982.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273063i53F68D85A9A8CD00/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_2-1618494949982.png" alt="Caroline_Lee_2-1618494949982.png" /></span></P> <P>&nbsp;</P> <P>Lastly, we wanted to point out that each of these queries can be turned into a policy in just a few clicks. Once your conditions have been perfected and all appropriate environment tweaks are made, you can select “New Policy from search” that will redirect you to the policy page. All filters and conditions will be automatically listed and all you have left is some naming, alerting details and after actions to complete your policy.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Caroline_Lee_3-1618495035772.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273064i00C9354FF99C27F6/image-size/large?v=v2&amp;px=999" role="button" title="Caroline_Lee_3-1618495035772.png" alt="Caroline_Lee_3-1618495035772.png" /></span></P> <P>&nbsp;</P> <P>We hope you found this article helpful and ask that you drop us a comment and let us know what custom policies you are using today!</P> Tue, 11 May 2021 21:02:50 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/mcas-top-5-queries-you-need-to-save/ba-p/2274518 Caroline_Lee 2021-05-11T21:02:50Z Announcing redirect of compliance solutions from SCC to Microsoft 365 compliance center https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-redirect-of-compliance-solutions-from-scc-to/ba-p/2278138 <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">The&nbsp;</SPAN></SPAN><SPAN style="font-family: 'Segoe UI Semibold',sans-serif;"><A href="#" target="_blank" rel="noopener"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; color: #0563c1; text-decoration: none; text-underline: none;">Microsoft 365 compliance center</SPAN></SPAN></A></SPAN><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">&nbsp;provides easy access to&nbsp;solutions&nbsp;to manage your organization's compliance needs&nbsp;and delivers a modern user experience that conforms to the latest accessibility standards (WCAG 2.1).&nbsp;From the&nbsp;compliance&nbsp;center,&nbsp;you&nbsp;can access popular solutions such as&nbsp;Compliance Manager,&nbsp;Information Protection,&nbsp;Information Governance, Records Management,&nbsp;Insider Risk Management,&nbsp;Advanced&nbsp;eDiscovery,&nbsp;and Advanced Audit.</SPAN></SPAN><U></U></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="eop"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">&nbsp;</SPAN></SPAN></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">Over the coming months, we will&nbsp;begin&nbsp;automatically&nbsp;redirecting users from the </SPAN></SPAN><SPAN style="font-family: 'Segoe UI Semibold',sans-serif;"><A href="#" target="_blank" rel="noopener"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; color: #0563c1;">Office 365 Security &amp; Compliance Center</SPAN></SPAN></A></SPAN><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">&nbsp;(SCC)&nbsp;to the Microsoft 365 compliance center for the following solutions: Audit,&nbsp;Data&nbsp;Loss&nbsp;Prevention,&nbsp;Information&nbsp;Governance,&nbsp;Records&nbsp;Management, and&nbsp;Supervision&nbsp;(now Communication Compliance). This is a continuation of our migration to the Microsoft 365 compliance center, which&nbsp;began in September 2020 with the&nbsp;redirection of the&nbsp;Advanced eDiscovery&nbsp;solution.</SPAN></SPAN></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN style="font-size: 9.0pt; font-family: 'Segoe UI Semibold',sans-serif;">&nbsp;</SPAN></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">We&nbsp;are continuing&nbsp;to innovate and add value to solutions in the Microsoft 365 compliance center,&nbsp;with the goal of enabling users&nbsp;to&nbsp;view&nbsp;all compliance solutions&nbsp;within one portal.&nbsp;While redirection is enabled by default,&nbsp;should you need additional transition time,&nbsp;Global admins and Compliance admins can enable or disable redirection in the </SPAN></SPAN><SPAN style="font-family: 'Segoe UI Semibold',sans-serif;"><A href="#" target="_blank" rel="noopener"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; color: #0563c1;">Microsoft 365 compliance center</SPAN></SPAN></A></SPAN><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: #0078d4;">&nbsp;</SPAN></SPAN><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">by navigating to&nbsp;<I>Settings &gt; Compliance Center</I>&nbsp;and using the Automatic redirection toggle switch under Portal redirection.&nbsp;</SPAN></SPAN></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">&nbsp;</SPAN></SPAN></P> <P class="paragraph" style="margin: 0in; vertical-align: baseline;"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">We will eventually retire the&nbsp;Security &amp; Compliance Center experience, so&nbsp;we&nbsp;encourage you to&nbsp;explore and transition to the new&nbsp;Microsoft 365&nbsp;compliance center experience. </SPAN></SPAN><SPAN style="font-family: 'Segoe UI Semibold',sans-serif;"><A href="#" target="_blank" rel="noopener"><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; color: #0563c1;">Learn more about the Microsoft 365 compliance center</SPAN></SPAN></A></SPAN><SPAN class="normaltextrun"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: #0563c1;">.</SPAN></SPAN><SPAN class="eop"><SPAN style="font-size: 10.5pt; font-family: 'Segoe UI Semibold',sans-serif; color: black;">&nbsp;</SPAN></SPAN></P> Tue, 11 May 2021 21:01:28 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-redirect-of-compliance-solutions-from-scc-to/ba-p/2278138 Malli1580 2021-05-11T21:01:28Z De-risk your lateral movement paths with Microsoft Defender for Identity https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/de-risk-your-lateral-movement-paths-with-microsoft-defender-for/ba-p/2272503 <P>Microsoft Defender for Identity is focused on protecting on-premises identities and allowing security analysts to pinpoint vulnerabilities before an attack can occur. A key feature that allows analysts to achieve this is by viewing the evidence relates to <A href="#" target="_blank" rel="noopener">lateral movement paths in Defender for Identity.</A>&nbsp;This information is provided through a visual guide that break downs the possible ways an advisory can move throughout an organization by compromising credentials.</P> <P>&nbsp;</P> <P>A lateral movement occurs when an attacker begins to use non-sensitive accounts to gain access to sensitive entities - think a domain admin or a server containing sensitive information. If an attacker is successful in compromising sensitive entities, they can traverse the environment and eventually gain domain dominance.</P> <P>&nbsp;</P> <P>To learn more about the different techniques attackers use to move laterally and how you can <A href="#" target="_blank" rel="noopener">remediate these vulnerabilities</A><SPAN>,</SPAN> watch the video below.</P> <P>&nbsp;</P> <P><IFRAME src="https://www.microsoft.com/en-us/videoplayer/embed/RWAOfW" width="500" allowfullscreen="allowfullscreen" wmode="transparent"></IFRAME></P> <P>&nbsp;</P> <P>The lateral movement paths view can be found in each individual's user page, available in the Microsoft 365 security center. You can also query information relating to lateral movement paths using Microsoft 365 Defender's advanced hunting function. More information on advanced hunting can be found on <A href="#" target="_blank" rel="noopener">this docs page.</A></P> Tue, 11 May 2021 20:59:47 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/de-risk-your-lateral-movement-paths-with-microsoft-defender-for/ba-p/2272503 Banu Jafarli 2021-05-11T20:59:47Z Announcing GA of Microsoft Data Loss Prevention Alerts Dashboard https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-ga-of-microsoft-data-loss-prevention-alerts-dashboard/ba-p/2268194 <P>Customers rely on Microsoft Data Loss Prevention(DLP) to enforce policies that identify and prevent risky or inappropriate sharing, transfer or use of sensitive information across cloud, on-premise and endpoints. Alerts, which can be configured as a part of the DLP policy authoring experience are an effective tool for customers to get notified whenever a DLP policy is violated.</P> <P>&nbsp;</P> <P>Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across :</P> <UL> <LI>Exchange</LI> <LI>SharePoint Online</LI> <LI>OneDrive</LI> <LI>Teams</LI> <LI>Devices</LI> <LI>Cloud apps</LI> <LI>On-premises file shares</LI> </UL> <P><A href="#" target="_blank" rel="noopener">Advance alert configuration options</A> are available in the existing DLP policy configuration flow. These provide&nbsp;<A href="#" target="_blank" rel="noopener">eligible&nbsp;</A>DLP customers with the ability to tailor how they organize DLP policy alerts along with exhaustive information that they need to investigate and address DLP policy violations quickly. Historical workflow information for alerts is available in the Management log.</P> <P>&nbsp;</P> <P>The alerts dashboard provides a list view of all DLP alerts and clicking on an alert will display the relevant details.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shekhar_Palta_0-1618244840706.png" style="width: 782px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272012iD89EA3600C671EF6/image-dimensions/782x440?v=v2" width="782" height="440" role="button" title="Shekhar_Palta_0-1618244840706.png" alt="Shekhar_Palta_0-1618244840706.png" /></span></P> <P><EM>Figure 1 : Data Loss Prevention Alerts Dashboard</EM></P> <P>&nbsp;</P> <P>Clicking on ‘View Details’ will display the alert page with exhaustive information associated with the DLP policy violation, ability to change alert status (Active, Investigating, Dismissed or Resolved), include additional comments and define workflow actions such as assigning alerts to individuals for follow up.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shekhar_Palta_1-1618244840724.png" style="width: 785px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272014i4199CAA7CF7F4ADF/image-dimensions/785x441?v=v2" width="785" height="441" role="button" title="Shekhar_Palta_1-1618244840724.png" alt="Shekhar_Palta_1-1618244840724.png" /></span></P> <P><EM>Figure 2 : Alert details with manage alert options</EM></P> <P>&nbsp;</P> <P>Clicking on the ‘Events’ tab will display the actual user activity along with details including :</P> <UL> <LI><STRONG>Source view (requires E5 or related subscriptions)</STRONG> : This will allow customers to view the email or the file involved in the DLP policy alert. Source view in the DLP Alerts Dashboard will be available for content(email/files) belonging to the following workloads : <UL> <LI>Exchange (Email body only)</LI> <LI>SharePoint Online</LI> <LI>One Drive</LI> </UL> </LI> </UL> <P class="lia-indent-padding-left-30px">This feature is available only for licenses in the following subscriptions :</P> <P class="lia-indent-padding-left-60px">- Microsoft 365 (E5)</P> <P class="lia-indent-padding-left-60px">- Office 365 (E5)</P> <P class="lia-indent-padding-left-60px">- Advanced Compliance (E5) add-on</P> <P class="lia-indent-padding-left-60px">- Microsoft 365 E5/A5 Info Protection &amp; Governance</P> <P class="lia-indent-padding-left-60px">- Microsoft 365 E5/A5 Compliance</P> <P>&nbsp;</P> <UL> <LI><STRONG>Matched sensitive terms and context</STRONG> : This will allow customers to view the sensitive terms in the content due to which the DLP policy was violated. You will also be able to view up to 300 characters surrounding the detected sensitive term. This information will be available for detections for the following workloads : <OL> <LI>Exchange (both email body and attachments)</LI> <LI>SharePoint Online</LI> <LI>OneDrive</LI> <LI>Teams</LI> </OL> </LI> </UL> <P class="lia-indent-padding-left-30px">For both features : Source View and Matched sensitive terms and context, the role group “Content Explorer Content Viewer” should be assigned. This role group has the role “data classification content viewer” pre-assigned.