Microsoft Information Protection
Protection of confidential data gets more challenging every day as it is widely used via various devices and apps. Microsoft Information Protection allows companies to keep confidential data safe and secure, wherever it lives or moves through cloud services and on-premises.
Microsoft Information Protections services are simple to manage, they provide in-depth analytics and help IT admins better understand your sensitive data landscape and take corrective actions. Its capabilities provide end-users with a simple way of securing their information, without inhibiting their productivity.
Microsoft Information Protection offers capacities that are typically included as part of the Microsoft Information Protection discussion.
Configure Sensitivity Labels and DLP Policy
Configuring DLP policies will help you block the accidental loss of confidential information. It is easy to create an encryption policy immediately while creating the label or add it later. Only the users and groups selected will be assigned permissions to use the content that has this label applied. Enabling content marking you can add custom headers, footers, and watermarks to the content that has this label applied.
During the final review of the settings, you can edit specific settings or choose to create the label. After the label is created, settings can still be edited, the label can be published or deleted. The user can employ the label right after it has been created and configured.
Office 365 DLP policies will help you stay relevant and match the business standards, keep the data protected and prevent accidental oversharing and leakage. DLP allows you to easily detect sensitive data across various locations and control policy violations for further investigation. It provides locations for storing your data, conditions for applying policy and the ways of defending the content.
Native Sensitivity Labeling in Office Apps Across Platforms
Microsoft is improving the data protection experience for its end-users by making it simple to add sensitivity labels to their documents and emails. The easier it is to do, the more likely they are to classify data correctly. This service has been embedded into Office apps across platforms and all the sensitivity labels exist on the Sensitivity button, on the Home tab, and on the Ribbon.
When collaborating with your colleagues on a document using your corporate MacBook, you’re going to use Office for Mac. Right within Word on Mac, you can use the new, built-in label picker to easily select
the right label that’s appropriate for the document.
Like Word, in Excel, you can use the new, natively integrated label picker to easily select the right label that’s right for this document. Using the drop-down menu, you can apply “Confidential-Finance” label.
When the email is sent, the receiver will see that the email is protected. The header of the email contains information indicating that it is Confidential. The header information displayed can be customized by IT admins.
There is also the Sensitivity button that allows you to employ the different labels in Office apps on iOS devices. As you use different labels, the watermark reflects the one you have selected. Selecting labels is the same within apps on a platform. When using PowerPoint, you see the same sets of labels as you did in Word. Initially the document has no labels applied.
Labels are applied very consistently across platforms. No matter what platform you’re using, the appropriate permissions and watermarks will be applied.
Send a Protected Email to an External User
Nowadays people often tend to exchange various sensitive data via emails. As a result, their mailboxes turn to repositories for large amount of confidential information, and its leakage can become a serious threat to your company.
Office 365 Message Encryption is used across a variety of services. It enables you to send a secure email to everyone inside and outside the company. Recipients can easily read and respond to messages protected by Office 365 Message Encryption regardless of the email provider they use.
To Send a Protected message to a Gmail User, you will have to create policies that enforce encryption on all email messages sent to external recipients. Then all the new messages composed to an external recipient, will be automatically protected.
Gmail is not RMS-aware, so when a user receives the message, it’s wrapped in another email that provides instructions on how to read it.
If you are using Gmail, there is an option of using the new federated sign-in experience to read this message. When you sign in with your Gmail credentials, the message is displayed.
And no matter what email provider the recipient uses, they can always read an encrypted message by requesting a one-time key.
Prevent Sharing of Sensitive Data with Office 365 Data Loss Prevention
To stay up-to-date and follow all the industry rules, companies need to keep sensitive data safe. DLP policy helps you analyze confidential information through Office 365, avoid its inadvertent disclosure and ensure its security in the desktop versions of Excel, PowerPoint and Word.
You can use DLP to allow the blockage of sensitive data contained in chats and channel conversations. When a message is sent, it is inspected for sensitive data in near real-time.
Policy tips inform the sender of the reason why the message is blocked and allow end-users to revoke it. This is very important for companies that use Microsoft Teams to boost their workforce collaboration and increase their production capacity, as they are provided with a great way to provide appropriate control and management of their data.
Protect Sensitive Files in 3rd Party Cloud Services
A lot of data lives in cloud services and SaaS apps. Microsoft Information Protection makes it easy to discover, analyze, and safeguard your information that resides in cloud services. This leverages the classification methods and sensitivity labels used in other Microsoft information protection services.
It is possible to create a file policy using Microsoft Cloud App Security, that enable content with specific key words or sensitivity types to be labeled and protected.
Your company can use a cloud service storage, such as Box, to store and share some of your confidential documents. When a file is uploaded to a 3rd party service, that contains the key words or matches sensitive information types, the label will be automatically applied.
Microsoft solutions work together to keep your confidential information safe and secure, even if it is stored in the cloud.
Protect Sensitive Information on Windows 10 Devices
Protecting sensitive information is no longer limited to on-premises devices that are centrally managed and controlled. More and more, company data also resides on personal PCs and devices owned by employees.
Windows Information Protection helps protect sensitive data on Windows 10 devices against accidental leakage through apps, cloud services, and social media.
Windows understands sensitivity labels in documents and can use that information to enforce policy.
When you download a document from OneDrive, Windows Information Protection policy is enforced based on this sensitivity labels, which means blocking or controlling the copying or transfer of information from this labeled document to other apps and locations on the device.
If you want to share some of exciting information with your followers on Twitter, you can easily open the document using Microsoft Word, which is an approved work app. Note that the downloaded file, still has the Confidential label, as it did in OneDrive. You simply copy the text and paste it into a new tweet.
Windows Information Protection is used to ensure that labeled and protected files preserve their protection when being copied to removable storage, like a USB drive, or block copying to cloud locations, such as OneDrive for Business or other cloud repositories.