This is the last post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page.
Your employees need to access, generate, and share organizational information ranging from extremely confidential to informal; you must ensure that all information and the movement of that information comply with industry standards without inhibiting workflow. Microsoft 365 security solutions can help you know what’s happening with your data, set permissions and classifications, and discover and help prevent leaks.
To better manage compliance processes, the first thing you’ll want to do is distribute the work out to compliance “specialists” across your organization. The Microsoft 365 Security & Compliance Center (Figure 1) makes this easy by providing a central location to assign people to specific compliance tasks, such as data loss prevention, eDiscovery, and data governance.
Figure 1: The Microsoft 365 Security & Compliance Center Dashboard.
Next, you’ll need to decide on your policies and data classifications that will allow you to take actions on data. To streamline this compliance task, Microsoft Advanced Data Governance offers automatic data classification and proactive policy recommendations—such as retention and deletion policies—throughout the data lifecycle. You can enable default system alerts to identify data governance risks, for example, detecting an employee deleting a large volume of files. You can also create custom alerts by specifying alert-matching conditions, thresholds, or other activities that require admin attention.
The Microsoft Security Compliance Manager (Figure 2) provides tools to proactively manage evolving data privacy regulations. You can perform ongoing risk assessments on security, compliance, and privacy controls across 11 assessments, including these standards:
Plus, regional standards and regulations, including:
As well as industry standards and regulations, such as:
Additionally, the Compliance Manager provides you with step-by-step guidance of how to implement controls to enhance your compliance posture and keep you updated with the current compliance landscape. In addition, built-in collaboration tools to help you assign, track, and record compliance activities to prepare for internal or external audits.
Figure 2: Compliance Manager provides tools to proactively manage evolving data privacy regulations.
With employees, partners, and other users sharing your data over cloud services, mobile devices, and apps, you need solutions that understand what data is sensitive and automatically protect and govern that data. The unified labeling experience for Microsoft 365 in the Security & Compliance Center provides a tool that allows you to configure data sensitivity labels and protection policies across Azure Information Protection and Office 365 in one location (Figure 3). You can create and customize labels that define the sensitivity of the data—for example, a label of “General” means the file doesn’t contain sensitive information, while “Highly Confidential” means the file contains very sensitive information. For each label, you can configure protection settings, such as adding encryption and access restrictions, or adding visual markings such as watermarks or headers/footers. To support data governance compliance, you can set policies for data retention, deletion, and disposition, and then automatically apply or publish these labels to users.
Figure 3: Configure data sensitivity labels and protection policies across Azure Information Protection and Office 365 in one location.
There are over 85 built-in sensitive information types that you can use to automatically detect common sensitive data types that may be subject to compliance requirements, such as credit card information, bank account information, passport IDs, and other personal data types. You can also create your own custom sensitive information types (such as employee ID numbers) or upload your own dictionary of terms that you want to automatically detect in documents and emails.
Controlling privileged access can reduce the risk of data compromise and help meet compliance obligations regarding access to sensitive data. Privileged access management (PAM) in Office 365 (Figure 4), available in the Microsoft 365 Admin Center, allows you to enforce zero standing access for your privileged administrative accounts. Zero standing access means users don’t have privileges by default. When permissions are provided, it’s at the bare minimum with just enough access to perform the specific task. Users who need to perform a high-risk task must request permissions for access, and once received all activities are logged and auditable. It’s the same principle that defines how Microsoft gives access to its datacenters and reduces the likelihood that a bad actor can gain access to your privileged accounts.
Figure 4: Privileged access management allows you to enforce zero standing access for your privileged administrative accounts.
Plan for success with Microsoft FastTrack. FastTrack comes with your subscription at no additional charge. Whether you’re planning your initial rollout, needing to onboard your product, or driving user adoption, FastTrack is your benefit service that is ready to assist you. Get started with FastTrack for Microsoft 365.
For more information and guidance on this topic, check out the white paper Maintain compliance with controls and visibility that adhere to global standards. You can find additional security resources on Microsoft.com.
Coming Soon! Stay tuned for our new series: “Top 10 actions you can take with Microsoft 365 Security.”
More blog posts from the deploying intelligent security scenario series:
Other blog posts from the security deployment series:
The challenges that small and midsize businesses (SMBs) face when it comes to security continue to increase as it becomes more difficult to keep up with sophisticated cyberthreats with limited resources or security expertise. Research conducted highlights the top seven SMB cybersecurity trends and steps that can be taken to stay protected.
The main components of the Microsoft Intune Suite are now generally available. Read about how consolidated endpoint management adds value and functionality for security teams.
To confidently secure identity and access at your organization, here are five areas Microsoft recommends prioritizing in the new year.
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
Notifications