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shekhar_Palta_2-1618244840738.png" style="width: 790px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272013i0CC386959F8CFB05/image-dimensions/790x444?v=v2" width="790" height="444" role="button" title="Shekhar_Palta_2-1618244840738.png" alt="Shekhar_Palta_2-1618244840738.png" /></span></P> <P><EM>Figure 3 : Exhaustive metadata for each user event</EM></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shekhar_Palta_3-1618244840748.png" style="width: 802px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272015i9D6E967DA5E03C45/image-dimensions/802x451?v=v2" width="802" height="451" role="button" title="Shekhar_Palta_3-1618244840748.png" alt="Shekhar_Palta_3-1618244840748.png" /></span></P> <P><EM>Figure 4 : View the content of the email(body) or file</EM></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Shekhar_Palta_4-1618244840792.png" style="width: 800px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/272016iEF9BAD9EA7CF1D15/image-dimensions/800x430?v=v2" width="800" height="430" role="button" title="Shekhar_Palta_4-1618244840792.png" alt="Shekhar_Palta_4-1618244840792.png" /></span></P> <P><EM>Figure 5 : View matched sensitive terms and surrounding characters</EM></P> <H1>Get Started</H1> <P>Microsoft’s DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite. You can sign up for a&nbsp;<A href="#" target="_blank" rel="noopener">trial</A>&nbsp;of Microsoft 365 E5 or navigate to the&nbsp;<A href="#" target="_blank" rel="noopener">Microsoft 365 compliance center</A>&nbsp;to get started today.</P> <P>Additional resources:</P> <UL> <LI>For more information on DLP Alerts Management, please <A href="#" target="_self">this</A> and <A href="#" target="_self">this</A></LI> <LI>For more information on Data Loss Prevention, please see&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/a-unified-approach-to-data-loss-prevention-from-microsoft/ba-p/1694492" target="_blank" rel="noopener">this</A></LI> </UL> <P>Thank you,</P> <P>The Microsoft Information Protection Team</P> Tue, 11 May 2021 20:58:28 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/announcing-ga-of-microsoft-data-loss-prevention-alerts-dashboard/ba-p/2268194 Shekhar_Palta 2021-05-11T20:58:28Z New Video blog - Apply DLP policies to Non Microsoft Cloud Applications! https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-video-blog-apply-dlp-policies-to-non-microsoft-cloud/ba-p/2262054 <P><SPAN>We recently announced the addition of integration of unified data loss prevention with <STRONG>Microsoft Cloud App Security</STRONG> (MCAS), allowing you to extend data protection to non-Microsoft cloud apps. For example, say a user is trying to share a document in a third-party app on his or her mobile device. Because Microsoft Cloud App Security helps protect cloud apps, the same DLP policy will be triggered, both the end-user and the admin will receive a notification, and in this case, the link will be automatically disabled.</SPAN></P> <P><SPAN>Watch our short video to understand how this works and don't forget to vote for more videos!</SPAN></P> <P>&nbsp;</P> <P><IFRAME src="https://8gportalvhdsf9v440s15hrt.blob.core.windows.net/videos/Security Privacy Compliance/EndpointDLPUsecasesUnallowedApps.mp4" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"></IFRAME></P> <P><A href="#" target="_self"><SPAN>aka.ms/mipc/vblogsvote</SPAN></A></P> <P>&nbsp;</P> <P><SPAN>Thank you!</SPAN></P> Tue, 11 May 2021 20:57:17 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/new-video-blog-apply-dlp-policies-to-non-microsoft-cloud/ba-p/2262054 Mavi Etzyon-Grizer 2021-05-11T20:57:17Z Help shape the Microsoft 365 Compliance Product Suite - The full survey list https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-shape-the-microsoft-365-compliance-product-suite-the-full/ba-p/2259969 <P>&nbsp;</P> <P><SPAN>Would you like to help influence the direction of our Microsoft 365 Compliance products? We need your input!</SPAN></P> <P>&nbsp;</P> <P><SPAN>The Microsoft Compliance Product Groups are currently running several surveys that will help prioritize the top asks that&nbsp;</SPAN><SPAN>we've</SPAN><SPAN>&nbsp;captured from our customers.&nbsp; &nbsp;Filling out these surveys will allow us to understand what features customers want and need, and in what priority they prefer.</SPAN></P> <P>&nbsp;</P> <P><SPAN>The surveys are active until April 21, 2021 and are available at the following links:</SPAN></P> <P>&nbsp;</P> <UL> <LI><SPAN><STRONG>Microsoft Information Protection:</STRONG>&nbsp;<A title="https://aka.ms/mipc/mip21h2-featuresurvey" href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/MIPC/MIP21H2-FeatureSurvey</A></SPAN></LI> <LI><SPAN><STRONG>Data Loss Prevention:</STRONG>&nbsp;<A title="https://aka.ms/mipc/dlp21h2-featuresurvey" href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/MIPC/DLP21H2-FeatureSurvey</A></SPAN></LI> <LI><SPAN><STRONG>Microsoft Information Governance and Records Management:&nbsp;</STRONG><A title="https://aka.ms/mipc/mig21h2-featuresurvey" href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/MIPC/MIG21H2-FeatureSurvey</A></SPAN></LI> <LI><SPAN><STRONG>Advanced eDiscovery:</STRONG>&nbsp;<A title="https://aka.ms/mipc/aed21h2-featuresurvey" href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/MIPC/AED21H2-FeatureSurvey</A></SPAN></LI> <LI><SPAN><STRONG>Insider Risk Management and Communication Compliance:</STRONG>&nbsp;<A title="https://aka.ms/mipc/ircc21h2-featuresurvey" href="#" target="_blank" rel="noopener noreferrer">https://aka.ms/MIPC/IRCC21H2-FeatureSurvey</A></SPAN></LI> </UL> Tue, 11 May 2021 21:08:39 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-shape-the-microsoft-365-compliance-product-suite-the-full/ba-p/2259969 Mavi Etzyon-Grizer 2021-05-11T21:08:39Z What's New from Ignite regarding Insider Risk Management https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-insider-risk-management/ba-p/2259992 <P>This webinar covers new announcements and recent updates in our risk management products - Insider Risk Management.</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 10.0pt;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IR teaser.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/270889iD4FD304472AC020F/image-size/large?v=v2&amp;px=999" role="button" title="IR teaser.PNG" alt="IR teaser.PNG" /></span></P> <P><FONT size="3"><A href="#" target="_blank" rel="noopener">Watch on-demand</A></FONT></P> <P>&nbsp;</P> <P><FONT size="3">Resources:</FONT></P> <P><FONT size="3"><A href="#" target="_blank" rel="noopener">Insider risk management in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs</A></FONT></P> <P><FONT size="3"><A href="#" target="_blank" rel="noopener">Get started with Insider Risk Management</A></FONT></P> <P>&nbsp;</P> <P><FONT size="3">This webinar was presented on March 24, 2021, and the recording can be found&nbsp;<A href="#" target="_blank" rel="noopener">here</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Attached to this post are:</FONT></P> <OL type="1"> <LI value="1"><FONT size="3">The FAQ document that summarizes the questions and answers that came up over the course of both webinars.</FONT></LI> <LI><FONT size="3">A PDF copy of the presentation.</FONT></LI> </OL> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;<A href="#" target="_blank" rel="noopener">Tech Community</A>.</FONT></P> <P><FONT size="3">&nbsp;</FONT></P> <P><FONT size="3">Thanks!</FONT></P> <P><FONT size="3"><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin&nbsp;</A>on behalf of the MIP and Compliance CXE team</FONT></P> Tue, 11 May 2021 20:59:54 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/what-s-new-from-ignite-regarding-insider-risk-management/ba-p/2259992 Robin_Baldwin 2021-05-11T20:59:54Z General availability and public preview of Microsoft unified DLP key features April 2021 update https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/general-availability-and-public-preview-of-microsoft-unified-dlp/ba-p/2250070 <P>&nbsp;</P> <P>Microsoft’s unified Data Loss Prevention solution provides an ever-expanding set of capabilities to address the needs of organizations to protect sensitive information from risky or inappropriate sharing, transfer<SPAN>,</SPAN> or use in the modern workplace.</P> <P>&nbsp;</P> <P>Since our last announcements at spring <SPAN>I</SPAN>gnite a few weeks ago (see blog <A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/microsoft-further-extends-unified-data-loss-prevention/ba-p/2166321" target="_blank" rel="noopener">here</A>), we are proud to introduce two new capabilities in general availability<SPAN> and</SPAN> also offer an exciting new public preview.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Advanced Controls in DLP for Email Protection – General Availability</STRONG></P> <P>Today we are excited to announce the general availability of 27 new controls (conditions and actions) for DLP policies in Microsoft Exchange.</P> <P>&nbsp;</P> <P>Some customers have previously used Exchange Transfer Rules (ETR) to define special handing actions for email messages that met specific criteria. While this approach provided them with the ability to enforce messaging policies, many deployments required a broader and more streamlined approach that leveraged integration with DLP to simplify policy creation, policy monitoring, and event remediation.</P> <P>&nbsp;</P> <P>These new DLP conditions and exceptions announced in general availability for Exchange enhance the already existing capabilities in DLP (See highlighted in Figure 1: New DLP Conditions for Exchange and Figure 2: New DLP Actions and Sensitivity Labels) to offer customers the ability to configure the same conditions, exceptions, and actions they previously used in ETR, within DLP, to offer additional granular control over the scoping and application of a DLP policy, and ensure policies are applied as intended in Exchange.