Microsoft’s unified Data Loss Prevention solution provides a simple and unified approach to protecting sensitive information from risky or inappropriate sharing, transfer, or use.
Today we are pleased to announce the General Availability of the Microsoft Compliance Extension for Chrome, available from the Chrome web store here.
Many organizations use the Chrome browser to support sensitive workflows and with this extension, customers now have Microsoft DLP and Insider Risk Management capabilities within the Chrome browser of their onboarded endpoint devices, so they can:
- Use Chrome as an approved browser with DLP for working with sensitive data
- Create custom and fine-grained DLP policies for Chrome to ensure sensitive data is properly handled and protected from disclosure including:
- Audit mode: Records policy violation events without impacting end-user activity
- Block with Override mode: Records and blocks the activity, but allows the user to override when they have a legitimate business need
- Block mode: Records and blocks the activity without giving the user the ability to override
- Use DLP events from Microsoft Compliance Extension for Chrome to support Insider Risk Management assessments and investigations
- Deliver new insights related to the obfuscation, exfiltration, or infiltration of sensitive information by insiders. For more information on Insider Risk Management, check out the Tech Community blog.
With the Microsoft Compliance Extension for Chrome, users are automatically alerted when they take a risky action with sensitive data and are provided with actionable policy tips and guidance to remediate properly.
As with other Microsoft unified DLP capabilities, the Microsoft Compliance Extension for Chrome provides the same familiar look and feel that users are already accustomed to from the applications and services they use every day. This reduces end-user training time and alert confusion and increases user confidence in the prescribed guidance and remediation offered in the policy tips. This approach can help improve policy compliance – without impacting productivity.
The Microsoft Compliance Extension for Chrome Browser – Use Case Examples
In Figure 1: Chrome DLP block with override for printing, we see how an organization can configure a DLP policy that allows the use of Chrome as an approved application to view sensitive data while protecting it from being printed. In this example, the policy was also configured to allow the information worker to override the policy when there is a justified business need. The business justification is logged as part of the DLP event in Compliance Center and can be reviewed at a later date to ensure compliance with approved business justifications.
Figure 1: Chrome DLP block with override for printing
In Figure 2: Chrome DLP allowing upload of a sensitive file to a sanctioned service domain, we see how a customer configured a DLP policy to allow an information worker using Chrome to upload a sensitive file to Box, an approved service domain
Figure 2: Chrome DLP allowing upload of a sensitive file to a sanctioned service domain
In Figure 3: Chrome DLP blocking upload of a sensitive file to an unsanctioned service domain, we see how a customer configured a DLP policy to block an information worker from using Chrome to upload a sensitive file to Dropbox. Dropbox is defined as an unsanctioned service domain in this DLP policy. In this instance, the policy was not configured to support user override and the user is unable to upload the document Dropbox. This policy violation is recorded as a DLP event and is available to be reviewed with full context in Compliance Center.
Figure 3: Chrome DLP blocking upload of a sensitive file to an unsanctioned service domain
The Microsoft Compliance Extension for Chrome in Compliance Center
In Figure 4: Compliance Center with Chrome App Event Filter, we see how an organization can apply a new filter to list Chrome related events for review and investigation.
Figure 4: Compliance Center with Chrome App Event Filer
In Figure 5: Chrome File Print Event Details 1 and Figure 6 – Chrome File Print Event Details 2, we see the full details of the Chrome file print event for review and investigation.
Figure 5: Chrome File Print Event Details 1
Figure 6: Chrome File Print Event Details 2
In Figure 7: Chrome File Copied to Cloud Event Details 1 and Figure 8 – Chrome File Copied to Cloud Event Details 2, we see the full details of the Chrome file upload to Dropbox event for review and investigation.
Figure 7: Chrome File Copied to Cloud Event Details 1
Figure 8: Chrome File Copied to Cloud Event Details 2
Microsoft Unified DLP Quick Path to Value
To help customers accelerate their deployment of a comprehensive information protection and data loss prevention strategy across all their environments containing sensitive data and help ensure immediate value, Microsoft provides a one-stop approach to data protection and DLP policy deployment within the Microsoft 365 Compliance Center.
Microsoft Information Protection (MIP) provides a common set of classification and data labeling tools that leverage AI and machine learning to support even the most complex of regulatory or internal sensitive information compliance mandates. MIP’s over 150 sensitive information types and over 40 built-in policy templates for common industry regulations and compliance offer a quick path to value.
Consistent User Experience
No matter where DLP is applied, users have a consistent and familiar experience when notified of an activity that is in violation of a defined policy. Policy Tips and guidance are provided using a familiar look and feel users are already accustomed to from applications and services they use every day. This approach can reduce end-user training time, eliminates alert confusion, increases user confidence in prescribed guidance and remediation, and improves overall compliance with policies – without impacting productivity.
Microsoft DLP integrates with other Security & Compliance solutions such as MIP, Microsoft Defender, and Insider Risk Management to provide broad and comprehensive coverage and visibility required by organizations to meet regulatory and policy compliance.
Figure 9: Integrated Insights
This approach reduces the dependence on individual and uncoordinated solutions from disparate providers to monitor user actions, remediate policy violations and educate users on the correct handling of sensitive data at the endpoint, on-premises, and in the cloud.
Microsoft DLP solution is part of a broader set of Information Protection and Governance solutions that are part of the Microsoft 365 Compliance Suite. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 Compliance Center to get started today.
- For more information on Data Loss Prevention, please see this and this
- For videos on Microsoft Unified DLP approach and Endpoint DLP see this and this
- For a Microsoft Mechanics video on Endpoint DLP see this
- For more information on the Microsoft Compliance Extension for Chrome see this and this
- For more information on DLP Alerts and Event Management, see this
- For more information on Sensitivity Labels as a condition for DLP policies, see this
- For more information on Sensitivity Labels, please see this
- For more information on conditions and actions for Unified DLP, please see this
- For the latest on Microsoft Information Protection, see this and this
- For more information on AIP scanner, see this
The Microsoft Information Protection team