</P> <P>&nbsp;</P> <P>This new approach provides customers with a fully consolidated view of all DLP policies, alerts, and alert management across Microsoft’s unified DLP offerings that operations teams will find valuable in their day-to-day tasks.</P> <P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 1.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268974iBACC38297710056C/image-size/large?v=v2&amp;px=999" role="button" title="Figure 1.png" alt="Figure 1.png" /></span></P> <P><STRONG><EM>Figure 1: New DLP Conditions for Exchange</EM></STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_2.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268975iAE80C0D4111E93BC/image-size/large?v=v2&amp;px=999" role="button" title="Figure_2.png" alt="Figure_2.png" /></span></P> <P>&nbsp;</P> <P><STRONG><EM>Figure 2. New DLP Actions for</EM></STRONG><STRONG><EM> Exchange</EM></STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Sensitivity label-aware DLP policies – General Availability</STRONG></P> <P>We continue to invest in developing cutting-edge information protection solutions for our customers. Microsoft Information Protection (MIP) is an intelligent, unified, and extensible solution to know your data, protect your data, and prevent data loss across an enterprise – in Microsoft 365 Apps, services, on-premises, devices, and third-party SaaS applications and services. </P> <P>&nbsp;</P> <P>Sensitivity labels are a core capability of MIP. They allows customers to classify data according to sensitivity such as Public, General, Confidential, Highly Confidential or any other sensitivity label created by the organization to meet its needs. </P> <P>This sensitivity information is added to the file information and is used to guide users, applications, and services in the proper handling and use of sensitive data such as:</P> <UL> <LI>Protect content in Microsoft 365 Apps across different platforms and devices</LI> <LI>Enforce protection settings such as encryption or watermarks on labeled content</LI> <LI>Protect content in third-party apps and services</LI> <LI>Extend sensitivity labels to third-party apps and services</LI> <LI>Classify content without using any protection settings</LI> <LI>Expand the quality of insights to intelligently flag potential insider risks</LI> </UL> <P>With the general availability of sensitivity label-aware DLP policies, organizations can apply a MIP sensitivity label as a foundational component for a DLP policy, thereby streamlining the process to help ensure sensitive information is protected with DLP from risky or inappropriate sharing, transfer or use.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_3.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268979i4EF772E62DE2094A/image-size/large?v=v2&amp;px=999" role="button" title="Figure_3.jpg" alt="Figure_3.jpg" /></span></P> <P><STRONG><EM>Figure 3. Sensitivity Label-aware DLP policies</EM></STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_4 Supported services, items, policy tips and enforceability.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268980iC4D5F10CBCFC96F0/image-size/large?v=v2&amp;px=999" role="button" title="Figure_4 Supported services, items, policy tips and enforceability.png" alt="Figure_4 Supported services, items, policy tips and enforceability.png" /></span></P> <P><STRONG><EM>Figure 4. Supported services, items, policy tips and enforceability</EM></STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Dynamic Policy Scoping by User in OneDrive for Business (Security Groups and Distribution List support) – Public Preview</STRONG></P> <P>Organizations often have a need to scope DLP policies in Microsoft OneDrive for Business (ODB) to specific groups of users to address the unique use cases that are applicable only to some user communities and not others.</P> <P>&nbsp;</P> <P>With the public preview of security groups and distribution lists for ODB, its now easier than ever for organizations to leverage their existing security groups and distribution lists as the applicable context in an ODB DLP policy.</P> <P>&nbsp;</P> <P>This means that as users are added or removed from a security group or distribution list, they are automatically added or removed from the associated ODB DLP policies without any additional configuration in the DLP policy definition itself. This approach offers significant benefits for organizations who have very large or dynamic user populations such as groups with high turnovers, or changes in business function.</P> <P>&nbsp;</P> <P>Using security groups and distribution lists as the applicable context in ODB DLP policies also provides a simplified means for bulk inclusion and exclusion of user communities. This is particularly beneficial for example when a ODB DLP policy is only intended to apply to a group of users located in a specific geography, business unit, or role.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_5-SG DL odb.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268981i6DAB4EF06B7B9D5B/image-size/large?v=v2&amp;px=999" role="button" title="Figure_5-SG DL odb.png" alt="Figure_5-SG DL odb.png" /></span></P> <P><STRONG><EM>Figure 5. Security Groups and Distribution Lists for OneDrive for business</EM></STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_6 Groups_DL exclusion.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268982i8B6AB9E33B719BA6/image-size/large?v=v2&amp;px=999" role="button" title="Figure_6 Groups_DL exclusion.png" alt="Figure_6 Groups_DL exclusion.png" /></span></P> <P><STRONG><EM>Figure 6. Security Groups and Distribution Lists – Inclusion</EM></STRONG></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure_7 Groups_DL Inclusion.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268983i52E6DA768DD5D726/image-size/large?v=v2&amp;px=999" role="button" title="Figure_7 Groups_DL Inclusion.png" alt="Figure_7 Groups_DL Inclusion.png" /></span></P> <P><STRONG><EM>Figure 7. Security Groups and Distribution Lists - exclusion</EM></STRONG></P> <P>&nbsp;</P> <P><STRONG>Quick Path to Value</STRONG></P> <P>To help customers accelerate their deployment of a comprehensive information protection and data loss prevention strategy across all their environments containing sensitive data and help ensure immediate value, Microsoft provides a one-stop approach to data protection and DLP policy deployment within the Microsoft 365 Compliance Center.</P> <P><BR />Microsoft Information Protection (MIP) provides a common set of classification and data labeling tools that leverage AI and machine learning to support even the most complex of regulatory or internal sensitive information compliance mandates. The more than 150 sensitive information types and over 40 built-in policy templates for common industry regulations and compliance in MIP offer a quick path to value.</P> <P>&nbsp;</P> <P><STRONG>Consistent User Experience</STRONG></P> <P>No matter where DLP is applied, users have a consistent and familiar experience when notified of an activity that is in violation with a defined policy. Policy Tips and guidance are provided using a familiar look and feel users are already accustomed to from applications and services they use every day. This approach can reduce end-user training time, eliminates alert confusion, increases user confidence in prescribed guidance and remediations, and improves overall compliance with policies – without impacting productivity.</P> <P>&nbsp;</P> <P><STRONG>Integrated Insights</STRONG></P> <P>Microsoft DLP interoperates with other Security and Compliance solutions such as MIP, Microsoft Defender, and Insider Risk Management to provide broad and comprehensive coverage and visibility required by organizations to meet their regulatory and policy compliance obligations.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Figure 8 Integrated Insights.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268984iFBDB17A193D8BCBD/image-size/large?v=v2&amp;px=999" role="button" title="Figure 8 Integrated Insights.png" alt="Figure 8 Integrated Insights.png" /></span></P> <P><STRONG><EM>Figure 8: Integrated Insights</EM></STRONG></P> <P>&nbsp;</P> <P><BR />This approach reduces the dependence on individual and uncoordinated solutions from disparate providers to monitor user actions, remediate policy violations, and educate users on the correct handling of sensitive data at the endpoint, on-premises, and in the cloud.</P> <P>&nbsp;</P> <H2><SPAN>Get Started</SPAN></H2> <P>Microsoft unified DLP solution is part of a broader set of Information Protection and Governance solutions within the Microsoft 365 Compliance Suite. You can sign up for a <A href="#" target="_blank">trial</A> of Microsoft 365 E5 or navigate to the <A href="#" target="_blank">Microsoft 365 Compliance Center</A> to get started today.</P> <P>&nbsp;</P> <H5><STRONG>Additional resources:</STRONG></H5> <UL> <LI>For more information on Data Loss Prevention, please see&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/a-unified-approach-to-data-loss-prevention-from-microsoft/ba-p/1694492" target="_blank">this</A>&nbsp;and&nbsp;<A href="#" target="_blank">this</A></LI> <LI>For videos on Microsoft Unified DLP approach and Endpoint DLP see&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/understanding-and-maximizing-the-value-of-microsoft-s-dlp/m-p/1688051" target="_blank">this</A> and&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/video-hub/extending-microsoft-dlp-deployment-to-endpoints/m-p/1688046" target="_blank">this</A>&nbsp;</LI> <LI>For more information on Advanced Controls in DLP for Email protection see <A href="#" target="_blank">this</A></LI> <LI>For more information on Sensitivity Labels as a condition for DLP policies, see <A href="#" target="_blank">this</A> &nbsp;</LI> <LI>For a Microsoft Mechanics video on Endpoint DLP see&nbsp;<A href="#" target="_blank">this</A>&nbsp;</LI> <LI>For more information on the Microsoft Compliance Extension for Chrome see and <A href="#" target="_blank">this</A></LI> <LI>For more information on DLP Alerts and Event Management, see&nbsp;<A href="#" target="_blank">this</A>&nbsp;</LI> <LI>For more information on Sensitivity Labels, please see <A href="#" target="_blank">this</A> &nbsp;</LI> <LI>For more information on conditions and actions for Unified DLP, please see&nbsp;<A href="#" target="_blank">this</A></LI> <LI>For the latest on Microsoft Information Protection, see <A href="#" target="_blank">this</A>&nbsp;and&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/what-s-new-and-what-s-coming-in-information-protection/ba-p/1797438" target="_blank">this</A></LI> </UL> <P>Thank you,</P> <P>The Microsoft Information Protection team</P> <P>&nbsp;</P> Tue, 11 May 2021 20:58:48 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/general-availability-and-public-preview-of-microsoft-unified-dlp/ba-p/2250070 EricEOuellet 2021-05-11T20:58:48Z Unified DLP Webinar https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/unified-dlp-webinar/ba-p/2247308 <P>This webinar provides an overview of Microsoft's unified DLP solution and covers the new features that have been released to help better protect your data.</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><A href="#" target="_blank" rel="noopener"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="unified dlp teaser.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268663i99E0971569FC042B/image-size/large?v=v2&amp;px=999" role="button" title="unified dlp teaser.PNG" alt="unified dlp teaser.PNG" /></span></A></P> <P><SPAN>Resources:</SPAN></P> <P><A href="#" target="_self">WATCH the on-demand webinar</A></P> <P><A href="#" target="_blank" rel="noopener">Overview of data loss prevention - Microsoft 365 Compliance | Microsoft Docs</A></P> <P><A href="#" target="_blank" rel="noopener">Microsoft Information Protection SDK documentation | Microsoft Docs</A></P> <P>&nbsp;</P> <P><SPAN>This webinar was presented on March 17, 2021, and the recording can be found <A href="#" target="_blank" rel="noopener">here</A>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Attached to this post are:</SPAN></P> <OL type="1"> <LI value="1">The FAQ document that summarizes the questions and answers that came up over the course of both Webinars.</LI> <LI>A PDF copy of the presentation.</LI> </OL> <P><SPAN>Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer"><SPAN>Tech Community</SPAN></A><SPAN>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Thanks!</SPAN></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin<SPAN>&nbsp;</SPAN></A><SPAN>on behalf of the MIP and Compliance CXE team</SPAN></P> Tue, 11 May 2021 21:05:50 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/unified-dlp-webinar/ba-p/2247308 Robin_Baldwin 2021-05-11T21:05:50Z Help shape information governance and records management https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-shape-information-governance-and-records-management/ba-p/2249577 <P>This survey captures the top asks we captured from our customers via the various engagements, discussions, and feedback channels.</P> <P>&nbsp;</P> <P>Hello, Microsoft Information governance community,</P> <P><STRONG style="font-style: inherit;">The survey is available&nbsp;</STRONG><STRONG><A href="#" target="_blank" rel="noopener">here!</A></STRONG><STRONG>&nbsp;And it will be open for the next 3 weeks until April 21, 2021.</STRONG></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>If you want to influence the platform with features and capabilities that you want, need, and like, this is the time to make it happen and share <STRONG>your</STRONG> feedback.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Randall Galloway on behalf of the MIG product group</P> Tue, 11 May 2021 21:04:14 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/help-shape-information-governance-and-records-management/ba-p/2249577 Randall_Galloway 2021-05-11T21:04:14Z Helping protect against AS-REP Roasting with Microsoft Defender for Identity https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/helping-protect-against-as-rep-roasting-with-microsoft-defender/ba-p/2244089 <P>One of the huge advantages of using Microsoft Defender for Identity to help protect your on-premises identities from advanced attacks, is that new detections, features and improvements are being added all the time. After some recent updates, we thought that we’d take some time to properly introduce one of these new detections and give it the attention it deserves!</P> <P>&nbsp;</P> <P>The alert in today’s update covers a notorious attack method that was requested by many of our customers and security partners. &nbsp;It addresses an attack technique that we’ve seen become more and more popular – AS-REP Roasting.</P> <P>&nbsp;</P> <P><U>What is AS-REP Roasting?</U></P> <P>In short, AS-REP Roasting is an attack against Kerberos that targets users that do not require Kerberos pre-authentication.</P> <P>To understand what AS-REP Roasting is, we need to start with simple explanation about what Kerberos is and how it works.</P> <P>Kerberos is authentication protocol that works based on tickets and this is its basic flow:</P> <DIV id="tinyMceEditorDaniel Naim_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1-authen.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268188i463AE91E41489759/image-size/large?v=v2&amp;px=999" role="button" title="1-authen.png" alt="1-authen.png" /></span></P> <P>&nbsp;</P> <P>As part of the authentication request sent (AS-REQ), the user will provide their password that encrypts the timestamp. The domain controller will attempt to decrypt it and validate that the right password was used. If the request is granted, the user will be issued with a ticket-granting ticket (TGT) that will be used for future authentication. However, there is an attribute in Active Directory that facilitates disabling pre-authentication for users in the organization. Although this attribute is required by default in Active directory, this can be changed freely.</P> <P>&nbsp;</P> <P>The typical attack vector in this scenario is to enumerate users that have the attribute turned off and then ask for TGT for these users. The TGT allows a potential attack to crack the password offline.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="2-attribute.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268191iAA5FAEB39AE07ED4/image-size/medium?v=v2&amp;px=400" role="button" title="2-attribute.png" alt="2-attribute.png" /></span></P> <P>&nbsp;</P> <P><STRONG>Covering all of the bases…</STRONG></P> <P>Microsoft Defender for Identity can help protect against these kinds of threats in different ways. Let’s dive in to each of these approaches:</P> <P>&nbsp;</P> <P><U>Prevention</U></P> <P>Defender for Identity allows you to pre-emptively protect against this kind of method using our Security Assessments. If you are not familiar with our security assessments, check out our <A href="#" target="_blank" rel="noopener">docs pages</A> for a summary of how you can help prevent threats before they happen.</P> <P>&nbsp;</P> <P>In short, Defender for Identity offers proactive identity security posture assessments to detect misconfigurations or legacy settings that may not have been reviewed in a long time. Suggested improvement actions are then given to bolster your identity posture across your on-premises Active Directory. One of these assessments is <EM>“Unsecure account attributes”. </EM>This assessment continuously monitors your environment to identify accounts with attribute values that expose a security risk – including Kerberos pre-authentication. <A href="#" target="_blank" rel="noopener">Click here to learn more about this assessment</A></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="3 - ispm.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268192iECB9FAB4164A7BB6/image-size/large?v=v2&amp;px=999" role="button" title="3 - ispm.png" alt="3 - ispm.png" /></span></P> <P>&nbsp;</P> <P><U>Detections</U></P> <P>Aside from the preventative nature of the assessments that have been covered above, we offer two detections to help identify this type of attack – 1) the reconnaissance phase and 2) the actual ticket granting ask for future brute force usage.</P> <P>&nbsp;</P> <P>The reconnaissance portion often involves the attacker preforming enumeration techniques to find users that have the pre-authentication attribute turned off. If the reconnaissance was performed with LDAP it will result in triggering <EM>Active Directory attributes reconnaissance (LDAP) </EM>alert. This alert triggers when certain attributes are enumerated.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="4 sensitive.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268195i502CF6D360FED94E/image-size/large?v=v2&amp;px=999" role="button" title="4 sensitive.png" alt="4 sensitive.png" /></span></P> <P>&nbsp;</P> <P>The new detection we are announcing today, <EM>Suspected AS-REP Roasting attack</EM> helps identify AS-REQ messages without encrypted timestamps and AS-REP messages with TGT data.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="5 as rep.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268196iE19052A408AADD3D/image-size/large?v=v2&amp;px=999" role="button" title="5 as rep.png" alt="5 as rep.png" /></span></P> <P>&nbsp;</P> <P>This comprehensive protection against AS-REP roasting style attacks will be available in Defender for Identity starting from <A href="#" target="_blank" rel="noopener">version 2.141</A>. Try it out for yourselves, and as always, we’d love to hear your feedback on this new feature.</P> Tue, 11 May 2021 21:02:48 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/helping-protect-against-as-rep-roasting-with-microsoft-defender/ba-p/2244089 Daniel Naim 2021-05-11T21:02:48Z DKE Troubleshooting https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/dke-troubleshooting/ba-p/2234252 <P data-unlink="true">The following blog post helps you troubleshoot the reference implementation for DKE.&nbsp;Some of this information may apply to DKE partner implementations as well, but it covers primarily the reference implementation hosted in Azure or on IIS. At any rate, this guide does not replace the <A href="#" target="_self">official documentation</A>.&nbsp;</P> <P>This blog post consists of three parts:</P> <UL> <LI>Part A: Checklist</LI> <LI>Part B: Useful tools for troubleshooting DKE</LI> <LI>Part C: Step by step troubleshooting guide</LI> </UL> <P>&nbsp;</P> <H2>Part A: Checklist</H2> <P>After installing / configuring DKE using the official documentation, going through this checklist will help you in identifying and correcting errors in your setup.</P> <P>The troubleshooting guide below refers to some of the steps in this checklist, using the codes prepended to the titles of the sections (e.g. «CL1»).</P> <P>&nbsp;</P> <H3>CL1: Office version</H3> <P>DKE is supported on Microsoft 365 Apps for enterprise version 2009 or later. Here’s how you check the version:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-1.jpg" style="width: 977px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268327i81325C2D392555EE/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-1.jpg" alt="Pic1-1.jpg" /></span></P> <P>&nbsp;</P> <H3>CL2: DKE URL in root</H3> <P>The DKE service URL needs to be based on the root level, i.e. <STRONG>not</STRONG> a sub directory:</P> <UL> <LI>Working example: <A href="#" target="_blank" rel="noopener">https://dkeservice.contoso.com/samplekey1</A> &nbsp;</LI> <LI>This example does <STRONG>not</STRONG> work: <A href="#" target="_blank" rel="noopener">https://webserver.contoso.com/<STRONG>dkeservice</STRONG></A><SPAN>/samplekey1</SPAN></LI> </UL> <P>&nbsp;</P> <H3><SPAN>CL3: No trailing slash in DKE URL</SPAN></H3> <P>The DKE URL must not contain a trailing slash:</P> <UL> <LI>Working example: <A href="#" target="_blank" rel="noopener">https://dkeservice.contoso.com/samplekey1</A>&nbsp;</LI> <LI>This example does <STRONG>not</STRONG> work: <A style="background-color: #ffffff;" href="#" target="_blank" rel="noopener">https://dkeservice.contoso.com/samplekey1</A><STRONG>/</STRONG></LI> </UL> <P>&nbsp;</P> <H3>CL4: Outbound connectivity to Azure AD</H3> <P>In order to perform Azure AD authentication, the DKE service needs to have transparent outbound connectivity as described in box 56 of our <A href="#" target="_self">documentation</A>:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-1a.jpg" style="width: 934px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268329i6B2EAD56BAF820EA/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-1a.jpg" alt="Pic1-1a.jpg" /></span></P> <P>By adapting the source code of the DKE reference implementation, you may also use a forward proxy. The necessary changes have been implemented in an <A href="#" target="_self">open pull request</A>.&nbsp;Please observe that an anonymous proxy is required for this, i.e. a proxy that allows access to the necessary URLs without authentication.</P> <P>&nbsp;</P> <H3>CL5: Permissions in the sensitivity label used for DKE</H3> <P>The sensitivity label used for DKE protection needs to provide sufficient permissions for all intended recipients of the documents. During the test phase, it’s suggested to grant permission to the whole tenant:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-2.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268331i3511EBF51C6E7CC5/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-2.jpg" alt="Pic1-2.jpg" /></span></P> <P>&nbsp;</P> <P>After DKE has been tested successfully, it’s good practice to remove permissions on the sensitivity label for users and groups that are not allowed to access the DKE service.</P> <P>&nbsp;</P> <H3>CL6: Web application configuration</H3> <P>In the «Authentication» section of the DKE web application registration, verify that the redirect URI does not contain a trailing slash (see also CL3):</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-2a.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268333i3DE0DB9C94D0EC3E/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-2a.jpg" alt="Pic1-2a.jpg" /></span></P> <P>&nbsp;</P> <P>In the section “API permissions”, make sure the whole tenant has been granted consent to “User.Read”:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-2b.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268334iF5182AA7D3126042/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-2b.jpg" alt="Pic1-2b.jpg" /></span></P> <P>&nbsp;</P> <P>Check that these points have been addressed in the section “Expose an API”:</P> <UL> <LI>The “Application ID URI” is configured as the DKE URL.</LI> <LI>Client Ids are registered both for Office (d3590ed6-52b3-4102-aeff-aad2292ab01c) and the AIP (Azure Information Protection) client (c00e9d32-3c8d-4a7d-832b-029040e7db99).</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic1-4.jpg" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268338i97FC9A87C6294581/image-size/large?v=v2&amp;px=999" role="button" title="Pic1-4.jpg" alt="Pic1-4.jpg" /></span></P> <P>&nbsp;</P> <H3>CL7: Recipients are allowed to use the DKE service</H3> <P>The DKE service authorizes users either via a list of email addresses or via membership in a local AD group. Either way, you have to ensure all test users are allowed to access the DKE service.<BR />If you use email-based authorization, make sure email addresses of all users are included in the list of email addresses in the configuration file. Please observe that each individual user email address needs to be in quotes, e.g. ["jane.doe@contoso.com","albert.smith@contoso.com"].</P> <P>&nbsp;</P> <H3>CL8: Client connectivity to DKE and Azure AD</H3> <P>For acquiring the public key and for decrypting existing keys, clients needs to be able to reach the DKE service. To allow authentication, clients also require access to Azure AD. <BR />Both transparent connectivity and forward proxies (with or without authentication) are supported.</P> <P>&nbsp;</P> <H3>CL9: DKE-related registry values are set on each client</H3> <P>Ensure the following registry values are defined on each client, please observe that some of the registry keys may also need to be created:</P> <PRE>[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIPC\flighting]<BR />"DoubleKeyProtection"=dword:00000001<BR />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\flighting]<BR />"DoubleKeyProtection"=dword:00000001</PRE> <H3>&nbsp;</H3> <H3>CL10: Tenant is listed in the TrustedIssuers value</H3> <P>Check the following setting in the ‘TokenValidationParameters’ section of the DKE configuration file:<BR />In ‘ValidIssuers’, your Azure AD tenant needs to be listed (e.g. «<A href="#" target="_blank" rel="noopener">https://sts.windows.net/</A> 7d024093-e9a7-47e4-a205-bbbd4eed8e3a/»).</P> <P>&nbsp;</P> <H3>CL11: The host name in the "JwtAudience" is correct (case sensitive)</H3> <P>Ensure the host name contained in the "JwtAudience" value of the DKE configuration is identical to the host name in the DKE URL (including case).</P> <P>&nbsp;</P> <H2>Part B: Useful tools for troubleshooting DKE</H2> <P>The following tools have proven to be useful in debugging DKE installations. <BR />Codes prepended to the titles of the sections (e.g. «T4») are again referenced in the step by step troubleshooting guide.</P> <P>&nbsp;</P> <H3>T1: Fiddler trace</H3> <P>Fiddler allows you to see the communication between the client and the DKE service in detail. To get a trace, consider performing the following steps:</P> <OL> <LI>Install and launch Fiddler, available on <A href="#" target="_blank" rel="noopener">https://www.telerik.com/fiddler</A>.</LI> <LI>Select «Tools\Options», switch to tab «HTTPS», check option «Decrypt HTTPS» traffic, click OK and acknowledge prompts for installing a root certificate.</LI> <LI>Try to reproduce the issue you want to debug.</LI> </OL> <P>In a Fiddler trace, you may check the communication with the DKE service.</P> <P>&nbsp;</P> <H3>T2: Export AIP Logs</H3> <P>In the Word toolbar, select «Sensitivity». Choose option «Help and Feedback» and click on «Export Logs»:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic2-1.jpg" style="width: 349px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/268343iECF2CF6F86A8BD94/image-size/large?v=v2&amp;px=999" role="button" title="Pic2-1.jpg" alt="Pic2-1.jpg" /></span></P> <P>The ZIP file contains the relevant logs, for instance the MSIPC logs which cover DKE activity of the client.</P> <P>&nbsp;</P> <H3>T3: Web Server Logs</H3> <P>The web server logs show two kinds of activities:</P> <OL> <LI>Clients downloading the public key (when protecting content with DKE)</LI> <LI>DKE clients attempting to run decrypt operations (when opening DKE protected content)</LI> </OL> <P>Repeated attempts for decrypt operations where the server responds with 401 would indicate authentication issues. <BR />If clients fail to protect content with DKE labels and there’s no activity in the web server logs, likely there’s a misconfiguration or a connectivity issue.</P> <P>&nbsp;</P> <H3>T4: Event logs</H3> <P>Check the event logs for any exception messages. <BR />If you installed the DKE service on IIS, you’ll find the event log in «Windows Event Viewer», «Application log».<BR />If you’re hosting the DKE service on an Azure web app, you’ll find the event log as follows:</P> <OL> <LI>Go to your App Service</LI> <LI>Open left-hand menu, "Diagnose and solve problems"</LI> <LI>Select «Diagnostic Tools» (in the main pane)</LI> <LI>Open «Support Tools/Application Event Logs» on the left-hand menu of the new screen</LI> </OL> <P>&nbsp;</P> <H2>Part C: Step by Step guide</H2> <P>In order to narrow down which piece is missing, we suggest to perform the troubleshooting in the following order:</P> <OL> <LI>Check the web site with the validation script.</LI> <LI>Try to save a document protected with a DKE label.</LI> <LI>Have another user open a DKE protected document.</LI> <LI>Let a user re-label a DKE protected document by right-clicking the document and selecting «classify and protect».</LI> </OL> <P>Some resolution steps refer to checklist items and tools. The reference uses codes that are prepended to the titles of the checklist items (e.g. «CL1») and tools (e.g. «T4»).</P> <P>&nbsp;</P> <H3>Step 1: Check the web site with the validation script</H3> <P>We suggest to run the validation script:</P> <PRE>[…]\DoubleKeyEncryptionService\src\customer-key-store\scripts&gt; .\key_store_tester.ps1 &lt;DKE URL&gt;/&lt;Key&gt;</PRE> <P>If this is successful, please proceed with step 2.</P> <P>However you may see the following output:</P> <PRE>Validation request started: &lt;DKE URL&gt;/&lt;Key&gt;<BR />Validation failure: Unable to access the provided url Not Found</PRE> <P>Similarly, a 404 error is issued when you open the URL in a web browser.<BR />This indicates one of the following issues:</P> <TABLE> <TBODY> <TR> <TD width="302"> <P><STRONG>Potential issue</STRONG></P> </TD> <TD width="302"> <P><STRONG>Suggested resolution steps</STRONG></P> </TD> </TR> <TR> <TD width="302"> <P><STRONG>The URL is not correct.</STRONG></P> </TD> <TD width="302"> <P>Double-check the URL, please observe that the key name in the URL is case sensitive.</P> </TD> </TR> <TR> <TD width="302"> <P><STRONG>There’s an internal exception in the web site.</STRONG></P> </TD> <TD width="302"> <P>Check the event log on the DKE service (see tool T4).</P> </TD> </TR> </TBODY> </TABLE> <H3>&nbsp;</H3> <H3>Step 2: Try to save a document protected with a DKE label</H3> <P>(Ensure the DKE label has defined «Allow offline access:» as «Always».)<BR />Saving the document successfully shows the client can reach the DKE service anonymously and the service provides a suitable RSA key. In this case, please proceed with step 3.<BR />But you might encounter this behavior:<BR />Despite having ample space on a disk (or on OneDrive), the following message is shown when saving a DKE protected document: «Word cannot save or create this file. Make sure the disk you want to save the file on it is not full, write-protected, or damaged.»<BR />This indicates one of the following issues:</P> <TABLE> <TBODY> <TR> <TD width="274"> <P><STRONG>Potential issue</STRONG></P> </TD> <TD width="330"> <P><STRONG>Suggested resolution steps</STRONG></P> </TD> </TR> <TR> <TD width="274"> <P><STRONG>The client is not configured to use DKE. </STRONG></P> </TD> <TD width="330"> <P>Re-check the Office version (see checklist item CL1).</P> <P>Verify the DKE registry keys have been imported on the client (see checklist item CL9).</P> </TD> </TR> <TR> <TD width="274"> <P><STRONG>The client cannot reach the DKE service.</STRONG></P> </TD> <TD width="330"> <P>On the client, try opening the DKE-URL configured in the sensitivity label. If that fails, fix the network issue as needed.</P> </TD> </TR> </TBODY> </TABLE> <H3>&nbsp;</H3> <H3>Step 3: Have another user open a DKE protected document</H3> <P>If user1 protects a document with DKE and user2 succeeds in opening this document, users can be authenticated to DKE. In this case you may proceed with step 4.<BR />But a user trying to open a DKE document not protected by herself may see the following error message:<BR />«You are not signed in to Office with an account that has permission to open this document. You may sign in a new account into Office that has permission or request permission from the content owner.»<BR />This indicates one of the following issues:</P> <TABLE> <TBODY> <TR> <TD width="486px" height="30px"> <P><STRONG>Potential issue</STRONG></P> </TD> <TD width="486px" height="30px"> <P><STRONG>Suggested resolution steps</STRONG></P> </TD> </TR> <TR> <TD width="486px" height="57px"> <P><STRONG>The user hasn’t been granted permission in the sensitivity label.</STRONG></P> </TD> <TD width="486px" height="57px"> <P>During tests, try granting the whole tenant access in the sensitivity label permissions (see checklist item CL5).</P> </TD> </TR> <TR> <TD width="486px" height="57px"> <P><STRONG>The DKE service URL contains a sub-folder.</STRONG></P> </TD> <TD width="486px" height="57px"> <P>Verify that the DKE URL consists of the FQDN only (see checklist item CL2).</P> </TD> </TR> <TR> <TD width="486px" height="30px"> <P><STRONG>The web application isn’t configured correctly.</STRONG></P> </TD> <TD width="486px" height="30px"> <P>Check the settings in the web application (see checklist item CL6).</P> </TD> </TR> <TR> <TD width="486px" height="111px"> <P><STRONG>The DKE service is hosted on IIS, but it cannot reach Azure AD due to lacking outbound Internet connectivity.</STRONG></P> </TD> <TD width="486px" height="111px"> <P>Check for exception «System.InvalidOperationException: IDX20803: Unable to obtain configuration» in the event viewer (see tool T4).</P> <P>If this exception occurs, make sure the DKE service has outbound connectivity.</P> </TD> </TR> <TR> <TD width="486px" height="57px"> <P><STRONG>The configuration file doesn’t grant permission for the tenant.</STRONG></P> </TD> <TD width="486px" height="57px"> <P>Ensure «TrustedIssuers» contains the tenant specific URL (see checklist item CL10).</P> </TD> </TR> <TR> <TD width="486px" height="30px"> <P><STRONG>DKE doesn’t authorize the user to access the service.</STRONG></P> </TD> <TD width="486px" height="30px"> <P>Check the authorization option (see checklist item CL7).</P> </TD> </TR> <TR> <TD width="486px" height="57px"> <P><STRONG>The host name in the "JwtAudience" doesn't exactly match the host name in the DKE URL (including case).</STRONG></P> </TD> <TD width="486px" height="57px"> <P>Check the exact spelling of the host name, including case (see checklist item CL11).</P> </TD> </TR> </TBODY> </TABLE> <H3>&nbsp;</H3> <H3>Step 4: Let a user re-label her own DKE protected document with right-click, «classify and protect»</H3> <P>(For this test, the user has protected the document herself in Office.)<BR />If the user succeeds in re-labeling this protected document with right-click, the AIP client is also registered with the web application and an Office version supporting DKE is installed.<BR />However, the user may see the following error message in the AIP client:<BR />«An unknown error occurred. If this problem persists, contact your administrator or help desk.»<BR />This indicates one of the following issues:</P> <TABLE> <TBODY> <TR> <TD width="274"> <P><STRONG>Potential issue</STRONG></P> </TD> <TD width="330"> <P><STRONG>Suggested resolution steps</STRONG></P> </TD> </TR> <TR> <TD width="274"> <P><STRONG>The client doesn’t have the correct Office version installed. </STRONG></P> </TD> <TD width="330"> <P>Re-check the Office version (see checklist item CL1).</P> </TD> </TR> <TR> <TD width="274"> <P><STRONG>The AIP client is not registered in the web application.</STRONG></P> </TD> <TD width="330"> <P>Check whether the client ID for the AIP client has also been registered in the web application (see checklist item CL6).</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> Tue, 11 May 2021 21:01:26 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/dke-troubleshooting/ba-p/2234252 Martin_Sieber 2021-05-11T21:01:26Z The Best of Microsoft Compliance at Ignite March 2021 https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-best-of-microsoft-compliance-at-ignite-march-2021/ba-p/2228835 <P>This will be your guide to the best things about Microsoft Compliance at Ignite March 2021. Bookmark it. Save it.&nbsp; Come back to it. Share it. Reference it. Enjoy.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Best-Compliance-Ignite-March-2021.PNG" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/271412i7F22ABBA516F9332/image-size/medium?v=v2&amp;px=400" role="button" title="Best-Compliance-Ignite-March-2021.PNG" alt="Best-Compliance-Ignite-March-2021.PNG" /></span></P> <P>&nbsp;</P> <P>Microsoft Ignite March 2021 may be over but that does not mean you have to stop learning about Microsoft Compliance.&nbsp; Earlier this year Microsoft CVP of Security, Compliance, and Identity (SCI), Vasu Jakkal spoke about how <A href="#" target="_blank" rel="noopener">Microsoft surpassed over $10 billion of security business revenue</A>. And while that’s a significant milestone we are just getting started. &nbsp;Don’t be fooled…we are not just best in suite; we are best in breed. Just ask <A href="#" target="_blank" rel="noopener">Gartner - the Magic Quadrants</A> we reside in say so. &nbsp;</P> <P>&nbsp;</P> <P>Anyway, I digress.&nbsp; Here is a quick recap of the Compliance announcements you may have missed:</P> <P>&nbsp;</P> <P><STRONG>Microsoft Compliance Announcements</STRONG></P> <UL> <LI><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/announcing-co-authoring-on-microsoft-information-protection/ba-p/2164162" target="_blank" rel="noopener">Microsoft Information Protection document co-authoring</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 Insider Risk Management Analytics</A></LI> <LI><A href="#" target="_blank" rel="noopener">Microsoft 365 data loss prevention (DLP) for Chrome browsers and more</A></LI> <LI><A href="#" target="_blank" rel="noopener">Azure Purview integration with Microsoft Information Protection</A></LI> </UL> <P>&nbsp;</P> <P>Additionally, here goes the list of on-demand sessions you must absolutely watch in case you missed any of our Compliance goodies.</P> <P>&nbsp;</P> <P><STRONG>Security Keynote</STRONG></P> <P>CVP Vasu Jakkal talked about Microsoft’s vision on <STRONG>Security for All</STRONG> including how to reduce complexity and defend your organization against business risk with innovations in security, compliance, identity, and management. She is joined by a start studded cast, Security leader Andrew Conway, Identity leader Irina Nechaeva, and Compliance leader Alym Rayani, as they dig into the latest news, releases, and updates. <A href="#" target="_blank" rel="noopener"><STRONG>WATCH ON-DEMAND Security for All</STRONG></A></P> <P>&nbsp;</P> <P><STRONG>Compliance Keynote</STRONG></P> <P>Microsoft Compliance GM Alym Rayani illuminates how Microsoft’s risk management and compliance solutions enable you to identify and respond to these emerging risks while keeping your most important information safe. <A href="#" target="_blank" rel="noopener"><STRONG>WATCH ON-DEMAND Manage risk and secure information across your environment</STRONG></A></P> <P>&nbsp;</P> <P><STRONG>Compliance Sessions</STRONG></P> <UL> <LI><A href="#" target="_blank" rel="noopener">Deploy intelligent information protection and data loss prevention</A></LI> <LI><A href="#" target="_blank" rel="noopener">Take charge of data governance across your digital landscape</A></LI> <LI><A href="#" target="_blank" rel="noopener">Secure your sensitive information with Insider Risk Management</A></LI> </UL> <P>&nbsp;</P> <P><STRONG>Ask the Experts</STRONG></P> <UL> <LI><A href="#" target="_blank" rel="noopener">Secure your sensitive information with Insider Risk Management (microsoft.com)</A></LI> </UL> <P>&nbsp;</P> <P><STRONG>Security &amp; Compliance Certifications</STRONG></P> <UL> <LI><A href="#" target="_blank" rel="noopener">Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals (beta)</A></LI> <LI><A href="#" target="_blank" rel="noopener">Exam SC-400: Microsoft Information Protection Administrator (Security exam beta)</A></LI> </UL> <P>&nbsp;</P> <P><STRONG>Security &amp; Learning Path (Online – Free)</STRONG></P> <UL> <LI><A href="#" target="_blank" rel="noopener">Describe the concepts of security, compliance, and identity</A></LI> <LI><A href="#" target="_blank" rel="noopener">Manage information protection and governance</A></LI> </UL> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>Compliance Blogs</STRONG></P> <UL> <LI><A href="#" target="_blank" rel="noopener">4 ways Microsoft is delivering security for all in a Zero Trust world</A></LI> <LI><A href="#" target="_blank" rel="noopener">Securing and governing data in a new hybrid work reality</A></LI> <LI><A href="#" target="_blank" rel="noopener">Compliance joins Microsoft Intelligent Security Association (MISA)</A></LI> </UL> <P>&nbsp;</P> <P>To learn more about Microsoft Security solutions,&nbsp;<A href="#" target="_blank" rel="noopener">visit our&nbsp;website</A>.&nbsp;Bookmark the&nbsp;<A href="#" target="_blank" rel="noopener">Security blog</A>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<A href="#" target="_blank" rel="noopener">@MSFTSecurity</A>&nbsp;for the latest news and updates on cybersecurity.</P> <P>&nbsp;</P> <P>Follow Christopher on <A href="#" target="_blank" rel="noopener">Twitter</A> and <A href="#" target="_blank" rel="noopener">LinkedIn</A></P> Tue, 11 May 2021 20:59:45 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/the-best-of-microsoft-compliance-at-ignite-march-2021/ba-p/2228835 ChristopherCampbell 2021-05-11T20:59:45Z Getting to know the Microsoft Information Protection and Compliance Customer Experience Team https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/getting-to-know-the-microsoft-information-protection-and/ba-p/2160170 <P><STRONG>(VOICES OF DATA PROTECTION - Episode 5)</STRONG></P> <P><U>Host</U>:&nbsp; Bhavanesh Rengarajan – Principal Program Manager, Microsoft</P> <P><U>Guest</U>:&nbsp; Mavi Etzyon-Grizer – Director of Information Protection, Security &amp; Compliance Customer Experience Team, Microsoft</P> <P><EM>&nbsp;</EM></P> <P><EM>The following conversation is adapted from transcripts of Episode 5 of the </EM><A href="#" target="_blank" rel="noopener"><EM>Voices of Data Protection</EM></A><EM> podcast.&nbsp; There may be slight edits in order to make this conversation easier for readers to follow along.</EM></P> <P><EM>&nbsp;</EM></P> <P><EM>This podcast features the leaders, program managers from Microsoft and experts from the industry to share details about the latest solutions and processes to help you manage your data, keep it safe and stay compliant.&nbsp; If you prefer to listen to the audio of this podcast instead, please visit:&nbsp; </EM><A href="#" target="_blank" rel="noopener"><EM>aka.ms/voicesofdataprotection</EM></A></P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>BHAVANESH: </STRONG>Welcome to Voices of Data Protection. I’m your host, Bhavanesh Rengarajan, and I’m a Principal Program Manager at Microsoft.</P> <P>&nbsp;</P> <P>So, Mavi, why don’t you give a quick introduction about yourself?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Hey, Bhavy, super excited to be here. My name is Mavi, and I lead the Microsoft Information Protection and Security and Compliance Customer Experience team. My team helps customers deploy and use our security and compliance products, and they are spread all over the world just ready to help our customers use our products.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>So, Mavi, I’ve been talking to a few of my colleagues here at Microsoft, and I hear that you’ve not done a good job at all. What you’ve done is a great job. &nbsp;Why don’t you talk about your program to bring our audience up to speed?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>We’re in our first-year anniversary, right now. We did private previews, we did a lot of webinars, we did a lot of community blogs. We help customers deploy. We’re doing video blogs. We’re doing so many things just to help our customers understand the benefits of our solutions, and how they can go ahead today and deploy, it in super easy steps such as one, two, three, and that’s it.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>If you have to summarize your top three achievements as a team, over the last one year, and basically, I would like to issue for your first anniversary, over here, the team. So, what would those three big achievements be?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>I would say number one would be basically having the team well recognized, you know, inside and outside Microsoft as the leader in deploying our security and compliance solutions. Second thing is the technical depth and understanding that the team has. This is a huge, huge win, because you know we spent so many hours in understanding how our products work to help our customers benefit and help them deploy. And the third is everything that we’re doing to benefit the customers. We’re the voice of the customer within engineering. So, we are channeling all the feedback, back to engineering, and we help that build a better product that will both benefit Microsoft, but also our customers.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>That’s good. What do you think are the things that you’ve done really well, over the last six months or so, in your team?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Really well, are all the video blogs, webinars, and blogs that we made, all of the presentations we gave at RSA, Ignite, and other internal and external events at Microsoft. I think we did this very, very well. And also, we’re able to identify the use cases for customers and help them build a policy to match their use cases specifically.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>I have also heard that you know, you do something called a Customer Learning Day. Can you talk about that a bit? I’m pretty sure a lot of our customers or partners would want to feature that.</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>What a great question, Bhavi, thank you. On Customer Learning Day, we give our customers the opportunity to talk to our leadership in Microsoft, share their good, the bad, the ugly, and you know, we’re not looking for lovey-dovey conversation. It’s more of a constructive feedback on what Microsoft did well, but also, we’re interested in learning what we didn’t do very well, and what we could do to improve and help our customers deploy.</P> <P>&nbsp;</P> <P>This is basically two days where customers get the perfect opportunity to talk to our leadership team and share their use cases, experiences, and also roadmap, and where they’re headed, and how we, at Microsoft, what we can do to help them.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Mavi, is there a way in which our customers can reach out to you and your team? Do you run some sort of sessions or consortiums where you can have these offline conversations and try to bubble these things up in the right engineering leaders?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>These Customer Learning Days happen twice a year, but if there’s a specific customer that we see that has a very interesting deployment story or has very constructive or focused feedback on things that we’re doing, then we will always make sure that someone from either leadership or engineering would be meeting with that customer. The case, then yeah, we’ll obviously reach out and make sure that this will happen.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Wow, that’s great. What are all the various solution that your team caters to?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>We have like four pillars in my team. One is information protection. That is all the information protection and DLP area. The other one is information governance. That’s all the records management that we’re doing. Third is discover and respond. That is the best discovery that we have in the events audit pillar. And last but not least, is the insider risk and communication compliance section, which we’re helping organizations protect their data from inside and also outside threats.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>And where do you see a lot of updates across the solutions, if you want to rank and say, well, here is where I see a lot of customers interested in, what would that be?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>I can tell you that insider risk has a huge growing interest in that area, but also in our new endpoint DLP (data loss prevention) solution, and in our team DLP. So, those three areas combining obviously, with our – with our other pillars, such as information protection, all together, this has a huge interest with our customers.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>And I would definitely suggest our audience to watch all your webinars.&nbsp; Let me ask you this tough question, Mavi. So, what do you think you and your team have done differently over the last six months?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>If I really had to think about this, I think we need to create more end-to-end stories to share with customers, so they can see the value, you know, for the whole compliance story and benefit from it. Because I think what we’re doing is we’re focusing just on information protection, or just information governance. But if we can tie the story as an end to end, that would resonate more with our customer, and this is something that I asked the team to focus on in the next few months, so customers, when they come to deploy our solutions, they will have the whole story and even understand, you know, where to start from, what to do what’s coming next, how to plan for that. This is something that I think we should have done in the last six months, but we’re going to focus it in the next six months.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>And I remember one of our conversation, Mavi. This was like a few months ago, wherein you also resonated saying that having some sort of an onboarding mechanism for customers would make a lot of sense, because a lot of our customers are in different points in their journey, on be it information protection or information governance. So, we do not do a great job of tying those pieces of puzzle together. Do you want to share your thoughts?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>What we found out is customers, they say, hey, you have this great solution, but help us out, tell us where to start.&nbsp; They come to our Security and Compliance Center; they’re overwhelmed with the amount of data that we’re showing them. And they just want our help, learning how to onboard, what to do, what’s coming up next, and the thought that we had was helping them out in a very intuitive way.&nbsp; They can go ahead and just enable some policies and benefit from the products they already own.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Okay, I think the way in which I would draw similarities is very – very much in context to how we have these taxation tools, right.&nbsp; And we all do not understand taxes to the same extent, but then these tools really help us efficiently file our taxes every single year.</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Yes, exactly.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Yeah. Let’s now head into the quick-fire section, Mavi. So, I’m going to just ask you a few of these questions, and whatever comes to your mind. Customer?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Obsession.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Partner?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>We’re in this together.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Roadmap?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>The way to success.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>And what’s success?</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>MAVI: </STRONG>No limits.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>And failure?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Never heard that word before.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH: </STRONG>Okay, I was actually expecting you to say something like that. It’s not in my dictionary or something. I think that’s about it. Is there anything else that you want to convey to our audience now?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>Yeah. I want to encourage our audience. You know, sometimes all of our security products are so overwhelming, and they don’t know where to start or what to do. Sometimes they’re busy and want to first have all the solutions, and then start thinking about what to do. No, no. You start doing whatever you already own. Because building that first layer of security is actually the first step to ensure that your data is safe and protected.</P> <P>&nbsp;</P> <P><STRONG>BHAVANESH:&nbsp; </STRONG>And Mavi, is there any specific link that they can go to, to read about you and your team?</P> <P>&nbsp;</P> <P><STRONG>MAVI: </STRONG>We post all our blogs at <A href="#" target="_self">aka.ms/mipc/techcommunity</A>. That’s a great place for resources, and for all the webinars that we’re doing, it’s at <A href="#" target="_self">aka.ms/mipc/webinars</A>&nbsp;so there they can see the previous webinars and all our future webinars.</P> <P>&nbsp;</P> <P><EM>To learn more about this episode of the Voices of Data Protection podcast, visit:&nbsp;<A href="#" target="_blank" rel="noopener">https://</A></EM><A href="#" target="_blank" rel="noopener"><EM>aka.ms/voicesofdataprotection</EM></A><EM>.</EM></P> <P><EM>For more on Microsoft Information Protection &amp; Governance, </EM><A href="#" target="_blank" rel="noopener"><EM>click here</EM></A><EM>.</EM></P> <P><EM>To subscribe to the Microsoft Security YouTube channel, </EM><A href="#" target="_blank" rel="noopener"><EM>click here</EM></A><EM>.</EM></P> <P><EM>Follow Microsoft Security on </EM><A href="#" target="_blank" rel="noopener"><EM>Twitter</EM></A><EM> and </EM><A href="#" target="_blank" rel="noopener"><EM>LinkedIn</EM></A><EM>.</EM></P> <P><EM>&nbsp;</EM></P> <P><EM>Keep in touch with Bhavanesh on </EM><A href="#" target="_blank" rel="noopener"><EM>LinkedIn</EM></A><EM>.</EM></P> <P><EM>Keep in touch with Mavi on </EM><A href="#" target="_blank" rel="noopener"><EM>LinkedIn</EM></A><EM>.</EM></P> Tue, 11 May 2021 20:58:26 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/getting-to-know-the-microsoft-information-protection-and/ba-p/2160170 aletheap 2021-05-11T20:58:26Z Introduction to Compliance Manager Vblog https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/introduction-to-compliance-manager-vblog/ba-p/2227643 <P>What is Compliance Manager?&nbsp;</P> <P>What's in it for compliance managers and IT admins?</P> <P>Watch our video blog to understand how it can help you navigate between all regulations and compliance requirements today!</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><IFRAME src="https://8gportalvhdsf9v440s15hrt.blob.core.windows.net/videos/Security Privacy Compliance/IntroductiontoComplianceManager.mp4" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"></IFRAME></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also make sure to request more video blogs here:&nbsp;<A href="#" target="_blank" rel="noopener">https://forms.office.com/r/ttQLeJg3WY</A></P> Tue, 11 May 2021 20:57:15 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/introduction-to-compliance-manager-vblog/ba-p/2227643 Mavi Etzyon-Grizer 2021-05-11T20:57:15Z Office Channels Webinar https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/office-channels-webinar/ba-p/2223780 <P>This webinar provides an overview of the Microsoft 365 Apps upgrade and the new management strategy, as well as servicing channel best practices and Microsoft Information Protection.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Teaser Office Channels.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/265669iD02B99857C50A9FB/image-size/large?v=v2&amp;px=999" role="button" title="Teaser Office Channels.PNG" alt="Teaser Office Channels.PNG" /></span></P> <P><SPAN>Resources:</SPAN></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><A href="#" target="_blank">What's new in the Microsoft 365 admin center? - Microsoft 365 admin | Microsoft Docs</A></P> <P><FONT size="2"><A href="#" target="_blank">About the Microsoft 365 admin center</A></FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><A href="#" target="_blank">What's new in Office deployment for IT Pros - Deploy Office | Microsoft Docs</A></P> <P>&nbsp;</P> <P><SPAN>This webinar was presented on February 24, 2021, and the recording can be found&nbsp;<A href="#" target="_blank" rel="noopener noreferrer">here</A></SPAN><SPAN>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Attached to this post are:</SPAN></P> <OL type="1"> <LI value="1">The FAQ document that summarizes the questions and answers that came up over the course of both Webinars.</LI> <LI>A PDF copy of the presentation.</LI> </OL> <P><SPAN>Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer"><SPAN>Tech Community</SPAN></A><SPAN>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Thanks!</SPAN></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin<SPAN>&nbsp;</SPAN></A><SPAN>on behalf of the MIP and Compliance CXE team</SPAN></P> Tue, 11 May 2021 21:07:45 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/office-channels-webinar/ba-p/2223780 Robin_Baldwin 2021-05-11T21:07:45Z Extending MIP with High Value 3rd Party Solutions Webinar https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/extending-mip-with-high-value-3rd-party-solutions-webinar/ba-p/2220774 <P>This webinar covers how to extend the capability of Microsoft Information Protection (MIP) by utilizing various third party solutions developed by Secude, Synergy Advisors, Cognni and Netwoven.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Teaser MIP 3rd Party.PNG" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/265325i3525C1AA7D46A34F/image-size/large?v=v2&amp;px=999" role="button" title="Teaser MIP 3rd Party.PNG" alt="Teaser MIP 3rd Party.PNG" /></span></P> <P><SPAN>Resources:</SPAN></P> <P><SPAN><A href="#" target="_blank" rel="noopener">Microsoft Information Protection (MIP) in Microsoft 365</A></SPAN></P> <P><A href="#" target="_blank" rel="noopener"><SPAN>Learn about sensitive information types</SPAN></A></P> <P>&nbsp;</P> <P><SPAN>This webinar was presented on February 10, 2021, and the recording can be found&nbsp;<A href="#" target="_blank" rel="noopener">here</A></SPAN><SPAN>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Attached to this post are:</SPAN></P> <OL type="1"> <LI value="1">The FAQ document that summarizes the questions and answers that came up over the course of both Webinars.</LI> <LI>A PDF copy of the presentation.</LI> </OL> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the&nbsp;</SPAN><A href="#" target="_blank" rel="noopener noreferrer"><SPAN>Tech Community</SPAN></A><SPAN>.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>Thanks!</SPAN></P> <P><A href="https://gorovian.000webhostapp.com/?exam=t5/user/viewprofilepage/user-id/975129" target="_blank" rel="noopener">@Robin_Baldwin<SPAN>&nbsp;</SPAN></A><SPAN>on behalf of the MIP and Compliance CXE team</SPAN></P> Tue, 11 May 2021 21:08:33 GMT https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/extending-mip-with-high-value-3rd-party-solutions-webinar/ba-p/2220774 Robin_Baldwin 2021-05-11T21:08:33Z Practitioners guide to effectively managing insider risks (UNCOVERING HIDDEN RISKS – Episode 5) https://gorovian.000webhostapp.com/?exam=t5/security-compliance-and-identity/practitioners-guide-to-effectively-managing-insider-risks/ba-p/2160113 <P><U>Host</U>:&nbsp; Raman Kalyan – Director, Microsoft</P> <P><U>Host</U>:&nbsp; Talhah Mir - &nbsp;&nbsp;Principal Program Manager, Microsoft</P> <P><U>Guest</U>:&nbsp; Dawn Cappelli – VP of Global Security &amp; CISO, Rockwell Automation</P> <P><EM>&nbsp;</EM></P> <P><EM>The following conversation is adapted from transcripts of Episode 5 of the </EM><A href="#" target="_blank"><EM>Uncovering Hidden Risks</EM></A> <EM>podcast.&nbsp; There may be slight edits in order to make this conversation easier for readers to follow along.&nbsp; You can view the full transcripts of this episode at:&nbsp; </EM><A href="#" target="_blank"><EM>https://aka.ms/uncoveringhiddenrisks</EM></A></P> <P>&nbsp;</P> <P><EM>In this podcast we explore steps to take to set up and run an insider risk management program.&nbsp; We talk about specific organizations to collaborate with, and top risks to address first.&nbsp; We hear directly from an expert with three decades of experience setting up impactful insider risk management programs in government and private sector.</EM></P> <P>&nbsp;</P> <P><STRONG>RAMAN:&nbsp; </STRONG>Hi, I'm Raman Kalyan, I'm with Microsoft 365 Product Marketing Team.</P> <P>&nbsp;</P> <P><STRONG>TALHAH:&nbsp; </STRONG>And I'm Talhah Mir, Principal Program Manager on the Security Compliance Team.</P> <P>&nbsp;</P> <P><STRONG>RAMAN:&nbsp; </STRONG>We have more time with Dawn Cappelli, CISO of Rockwell Automation.&nbsp; We're going to talk to her about how to set up an effective insider risk management program in your organization.</P> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>TALHAH:&nbsp; </STRONG>That's right. Getting a holistic view of what it takes to properly identify and manage that risk and do it in a way so that it's aligned with your corporate culture and your corporate privacy requirements and legal requirements.&nbsp; Ramen and I talk to a lot of customers now and it's humbling to see how front and center insider risk, insider threat management, has become, but at the same time, customers are still asking, "How do I get started?"&nbsp;</P> <P>&nbsp;</P> <P>Dawn, what do you tell those customers, those peers of yours in the industry today, with the kind of landscape and the kind of technologies and processes and understanding we have, in terms of how to get started building out an effective program?</P> <P>&nbsp;</P> <P><STRONG>DAWN:&nbsp; </STRONG>First of all, you need to get HR on board. I mean, that's essential. We have insider risk training that is specifically for HR. They have to take it every single year. &nbsp;We have our security awareness training that every employee in the company has to take every year, HR in addition has to take specific insider risk training. So, in that way we know that globally we're covered. So that's where I started, was by training HR, and that way the serious behavioral issues, I mean, IP theft is easier to detect, but sabotage is a serious issue, and it does happen.</P> <P>&nbsp;</P> <P>I'm not going to say it happens in every company, but when you read about an insider cyber sabotage case, it's really scary, because this is where you have your very technical users who are very upset about something, they are angry with the company, and they have what the psychologists called personal predispositions that make them prone to take action. Because most people, no matter how angry you are, most people are not going to actually try to cause harm, it's just not in our human nature.</P> <P>&nbsp;</P> <P>But like I said, I worked with psychologists from day one, and they said, "The people that commit sabotage, they have these personal predispositions. They don't get along with people well, they feel like they're above the rules, they don't take criticism well, you kind of feel like you have to walk on eggshells around them." And so I think a good place to start is by educating HR so that if they see that, they see someone who has that personality and they are very angry, very upset, and their behaviors are bad enough that someone came to HR to report it, HR needs to contact, even if you don't have an insider risk team, contact your IT security team and get legal involved, because you could have a serious issue on your hand. And so, I think educating HR is a good to start.</P> <P>&nbsp;</P> <P>Of course, technical controls are a good place to start. Think about how you can prevent insider threats. That's the best thing to do is lock things down so that, first of all, people can only access what they need to, and secondly, they can only move it where they need to be able to move information. So really think about those proactive technical controls.</P> <P>&nbsp;</P> <P>And then third, take that look back, like we talked about Talhah, take that look back. Pick out just some key people, go to your key business segments and say, "Hey, who's left in the past" I mean, as long as your logs go back, if they go back six months, you can go back six months. But just give me the name of someone who's left who had access to the crown jewels, and just take a look in all those logs and see what you see. And you might be surprised.</P> <P>&nbsp;</P> <P><STRONG>TALHAH:&nbsp; </STRONG>Dawn, we're actually hearing that from our customers quite a bit.&nbsp; The way they frame it is that, "Why don't you look through